From 9fb08748120e0beb789e1fa4d8ab60378968cc06 Mon Sep 17 00:00:00 2001
From: root <root@s8891c72e.fastvps-server.com>
Date: Sun, 29 Mar 2026 08:33:14 +0000
Subject: [PATCH 1/5] fix: remove duplicate concurrency block in workflow

---
 .gitea/workflows/pr-check.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index 3bab168..c0cc87c 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -8,10 +8,6 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
 jobs:
   test:
     runs-on: ubuntu-latest

From 106bc8920c9a011582ca9cfb96fa9e09a2412fd6 Mon Sep 17 00:00:00 2001
From: root <root@s8891c72e.fastvps-server.com>
Date: Sun, 29 Mar 2026 08:36:07 +0000
Subject: [PATCH 2/5] fix: inline python script in security check

---
 .gitea/workflows/pr-check.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index c0cc87c..c79426e 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -96,12 +96,7 @@ jobs:
           # Parse and display results
           if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
             echo "❌ Found vulnerabilities in production dependencies:"
-            uv run python -c "
-import json
-data = json.load(open('audit-results.json'))
-for vuln in data:
-    print(f\"  - {vuln.get('name', 'unknown')} {vuln.get('version', '')}: {vuln.get('id', '')}\")
-"
+            uv run python -c 'import json; data=json.load(open("audit-results.json")); [print(f"  - {v.get(\"name\", \"unknown\")} {v.get(\"version\", \"\")}: {v.get(\"id\", \"\")}") for v in data]'
             exit 1
           else
             echo "✅ No vulnerabilities in production dependencies"

From 91eec1ae2d131be35c0efa79cff114f4cc77827f Mon Sep 17 00:00:00 2001
From: root <root@s8891c72e.fastvps-server.com>
Date: Sun, 29 Mar 2026 08:38:34 +0000
Subject: [PATCH 3/5] fix: upload audit log as artifact on failure

---
 .gitea/workflows/pr-check.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index c79426e..6624f13 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -93,15 +93,24 @@ jobs:
           uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
           uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
           
-          # Parse and display results
+          # Check if vulnerabilities found
           if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities in production dependencies:"
-            uv run python -c 'import json; data=json.load(open("audit-results.json")); [print(f"  - {v.get(\"name\", \"unknown\")} {v.get(\"version\", \"\")}: {v.get(\"id\", \"\")}") for v in data]'
+            echo "❌ Found vulnerabilities in production dependencies"
+            echo "📄 Audit log uploaded as artifact 'security-audit'"
             exit 1
           else
             echo "✅ No vulnerabilities in production dependencies"
+            rm -f audit-results.json
           fi
       
+      - name: Upload audit log
+        uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: security-audit
+          path: audit-results.json
+          retention-days: 7
+      
       - name: Check for secrets
         run: |
           if grep -r "password\s*=" --include="*.py" src/; then

From d5dc677789029551ae724b73900b3c8b55faac67 Mon Sep 17 00:00:00 2001
From: root <root@s8891c72e.fastvps-server.com>
Date: Sun, 29 Mar 2026 08:39:32 +0000
Subject: [PATCH 4/5] fix: simplify security check to single command

---
 .gitea/workflows/pr-check.yml | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index 6624f13..0e177e8 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -88,20 +88,7 @@ jobs:
         env:
           UV_NO_PROGRESS: "1"
         run: |
-          echo "Running pip-audit on production dependencies..."
-          # Audit only production dependencies (exclude dev)
-          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
-          uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
-          
-          # Check if vulnerabilities found
-          if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities in production dependencies"
-            echo "📄 Audit log uploaded as artifact 'security-audit'"
-            exit 1
-          else
-            echo "✅ No vulnerabilities in production dependencies"
-            rm -f audit-results.json
-          fi
+          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt && uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt && test ! -s audit-results.json || test "$(cat audit-results.json)" = "[]"
       
       - name: Upload audit log
         uses: actions/upload-artifact@v3

From 26926c60da9967f5404cc5423dafe304ded828a6 Mon Sep 17 00:00:00 2001
From: root <root@s8891c72e.fastvps-server.com>
Date: Sun, 29 Mar 2026 08:43:24 +0000
Subject: [PATCH 5/5] ci: trigger on push to all branches and all PRs

---
 .gitea/workflows/pr-check.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index 0e177e8..735e4a8 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -1,8 +1,10 @@
 name: PR Checks
 
 on:
+  push:
+    branches: ['**']
   pull_request:
-    branches: [main]
+    branches: ['**']
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}