Merge branch 'main' into fix/error-handling

.gitea/workflows/pr-check.yml

@@ -1,12 +1,10 @@
 name: PR Checks
 
 on:
+  push:
+    branches: ['**']
   pull_request:
-    branches: [main]
+    branches: ['**']
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
@@ -92,24 +90,15 @@ jobs:
         env:
           UV_NO_PROGRESS: "1"
         run: |
-          echo "Running pip-audit on production dependencies..."
+          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt && uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt && test ! -s audit-results.json || test "$(cat audit-results.json)" = "[]"
-          # Audit only production dependencies (exclude dev)
+      
-          uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
+      - name: Upload audit log
-          uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
+        uses: actions/upload-artifact@v3
-          
+        if: failure()
-          # Parse and display results
+        with:
-          if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
+          name: security-audit
-            echo "❌ Found vulnerabilities in production dependencies:"
+          path: audit-results.json
-            uv run python -c "
+          retention-days: 7
-import json
-data = json.load(open('audit-results.json'))
-for vuln in data:
-    print(f\"  - {vuln.get('name', 'unknown')} {vuln.get('version', '')}: {vuln.get('id', '')}\")
-"
-            exit 1
-          else
-            echo "✅ No vulnerabilities in production dependencies"
-          fi
       
       - name: Check for secrets
         run: |