From 91eec1ae2d131be35c0efa79cff114f4cc77827f Mon Sep 17 00:00:00 2001
From: root <root@s8891c72e.fastvps-server.com>
Date: Sun, 29 Mar 2026 08:38:34 +0000
Subject: [PATCH] fix: upload audit log as artifact on failure

---
 .gitea/workflows/pr-check.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/pr-check.yml b/.gitea/workflows/pr-check.yml
index c79426e..6624f13 100644
--- a/.gitea/workflows/pr-check.yml
+++ b/.gitea/workflows/pr-check.yml
@@ -93,15 +93,24 @@ jobs:
           uv pip compile pyproject.toml --no-dev -o requirements-prod.txt
           uv run pip-audit --format json --output audit-results.json -r requirements-prod.txt || true
           
-          # Parse and display results
+          # Check if vulnerabilities found
           if [ -s audit-results.json ] && [ "$(cat audit-results.json)" != "[]" ]; then
-            echo "❌ Found vulnerabilities in production dependencies:"
-            uv run python -c 'import json; data=json.load(open("audit-results.json")); [print(f"  - {v.get(\"name\", \"unknown\")} {v.get(\"version\", \"\")}: {v.get(\"id\", \"\")}") for v in data]'
+            echo "❌ Found vulnerabilities in production dependencies"
+            echo "📄 Audit log uploaded as artifact 'security-audit'"
             exit 1
           else
             echo "✅ No vulnerabilities in production dependencies"
+            rm -f audit-results.json
           fi
       
+      - name: Upload audit log
+        uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: security-audit
+          path: audit-results.json
+          retention-days: 7
+      
       - name: Check for secrets
         run: |
           if grep -r "password\s*=" --include="*.py" src/; then