CD pipeline creates PRs from poetry.lock drift with no API changes #136
Description
Problem
The daily SDK generation workflow creates PRs even when there are no actual API/OpenAPI spec changes (see #135). post_build_cleanup() deletes poetry.lock for idempotency, and fix_setupfiles() regenerates it via poetry add. Fresh dependency resolution picks up transitive dependency updates, making the working tree dirty. The script's check_git_status() correctly ignores this (scoped to vulncheck_sdk/ and pyproject.toml), but the workflow's git status --porcelain check in cd.yml sees all file changes and triggers a PR.