chore: move security audit from dev/staging to production workflow

atifather · atifather · commit ea7db9c52a8a · 2026-04-14T14:42:57.000+05:00
Remove pnpm audit gate from bridge-explorer-develop-staging.yml to
unblock rapid iteration on develop and staging environments. Add the
same audit job to publish-ghcr-image-release.yml so production releases
(version tags) remain gated behind a high-severity dependency check.
diff --git a/.github/workflows/bridge-explorer-develop-staging.yml b/.github/workflows/bridge-explorer-develop-staging.yml
@@ -18,36 +18,8 @@ permissions:
   contents: write # This is required for actions/checkout
 
 jobs:
-  security-audit:
-    name: Dependency Security Audit
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
-        with:
-          fetch-depth: 0
-
-      - name: Enable Corepack
-        run: |
-          npm install -g corepack@0.34.6
-          corepack enable
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
-        with:
-          node-version-file: '.nvmrc'
-          cache: 'pnpm'
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Run security audit
-        run: pnpm audit --audit-level=high
-
   build-and-push:
     name: Build and Push to Artifact Registry
-    needs: security-audit
     runs-on: ubuntu-latest
     outputs:
       environment: ${{ steps.set-env.outputs.environment }}
diff --git a/.github/workflows/publish-ghcr-image-release.yml b/.github/workflows/publish-ghcr-image-release.yml
@@ -11,7 +11,34 @@ permissions:
   packages: write # This is required for pushing to GHCR
 
 jobs:
+  security-audit:
+    name: Dependency Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Enable Corepack
+        run: |
+          npm install -g corepack@0.34.6
+          corepack enable
+
+      - name: Setup Node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run security audit
+        run: pnpm audit --audit-level=high
+
   Build_and_push_image_to_GHCR:
+    needs: security-audit
     runs-on: ubuntu-latest
     steps:
       - name: Git clone the repository
