chore(ci): move security audit from PR checks to release gate

jhamon · jhamon · commit 1a468b365739 · 2026-03-06T07:27:11.000-05:00
Bugbot already handles vulnerability scanning on PRs, making the
npm audit step in CI redundant and disruptive. Moving it to the
release workflow ensures high/critical CVEs block publishing without
blocking unrelated PRs.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,6 +32,3 @@ jobs:
 
       - name: Check formatting
         run: npx prettier --check 'src/**/*.ts' '*.json' '.prettierrc'
-
-      - name: Security audit
-        run: npm audit --audit-level=high
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -62,6 +62,9 @@ jobs:
           git_email: 'clients@pinecone.io'
           git_username: ${{ github.actor }}
 
+      - name: Security audit
+        run: npm audit --audit-level=high
+
       ##### VERSION BUMP #####
       - name: 'Bump version for production release'
         if: inputs.releaseMode == 'prod'
