fix(ci): repair vibecoder workflow templates

[Nadav011]

Fixes the current-head workflow issues in ci.yml and trivy-autofix.yml by removing invalid template residue and correcting the broken pnpm/trivy-autofix steps.

[coderabbitai]

Warning

Rate limit exceeded

@Nadav011 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 5 minutes and 31 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 5 minutes and 31 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d4224716-b986-47f1-ae42-f5bf7e1152c0

📥 Commits

Reviewing files that changed from the base of the PR and between b31c2b9 and b2b0f04.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• .github/workflows/trivy-autofix.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/workflow-template-repair

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[Copilot]

Pull request overview

This PR repairs GitHub Actions workflow template residue that was breaking CI and the scheduled Trivy auto-fix workflow.

Changes:

• Fixes a typo in the dependency install step (ppnpm → pnpm) in CI.
• Removes invalid needs entries in the ci-gate job that referenced non-existent jobs.
• Cleans up trivy-autofix.yml by removing invalid template fragments and gating Node/pnpm setup on whether CVEs were found.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/trivy-autofix.yml	Removes template residue from the pnpm step and conditions Node/pnpm setup on CVE presence.
.github/workflows/ci.yml	Fixes the install command typo and corrects the CI gate’s job dependencies.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

pnpm install --frozen-lockfile will fail when pnpm-lock.yaml is missing or out of date. This repo currently has package-lock.json but no pnpm-lock.yaml, so the CI job is still expected to error. Either commit a generated pnpm-lock.yaml (and keep it updated) or switch the workflow install/lint/typecheck steps to use npm (npm ci / npm run ...) to match the tracked lockfile.

[Copilot]

The workflow enables pnpm but never runs an install step after modifying package.json. The PR created by create-pull-request will likely include only package.json changes, leaving the lockfile unchanged and causing CI failures (e.g., frozen lockfile / lockfile integrity checks) and potentially not actually resolving CVEs. Add a step to regenerate and commit the appropriate lockfile (pnpm-lock.yaml or package-lock.json) after applying overrides, and ideally verify the fix with an install.