Speed up AWS deployment workflows by removing duplicate frontend build and slimming backend security scan

[Copilot]

Deployment workflows were spending avoidable time on repeated work: frontend rebuilt in the deploy job after already building in pre-deploy checks, and backend security scan installed heavy native/runtime deps before auditing. This change reduces end-to-end deploy latency by reusing artifacts and trimming expensive setup in the security path.

• Frontend: reuse verified build output in deploy

  • deploy-frontend-aws.yml now deploys from the Build Verification artifact instead of reinstalling Node deps and running next build again.
  • Added explicit artifact download path and integrity checks (frontend-build/out, frontend-build/out/index.html) before S3 sync.
  • Artifact upload is narrowed to static export output (frontend/out) used by deployment.

• Backend: faster vulnerability audit path

  • deploy-backend-aws.yml removes OS-level native package installation from Security Scan.
  • Replaced full dependency install + audit with requirements-based audit:
    • pip-audit -r requirements.txt
  • Added inline note documenting tradeoff (faster CI, potentially less transitive coverage than auditing a fully installed env).

• Operational effect

  • Frontend deploy job no longer duplicates install/build work.
  • Backend security stage avoids costly native/toolchain setup.

# frontend deploy job
- uses: actions/download-artifact@v4
  with:
    name: frontend-build
    path: frontend-build

- name: Verify build artifact
  run: |
    test -d frontend-build/out
    test -f frontend-build/out/index.html

Original prompt

check GitHub actions deployment, how can it be sped up? suggest improvements

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.