There's value in enforcing checks on the server side to avoid people accidentally/maliciously merging code that doesn't pass said checks. Checks can be linters, security scanners, etc.
Because then you protect against a compromised/misbehaving developer workstation. No matter what the individual developer does, the server will prevent a PR being merged if it doesn’t pass the server-enforced checks.
Running builds on a designated server would also protect against malware on a developer’s machine silently embedding itself into the resulting artifact and then deployed to production.
