Ci security tweaks take seventy three (#9025)

* asd

* asd

* asd

* asd

* adsa

* asd

* asd

* asd

.github/workflows/previews-deploy.yml

@@ -121,18 +121,11 @@ jobs:
           --WHEEL_URL https://gradio-builds.s3.amazonaws.com/${{ needs.changes.outputs.sha }}/ \
           --CLIENT_URL "gradio-client @ git+https://github.com/gradio-app/gradio@${{ needs.changes.outputs.sha }}#subdirectory=client/python" \
           --GRADIO_VERSION ${{ needs.changes.outputs.gradio_version }}
-      - name: log
-        run: |
-          echo ${{github.event.workflow_run.event }}
-          echo ${{ github.event.workflow_run.conclusion }}
-      - name: log context
-        run: |
-          echo ${{ toJson(github) }}
 
   comment-spaces-success:
     uses: "./.github/workflows/comment-queue.yml"
     needs: [deploy, changes]
-    if: needs.deploy.result == 'success'
+    if: needs.changes.outputs.should_run == 'true' && needs.deploy.result == 'success'
     secrets:
       gh_token: ${{ secrets.COMMENT_TOKEN }}
     with:
@@ -156,7 +149,7 @@ jobs:
   comment-spaces-failure:
     uses: "./.github/workflows/comment-queue.yml"
     needs: [deploy, changes]
-    if: always() && needs.deploy.result == 'failure'
+    if: always() && needs.deploy.result == 'failure' && needs.changes.outputs.should_run == 'true'
     secrets:
       gh_token: ${{ secrets.COMMENT_TOKEN }}
     with:

.github/workflows/storybook-deploy.yml

@@ -48,7 +48,7 @@ jobs:
   update-status:
     runs-on: ubuntu-latest
     needs: changes
-    if: ${{ needs.changes.outputs.should_run == 'false' || github.repository == 'gradio-app/gradio' || contains(needs.changes.outputs.labels, 'no-visual-update') }}
+    if: ${{ needs.changes.outputs.should_run == 'false' || contains(needs.changes.outputs.labels, 'no-visual-update') }}
     steps:
       - name: update status
         uses: gradio-app/github/actions/set-commit-status@main

.github/workflows/test-python.yml

@@ -33,7 +33,7 @@ jobs:
           filter: "gradio"
           token: ${{ secrets.GITHUB_TOKEN }}
   test:
-    name: "test-python-${{ matrix.os }}-${{ matrix.test-type == 'flaky' && 'flaky' || 'not-flaky'}}"
+    name: "test-${{ matrix.os }}-${{ matrix.test-type == 'flaky' && 'flaky' || 'not-flaky'}}"
     needs: changes
     if: needs.changes.outputs.should_run == 'true'
     strategy:

.github/workflows/update-checks.yml

@@ -0,0 +1,52 @@
+name: "storybook-deploy"
+
+on:
+  workflow_run:
+    workflows: ["python", "js", "functional"]
+    types:
+      - completed
+
+concurrency:
+  group: "${{ github.event.workflow_run.head_repository.full_name }}-${{ github.event.workflow_run.head_branch }}-${{ github.workflow_ref }}"
+  cancel-in-progress: true
+
+jobs:
+  changes:
+    name: "changes"
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+    outputs:
+      should_run: ${{ steps.json.outputs.should_run }}
+      sha: ${{ steps.json.outputs.sha }}
+      pr_number: ${{ steps.json.outputs.pr_number }}
+      source_branch: ${{ steps.json.outputs.source_branch }}
+      source_repo: ${{ steps.json.outputs.source_repo }}
+      labels: ${{ steps.json.outputs.labels }}
+      run_id: ${{ steps.json.outputs.run_id }}
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: changes
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+      - uses: gradio-app/github/actions/json-to-output@main
+        id: json
+        with:
+          path: output.json
+  update-status:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.should_run == 'false'
+    steps:
+      - name: set check name
+        id: set_check_name
+        run: echo "${{ toJson(github) }}"
+      # - name: update status
+      #   uses: gradio-app/github/actions/set-commit-status@main
+      #   with:
+      #     sha: ${{ needs.changes.outputs.sha }}
+      #     token: ${{ secrets.GITHUB_TOKEN }}
+      #     name: "storybook"
+      #     run_id: ${{ needs.changes.outputs.run_id }}