From fdb2e8388e9b9f8bcc0ea501f5d2ecba7d4bf9f6 Mon Sep 17 00:00:00 2001 From: pngwn Date: Mon, 5 Aug 2024 19:11:24 +0100 Subject: [PATCH] Ci security tweaks (#9006) * asd * asd * asd * asd * asd * asd * asd * asd * asd * asd * asd * asd --- .github/workflows/previews-deploy.yml | 18 +++++++++--------- .github/workflows/storybook-deploy.yml | 16 ++++++++-------- .github/workflows/website-build.yml | 4 ++-- .github/workflows/website-deploy.yml | 18 +++++++++--------- 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/previews-deploy.yml b/.github/workflows/previews-deploy.yml index 54b57768f0..ffee1c4ab5 100644 --- a/.github/workflows/previews-deploy.yml +++ b/.github/workflows/previews-deploy.yml @@ -1,11 +1,11 @@ -name: "deploy / spaces" +name: "previews-deploy" on: workflow_dispatch: workflow_run: workflows: ["trigger"] types: - - requested + - completed permissions: statuses: write @@ -49,7 +49,7 @@ jobs: with: pr_number: ${{ needs.changes.outputs.pr_number }} message: spaces~pending~null - deploy-spaces: + deploy: environment: deploy_spaces outputs: space_url: ${{ steps.upload-demo.outputs.SPACE_URL }} @@ -128,13 +128,13 @@ jobs: comment-spaces-success: uses: "./.github/workflows/comment-queue.yml" - needs: [deploy-spaces, changes] - if: needs.deploy-spaces.result == 'success' + needs: [deploy, changes] + if: needs.deploy.result == 'success' secrets: gh_token: ${{ secrets.COMMENT_TOKEN }} with: pr_number: ${{ needs.changes.outputs.pr_number }} - message: spaces~success~${{ needs.deploy-spaces.outputs.space_url }} + message: spaces~success~${{ needs.deploy.outputs.space_url }} additional_text: | **Install Gradio from this PR** ```bash @@ -148,12 +148,12 @@ jobs: **Install Gradio JS Client from this PR** ```bash - npm install ${{ needs.deploy-spaces.outputs.js_tarball_url }} + npm install ${{ needs.deploy.outputs.js_tarball_url }} ``` comment-spaces-failure: uses: "./.github/workflows/comment-queue.yml" - needs: [deploy-spaces, changes] - if: always() && needs.deploy-spaces == 'failure' + needs: [deploy, changes] + if: always() && needs.deploy == 'failure' secrets: gh_token: ${{ secrets.COMMENT_TOKEN }} with: diff --git a/.github/workflows/storybook-deploy.yml b/.github/workflows/storybook-deploy.yml index 3fbe31e8ef..7e7263ed3d 100644 --- a/.github/workflows/storybook-deploy.yml +++ b/.github/workflows/storybook-deploy.yml @@ -1,10 +1,10 @@ -name: "test / visual" +name: "storybook-deploy" on: workflow_run: workflows: ["storybook-build"] types: - - requested + - completed concurrency: group: "${{ github.event.workflow_run.head_repository.full_name }}-${{ github.event.workflow_run.head_branch }}-${{ github.workflow_ref }}" @@ -57,9 +57,9 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} name: "storybook" run_id: ${{ needs.changes.outputs.run_id }} - test-visual: + deploy: environment: storybook - name: "test-visual" + name: "deploy" needs: changes if: ${{ needs.changes.outputs.should_run == 'true' && github.repository == 'gradio-app/gradio' && !contains(needs.changes.outputs.labels, 'no-visual-update') }} runs-on: ubuntu-latest @@ -92,18 +92,18 @@ jobs: comment-chromatic-end: uses: "./.github/workflows/comment-queue.yml" - needs: [test-visual, changes] + needs: [deploy, changes] secrets: gh_token: ${{ secrets.COMMENT_TOKEN }} with: pr_number: ${{ needs.changes.outputs.pr_number }} message: | - storybook~success~${{ needs.test-visual.outputs.storybook_url }} + storybook~success~${{ needs.deploy.outputs.storybook_url }} comment-chromatic-fail: uses: "./.github/workflows/comment-queue.yml" - needs: [test-visual, changes] - if: always() && needs.test-visual.result == 'failure' + needs: [deploy, changes] + if: always() && needs.deploy.result == 'failure' secrets: gh_token: ${{ secrets.COMMENT_TOKEN }} with: diff --git a/.github/workflows/website-build.yml b/.github/workflows/website-build.yml index 05ac7a70d3..3454586cd5 100644 --- a/.github/workflows/website-build.yml +++ b/.github/workflows/website-build.yml @@ -31,8 +31,8 @@ jobs: with: filter: "website" token: ${{ secrets.GITHUB_TOKEN }} - test: - name: test + build: + name: build runs-on: ubuntu-22.04 needs: changes if: needs.changes.outputs.should_run == 'true' diff --git a/.github/workflows/website-deploy.yml b/.github/workflows/website-deploy.yml index 9557aeee8a..a3ffc92354 100644 --- a/.github/workflows/website-deploy.yml +++ b/.github/workflows/website-deploy.yml @@ -1,10 +1,10 @@ -name: "deploy / website" +name: "website-deploy" on: workflow_run: workflows: ["website-build"] types: - - requested + - completed permissions: statuses: write @@ -51,9 +51,9 @@ jobs: with: pr_number: ${{ needs.changes.outputs.pr_number }} message: website~pending~null - deploy-website: + deploy: environment: deploy_website - name: "deploy-website" + name: "deploy" runs-on: ubuntu-latest needs: changes if: needs.changes.outputs.should_run == 'true' @@ -115,17 +115,17 @@ jobs: comment-deploy-success: uses: "./.github/workflows/comment-queue.yml" - needs: [deploy-website, changes] - if: needs.deploy-website.result == 'success' && needs.changes.outputs.pr_number != 'false' + needs: [deploy, changes] + if: needs.deploy.result == 'success' && needs.changes.outputs.pr_number != 'false' secrets: gh_token: ${{ secrets.COMMENT_TOKEN }} with: pr_number: ${{ needs.changes.outputs.pr_number }} - message: website~success~${{needs.deploy-website.outputs.vercel_url}} + message: website~success~${{needs.deploy.outputs.vercel_url}} comment-deploy-failure: uses: "./.github/workflows/comment-queue.yml" - needs: [deploy-website, changes] - if: always() && needs.deploy-website.result == 'failure' && needs.changes.outputs.pr_number != 'false' + needs: [deploy, changes] + if: always() && needs.deploy.result == 'failure' && needs.changes.outputs.pr_number != 'false' secrets: gh_token: ${{ secrets.COMMENT_TOKEN }} with: