Ci security tweaks (#9006)

* asd * asd * asd * asd * asd * asd * asd * asd * asd * asd * asd * asd
2025-01-30 11:00:11 +08:00 · 2024-08-05 19:11:24 +01:00 · 2024-08-05 19:11:24 +01:00 · fdb2e8388e
commit fdb2e8388e
parent f461b6ac52
4 changed files with 28 additions and 28 deletions
--- a/.github/workflows/previews-deploy.yml
+++ b/.github/workflows/previews-deploy.yml
@ -1,11 +1,11 @@
-name: "deploy / spaces"
+name: "previews-deploy"

 on:
  workflow_dispatch:
  workflow_run:
    workflows: ["trigger"]
    types:
-      - requested
+      - completed

 permissions:
  statuses: write
@ -49,7 +49,7 @@ jobs:
    with:
      pr_number: ${{ needs.changes.outputs.pr_number }}
      message: spaces~pending~null
-  deploy-spaces:
+  deploy:
    environment: deploy_spaces
    outputs:
      space_url: ${{ steps.upload-demo.outputs.SPACE_URL }}
@ -128,13 +128,13 @@ jobs:

  comment-spaces-success:
    uses: "./.github/workflows/comment-queue.yml"
-    needs: [deploy-spaces, changes]
-    if: needs.deploy-spaces.result == 'success'
+    needs: [deploy, changes]
+    if: needs.deploy.result == 'success'
    secrets:
      gh_token: ${{ secrets.COMMENT_TOKEN }}
    with:
      pr_number: ${{ needs.changes.outputs.pr_number }}
-      message: spaces~success~${{ needs.deploy-spaces.outputs.space_url }}
+      message: spaces~success~${{ needs.deploy.outputs.space_url }}
      additional_text: |
        **Install Gradio from this PR**
        ```bash
@ -148,12 +148,12 @@ jobs:

        **Install Gradio JS Client from this PR**
        ```bash
-        npm install ${{ needs.deploy-spaces.outputs.js_tarball_url }}
+        npm install ${{ needs.deploy.outputs.js_tarball_url }}
        ```
  comment-spaces-failure:
    uses: "./.github/workflows/comment-queue.yml"
-    needs: [deploy-spaces, changes]
-    if: always() && needs.deploy-spaces == 'failure'
+    needs: [deploy, changes]
+    if: always() && needs.deploy == 'failure'
    secrets:
      gh_token: ${{ secrets.COMMENT_TOKEN }}
    with:
--- a/.github/workflows/storybook-deploy.yml
+++ b/.github/workflows/storybook-deploy.yml
@ -1,10 +1,10 @@
-name: "test / visual"
+name: "storybook-deploy"

 on:
  workflow_run:
    workflows: ["storybook-build"]
    types:
-      - requested
+      - completed

 concurrency:
  group: "${{ github.event.workflow_run.head_repository.full_name }}-${{ github.event.workflow_run.head_branch }}-${{ github.workflow_ref }}"
@ -57,9 +57,9 @@ jobs:
          token: ${{ secrets.GITHUB_TOKEN }}
          name: "storybook"
          run_id: ${{ needs.changes.outputs.run_id }}
-  test-visual:
+  deploy:
    environment: storybook
-    name: "test-visual"
+    name: "deploy"
    needs: changes
    if: ${{ needs.changes.outputs.should_run == 'true' && github.repository == 'gradio-app/gradio' && !contains(needs.changes.outputs.labels, 'no-visual-update') }}
    runs-on: ubuntu-latest
@ -92,18 +92,18 @@ jobs:

  comment-chromatic-end:
    uses: "./.github/workflows/comment-queue.yml"
-    needs: [test-visual, changes]
+    needs: [deploy, changes]
    secrets:
      gh_token: ${{ secrets.COMMENT_TOKEN }}
    with:
      pr_number: ${{ needs.changes.outputs.pr_number }}
      message: |
-        storybook~success~${{ needs.test-visual.outputs.storybook_url }}
+        storybook~success~${{ needs.deploy.outputs.storybook_url }}

  comment-chromatic-fail:
    uses: "./.github/workflows/comment-queue.yml"
-    needs: [test-visual, changes]
-    if: always() && needs.test-visual.result == 'failure'
+    needs: [deploy, changes]
+    if: always() && needs.deploy.result == 'failure'
    secrets:
      gh_token: ${{ secrets.COMMENT_TOKEN }}
    with:
--- a/.github/workflows/website-build.yml
+++ b/.github/workflows/website-build.yml
@ -31,8 +31,8 @@ jobs:
        with:
          filter: "website"
          token: ${{ secrets.GITHUB_TOKEN }}
-  test:
-    name: test
+  build:
+    name: build
    runs-on: ubuntu-22.04
    needs: changes
    if: needs.changes.outputs.should_run == 'true'
--- a/.github/workflows/website-deploy.yml
+++ b/.github/workflows/website-deploy.yml
@ -1,10 +1,10 @@
-name: "deploy / website"
+name: "website-deploy"

 on:
  workflow_run:
    workflows: ["website-build"]
    types:
-      - requested
+      - completed

 permissions:
  statuses: write
@ -51,9 +51,9 @@ jobs:
    with:
      pr_number: ${{ needs.changes.outputs.pr_number }}
      message: website~pending~null
-  deploy-website:
+  deploy:
    environment: deploy_website
-    name: "deploy-website"
+    name: "deploy"
    runs-on: ubuntu-latest
    needs: changes
    if: needs.changes.outputs.should_run == 'true'
@ -115,17 +115,17 @@ jobs:

  comment-deploy-success:
    uses: "./.github/workflows/comment-queue.yml"
-    needs: [deploy-website, changes]
-    if: needs.deploy-website.result == 'success' && needs.changes.outputs.pr_number != 'false'
+    needs: [deploy, changes]
+    if: needs.deploy.result == 'success' && needs.changes.outputs.pr_number != 'false'
    secrets:
      gh_token: ${{ secrets.COMMENT_TOKEN }}
    with:
      pr_number: ${{ needs.changes.outputs.pr_number }}
-      message: website~success~${{needs.deploy-website.outputs.vercel_url}}
+      message: website~success~${{needs.deploy.outputs.vercel_url}}
  comment-deploy-failure:
    uses: "./.github/workflows/comment-queue.yml"
-    needs: [deploy-website, changes]
-    if: always() && needs.deploy-website.result == 'failure' && needs.changes.outputs.pr_number != 'false'
+    needs: [deploy, changes]
+    if: always() && needs.deploy.result == 'failure' && needs.changes.outputs.pr_number != 'false'
    secrets:
      gh_token: ${{ secrets.COMMENT_TOKEN }}
    with: