unpin digests, autoclose renovate PRs (#75)

* chore: Add pre-commit hook for renovate config validation

* chore: Update renovate.json with new package update configurations

* chore: Add workflow to close Renovate PRs on success

* update wrapper to call close PR

* remove action digests

.github/workflows/deploy_build_artifact.yaml

@@ -29,19 +29,19 @@ jobs:
 
 
       - name: Set up Python
-        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
+        uses: actions/setup-python@v5 # v5
         with:
           python-version: 3.12
 
       - name: install poetry
-        uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1
+        uses: snok/install-poetry@v1 # v1
         with:
           version: 1.8.3 # pin the version as they keep changing their APIs
           virtualenvs-create: false
           virtualenvs-in-project: false
 
       - name: check out code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@v4 # v4
         with:
           fetch-depth: 1
 
@@ -78,7 +78,7 @@ jobs:
 
       - name: Upload build artifact
         id: upload-artifact
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
+        uses: actions/upload-artifact@v4 # v4
         with:
           compression-level: 0 # no compression
           if-no-files-found: error

.github/workflows/deploy_bump_version.yml

@@ -42,26 +42,26 @@ jobs:
             echo "BUMP_TYPE=patch" >> "$GITHUB_ENV"
           fi
       - name: Create GitHub App Token
-        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1
+        uses: actions/create-github-app-token@v1 # v1
         # Create GitHub App Token to let us push changes to main
         id: app-token
         with:
           app-id: ${{ vars.PUSH_APP_ID }}
           private-key: ${{ secrets.PUSH_APP_SECRET }}
 
       - name: check out code
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@v4 # v4
         with:
           fetch-depth: 0
           token: ${{ steps.app-token.outputs.token }}
 
       - name: Set up Python
-        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
+        uses: actions/setup-python@v5 # v5
         with:
           python-version: 3.12
 
       - name: install poetry
-        uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1
+        uses: snok/install-poetry@v1 # v1
         with:
           version: 1.8.3 # pin the version as they keep changing their APIs
           virtualenvs-create: false

.github/workflows/deploy_to_pypi.yml

@@ -33,7 +33,7 @@ jobs:
           echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" >> $GITHUB_ENV
       - name: download artifact from previous run
         id: download-artifact
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
+        uses: actions/download-artifact@v4 # v4
         with:
           name: ${{ inputs.artifact-name }}
           path: ${{ env.GITHUB_WORKSPACE }}/dist

.github/workflows/test_close_pr.yaml

@@ -1,22 +1,24 @@
 name: Close Renovate PRs on Success
 
 on:
-  workflow_run:
-    workflows: ["Run Tests"]
-    types:
-      - completed
+  workflow_call:
+    inputs:
+      pull_requests:
+        type: string
+        required: true
+        description: 'The pull requests to close'
 
 jobs:
   close_pr:
     if: ${{ github.event.workflow_run.conclusion == 'success' }} 
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Close PR if tests pass and label exists
         run: |
-          PR_NUMBER=$(jq -r '.pull_requests[0].number' < "${{ github.event.workflow_run.pull_requests }}")
+          PR_NUMBER=$(jq -r '.pull_requests[0].number' <<< "${{ inputs.pull_requests }}")
           LABELS=$(gh pr view $PR_NUMBER --json labels --jq '.labels[].name')
           if [[ "$LABELS" == *"renovate-pydantic-requests"* ]]; then
             gh pr close $PR_NUMBER --delete-branch

.github/workflows/test_codeql.yml

@@ -39,11 +39,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@v4 # v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3
+        uses: github/codeql-action/init@v3 # v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3
+        uses: github/codeql-action/autobuild@v3 # v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,6 +69,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3
+        uses: github/codeql-action/analyze@v3 # v3
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/test_dependency_review.yml

@@ -16,6 +16,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@v4 # v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4
+        uses: actions/dependency-review-action@v4 # v4

.github/workflows/test_run_pytest.yml

@@ -18,12 +18,12 @@ jobs:
         python-version: ["3.10", "3.11", "3.12"]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+      - uses: actions/checkout@v4 # v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
+        uses: actions/setup-python@v5 # v5
         with:
           python-version: ${{ matrix.python-version }}
-      - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1
+      - uses: snok/install-poetry@v1 # v1
         with:
           version: 1.8.3 # pin the version as they keep changing their APIs
           virtualenvs-create: false

.github/workflows/test_workflow_wrapper.yml

@@ -22,6 +22,12 @@ jobs:
   dependencies:
     uses: ./.github/workflows/test_dependency_review.yml
 
+  # close PR if tests pass and label exists
+  close_pr:
+    needs: [test]
+    uses: ./.github/workflows/test_close_pr.yaml
+    with:
+      pull_requests: ${{ github.event.pull_request }}
 
   # bump_version:
   #   needs: [codeql, test]