From 6e6fabc0b30e9f332ba72b14ad71f89bf69a7861 Mon Sep 17 00:00:00 2001 From: Rob Aleck Date: Thu, 15 Aug 2024 14:33:58 +0800 Subject: [PATCH] unpin digests, autoclose renovate PRs (#75) * chore: Add pre-commit hook for renovate config validation * chore: Update renovate.json with new package update configurations * chore: Add workflow to close Renovate PRs on success * update wrapper to call close PR * remove action digests --- .github/workflows/deploy_build_artifact.yaml | 8 ++++---- .github/workflows/deploy_bump_version.yml | 8 ++++---- .github/workflows/deploy_to_pypi.yml | 2 +- .github/workflows/test_close_pr.yaml | 14 ++++++++------ .github/workflows/test_codeql.yml | 8 ++++---- .github/workflows/test_dependency_review.yml | 4 ++-- .github/workflows/test_run_pytest.yml | 6 +++--- .github/workflows/test_workflow_wrapper.yml | 6 ++++++ 8 files changed, 32 insertions(+), 24 deletions(-) diff --git a/.github/workflows/deploy_build_artifact.yaml b/.github/workflows/deploy_build_artifact.yaml index 0b06238..f2ba385 100644 --- a/.github/workflows/deploy_build_artifact.yaml +++ b/.github/workflows/deploy_build_artifact.yaml @@ -29,19 +29,19 @@ jobs: - name: Set up Python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 + uses: actions/setup-python@v5 # v5 with: python-version: 3.12 - name: install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1 + uses: snok/install-poetry@v1 # v1 with: version: 1.8.3 # pin the version as they keep changing their APIs virtualenvs-create: false virtualenvs-in-project: false - name: check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@v4 # v4 with: fetch-depth: 1 @@ -78,7 +78,7 @@ jobs: - name: Upload build artifact id: upload-artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 + uses: actions/upload-artifact@v4 # v4 with: compression-level: 0 # no compression if-no-files-found: error diff --git a/.github/workflows/deploy_bump_version.yml b/.github/workflows/deploy_bump_version.yml index b518497..6e3d58e 100644 --- a/.github/workflows/deploy_bump_version.yml +++ b/.github/workflows/deploy_bump_version.yml @@ -42,7 +42,7 @@ jobs: echo "BUMP_TYPE=patch" >> "$GITHUB_ENV" fi - name: Create GitHub App Token - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1 + uses: actions/create-github-app-token@v1 # v1 # Create GitHub App Token to let us push changes to main id: app-token with: @@ -50,18 +50,18 @@ jobs: private-key: ${{ secrets.PUSH_APP_SECRET }} - name: check out code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@v4 # v4 with: fetch-depth: 0 token: ${{ steps.app-token.outputs.token }} - name: Set up Python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 + uses: actions/setup-python@v5 # v5 with: python-version: 3.12 - name: install poetry - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1 + uses: snok/install-poetry@v1 # v1 with: version: 1.8.3 # pin the version as they keep changing their APIs virtualenvs-create: false diff --git a/.github/workflows/deploy_to_pypi.yml b/.github/workflows/deploy_to_pypi.yml index cc83d30..36f2cc6 100644 --- a/.github/workflows/deploy_to_pypi.yml +++ b/.github/workflows/deploy_to_pypi.yml @@ -33,7 +33,7 @@ jobs: echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" >> $GITHUB_ENV - name: download artifact from previous run id: download-artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + uses: actions/download-artifact@v4 # v4 with: name: ${{ inputs.artifact-name }} path: ${{ env.GITHUB_WORKSPACE }}/dist diff --git a/.github/workflows/test_close_pr.yaml b/.github/workflows/test_close_pr.yaml index ee22104..9b776b1 100644 --- a/.github/workflows/test_close_pr.yaml +++ b/.github/workflows/test_close_pr.yaml @@ -1,10 +1,12 @@ name: Close Renovate PRs on Success on: - workflow_run: - workflows: ["Run Tests"] - types: - - completed + workflow_call: + inputs: + pull_requests: + type: string + required: true + description: 'The pull requests to close' jobs: close_pr: @@ -12,11 +14,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Close PR if tests pass and label exists run: | - PR_NUMBER=$(jq -r '.pull_requests[0].number' < "${{ github.event.workflow_run.pull_requests }}") + PR_NUMBER=$(jq -r '.pull_requests[0].number' <<< "${{ inputs.pull_requests }}") LABELS=$(gh pr view $PR_NUMBER --json labels --jq '.labels[].name') if [[ "$LABELS" == *"renovate-pydantic-requests"* ]]; then gh pr close $PR_NUMBER --delete-branch diff --git a/.github/workflows/test_codeql.yml b/.github/workflows/test_codeql.yml index 1933e8b..3788d2b 100644 --- a/.github/workflows/test_codeql.yml +++ b/.github/workflows/test_codeql.yml @@ -39,11 +39,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@v4 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3 + uses: github/codeql-action/init@v3 # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3 + uses: github/codeql-action/autobuild@v3 # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -69,6 +69,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3 + uses: github/codeql-action/analyze@v3 # v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/test_dependency_review.yml b/.github/workflows/test_dependency_review.yml index 5cc53e1..429ae5a 100644 --- a/.github/workflows/test_dependency_review.yml +++ b/.github/workflows/test_dependency_review.yml @@ -16,6 +16,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@v4 # v4 - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4 \ No newline at end of file + uses: actions/dependency-review-action@v4 # v4 \ No newline at end of file diff --git a/.github/workflows/test_run_pytest.yml b/.github/workflows/test_run_pytest.yml index 6888cba..79348f4 100644 --- a/.github/workflows/test_run_pytest.yml +++ b/.github/workflows/test_run_pytest.yml @@ -18,12 +18,12 @@ jobs: python-version: ["3.10", "3.11", "3.12"] runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: actions/checkout@v4 # v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 + uses: actions/setup-python@v5 # v5 with: python-version: ${{ matrix.python-version }} - - uses: snok/install-poetry@93ada01c735cc8a383ce0ce2ae205a21c415379b # v1 + - uses: snok/install-poetry@v1 # v1 with: version: 1.8.3 # pin the version as they keep changing their APIs virtualenvs-create: false diff --git a/.github/workflows/test_workflow_wrapper.yml b/.github/workflows/test_workflow_wrapper.yml index 62d26ba..5ed6fda 100644 --- a/.github/workflows/test_workflow_wrapper.yml +++ b/.github/workflows/test_workflow_wrapper.yml @@ -22,6 +22,12 @@ jobs: dependencies: uses: ./.github/workflows/test_dependency_review.yml + # close PR if tests pass and label exists + close_pr: + needs: [test] + uses: ./.github/workflows/test_close_pr.yaml + with: + pull_requests: ${{ github.event.pull_request }} # bump_version: # needs: [codeql, test]