unpin digests, autoclose renovate PRs

[mnbf9rca]

Summary by Sourcery

Update GitHub Actions workflows to use version tags instead of specific commit hashes for actions, and enhance the 'Close Renovate PRs on Success' workflow to use 'workflow_call' with inputs for improved flexibility.

CI:

• Update GitHub Actions workflows to use the latest version tags for various actions, including checkout, setup-python, install-poetry, and others, instead of specific commit hashes.
• Modify the 'Close Renovate PRs on Success' workflow to use 'workflow_call' with inputs instead of 'workflow_run', allowing for more flexible triggering and input handling.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request focuses on updating GitHub Actions workflows by unpinning digest versions and replacing them with semantic versioning. It also introduces a new workflow to automatically close Renovate PRs upon successful tests. The changes aim to improve maintainability and automate certain processes in the CI/CD pipeline.

File-Level Changes

Files	Changes
.github/workflows/deploy_build_artifact.yaml .github/workflows/deploy_bump_version.yml .github/workflows/test_codeql.yml .github/workflows/test_run_pytest.yml .github/workflows/test_dependency_review.yml .github/workflows/deploy_to_pypi.yml	Updated GitHub Actions to use semantic versioning instead of pinned digests
.github/workflows/test_close_pr.yaml	Modified the 'Close Renovate PRs on Success' workflow to be callable and accept input parameters
.github/workflows/test_workflow_wrapper.yml	Updated the workflow wrapper to include a new job for closing PRs
.github/workflows/test_close_pr.yaml	Adjusted the PR closing logic to use the new input parameter for pull requests

---

Tips

• Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
• Continue your discussion with Sourcery by replying directly to review comments.
• You can change your review settings at any time by accessing your dashboard:
  • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
  • Change the review language;
• You can always contact us if you have any questions or feedback.

[sourcery-ai]

Hey @mnbf9rca - I've reviewed your changes - here's some feedback:

Overall Comments:

• Could you provide some context in the PR description about the motivation for moving from pinned commit hashes to version tags for GitHub Actions?
• Consider adding or updating documentation about the workflow changes, particularly the new PR auto-closing feature, to help other contributors understand the CI/CD process.

Here's what I looked at during the review

• 🟡 General issues: 2 issues found
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.}

[sourcery-ai]

suggestion: Consider simplifying bump type determination logic

The current if-else structure for determining the bump type could be simplified using a case statement or a mapping. This would make the code more concise and easier to maintain, especially if more bump types are added in the future.

Suggested change

	fi
	case "${{ github.event.pull_request.labels.*.name }}" in
	*"bump:major"*) echo "BUMP_TYPE=major" >> "$GITHUB_ENV" ;;
	*"bump:minor"*) echo "BUMP_TYPE=minor" >> "$GITHUB_ENV" ;;
	*) echo "BUMP_TYPE=patch" >> "$GITHUB_ENV" ;;
	esac

[sourcery-ai]

suggestion: Use built-in GitHub context for workspace path

Instead of setting the GITHUB_WORKSPACE as an environment variable, consider using the built-in ${{ github.workspace }} context variable directly. This ensures consistency and avoids potential issues with environment variable scope.

Suggested change

	echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" >> $GITHUB_ENV
	- name: Set workspace path
	run: echo "WORKSPACE=${{ github.workspace }}" >> $GITHUB_ENV