From 01b6739b16d7daa3e0598babb0b458d8a715580d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 11:07:46 +0000 Subject: [PATCH 1/2] Bump frequenz-repo-config from 0.13.8 to 0.16.0 in the repo-config group Bumps the repo-config group with 1 update: [frequenz-repo-config](https://github.com/frequenz-floss/frequenz-repo-config-python). Updates `frequenz-repo-config` from 0.13.8 to 0.16.0 - [Release notes](https://github.com/frequenz-floss/frequenz-repo-config-python/releases) - [Changelog](https://github.com/frequenz-floss/frequenz-repo-config-python/blob/v0.16.0/RELEASE_NOTES.md) - [Commits](https://github.com/frequenz-floss/frequenz-repo-config-python/compare/v0.13.8...v0.16.0) --- updated-dependencies: - dependency-name: frequenz-repo-config dependency-version: 0.16.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: repo-config ... Signed-off-by: dependabot[bot] --- pyproject.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 4ff361c1..9a4783f3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ requires = [ "setuptools == 80.10.2", "setuptools_scm[toml] == 9.2.2", - "frequenz-repo-config[lib] == 0.13.8", + "frequenz-repo-config[lib] == 0.16.0", ] build-backend = "setuptools.build_meta" @@ -79,7 +79,7 @@ dev-mkdocs = [ "mkdocs-macros-plugin == 1.5.0", "mkdocs-material == 9.7.3", "mkdocstrings[python] == 1.0.3", - "frequenz-repo-config[lib] == 0.13.8", + "frequenz-repo-config[lib] == 0.16.0", ] dev-mypy = [ "mypy == 1.19.1", @@ -90,7 +90,7 @@ dev-mypy = [ "types-protobuf == 6.32.1.20251210", "types-python-dateutil == 2.9.0.20251115", ] -dev-noxfile = ["nox == 2025.11.12", "frequenz-repo-config[lib] == 0.13.8"] +dev-noxfile = ["nox == 2025.11.12", "frequenz-repo-config[lib] == 0.16.0"] dev-pylint = [ "pylint == 4.0.5", # For checking the noxfile, docs/ script, and tests From 07d79a124ff46642111de5d0d80c0a3a5c1f2b9e Mon Sep 17 00:00:00 2001 From: "frequenz-auto-dependabot[bot]" <261417025+frequenz-auto-dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 11:08:57 +0000 Subject: [PATCH 2/2] Apply migration from 0.13.8 to 0.16.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit === v0.14.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py ======================================================================== Creating Dependabot auto-merge workflow... Created/Updated Dependabot auto-merge workflow at .github/workflows/auto-dependabot.yaml ======================================================================== Disabling CODEOWNERS review requirement in GitHub ruleset... Default branch: v1.x.x Found ruleset ID: 4785229 CODEOWNERS review requirement already disabled. ======================================================================== Updating the mkdocs.yml for mkdocstrings-python v2 compatibility... ======================================================================== Migration script finished. Remember to follow any manual instructions. ======================================================================== === v0.15.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.15.0/cookiecutter/migrate.py ======================================================================== Migrating workflows to use ubuntu-slim runner for lightweight jobs... Updated .github/workflows/ci.yaml: migrated job nox-all to ubuntu-slim Updated .github/workflows/ci.yaml: migrated job test-installation-all to ubuntu-slim Updated .github/workflows/ci.yaml: migrated job create-github-release to ubuntu-slim Updated .github/workflows/ci.yaml: migrated job publish-to-pypi to ubuntu-slim Updated .github/workflows/release-notes-check.yml: migrated job check-release-notes to ubuntu-slim Updated .github/workflows/dco-merge-queue.yml: migrated job DCO to ubuntu-slim Updated .github/workflows/labeler.yml: migrated job Label to ubuntu-slim ======================================================================== Migrating pyproject license metadata to SPDX format... Updated pyproject.toml: migrated license metadata ======================================================================== Adding flake8-datetimez plugin to dev-flake8 dependencies... Updated pyproject.toml: added flake8-datetimez plugin ======================================================================== Fixing dependabot repo-config and mkdocstrings patterns... Skipped .github/dependabot.yml: repo-config patterns already updated Skipped .github/dependabot.yml: mkdocstrings patterns already updated Skipped .github/dependabot.yml (already up to date) ======================================================================== Migrating auto-dependabot workflow to use GitHub App token... Replacing .github/workflows/auto-dependabot.yaml with updated workflow (overwriting any local changes) ======================================================================== Migrating the CI workflows to use a platform matrix... - .github/workflows/ci.yaml Migrated arch+os matrix to platform ======================================================================== Installing repo-config migration workflow... Replacing .github/workflows/repo-config-migration.yaml with updated workflow (overwriting any local changes) Updated .github/workflows/auto-dependabot.yaml: added repo-config group exclusion ======================================================================== Updating 'Protect version branches' GitHub ruleset... Updated ruleset 'Protect version branches': add 'Migrate Repo Config' status check ======================================================================== ✅ Migration script finished successfully ✅ === v0.16.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py ======================================================================== Fixing repo-config migration merge queue trigger... Updated .github/workflows/repo-config-migration.yaml: added merge_group trigger ======================================================================== Fixing mkdocstrings-python v2 paths for api repos... Skipping mkdocs.yml (not an api project) ======================================================================== Migrating protolint and publish-to-pypi runners to ubuntu-24.04... Skipping protolint runner migration (not an api project) Updated .github/workflows/ci.yaml: migrated runner for job publish-to-pypi ======================================================================== Updating 'Protect version branches' GitHub ruleset... Ruleset 'Protect version branches' is already up to date ======================================================================== ✅ Migration script finished successfully ✅ The migration completed successfully. --- .github/workflows/auto-dependabot.yaml | 38 ++++++++++++++++++----- .github/workflows/ci.yaml | 22 ++++++------- .github/workflows/dco-merge-queue.yml | 2 +- .github/workflows/labeler.yml | 2 +- .github/workflows/release-notes-check.yml | 2 +- mkdocs.yml | 4 +-- pyproject.toml | 5 +-- 7 files changed, 47 insertions(+), 28 deletions(-) diff --git a/.github/workflows/auto-dependabot.yaml b/.github/workflows/auto-dependabot.yaml index 6d7a5675..d3f5aa14 100644 --- a/.github/workflows/auto-dependabot.yaml +++ b/.github/workflows/auto-dependabot.yaml @@ -1,18 +1,40 @@ -name: Dependabot Auto Manage -on: pull_request +name: Auto-merge Dependabot PR + +on: + # XXX: !!! SECURITY WARNING !!! + # pull_request_target has write access to the repo, and can read secrets. We + # need to audit any external actions executed in this workflow and make sure no + # checked out code is run (not even installing dependencies, as installing + # dependencies usually can execute pre/post-install scripts). We should also + # only use hashes to pick the action to execute (instead of tags or branches). + # For more details read: + # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + pull_request_target: permissions: - contents: write + contents: read pull-requests: write jobs: - dependabot: - runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' + auto-merge: + name: Auto-merge Dependabot PR + if: > + github.actor == 'dependabot[bot]' && + !contains(github.event.pull_request.title, 'the repo-config group') + runs-on: ubuntu-slim steps: - - uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165 # v1.5.0 + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + with: + app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }} + private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }} + + - name: Auto-merge Dependabot PR + uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165 # v1.5.0 with: + github-token: ${{ steps.app-token.outputs.token }} dependency-type: 'all' auto-merge: 'true' merge-method: 'merge' - add-label: 'auto-merged' + add-label: 'tool:auto-merged' diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ccabd9c7..c75bc475 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -28,11 +28,9 @@ jobs: strategy: fail-fast: false matrix: - arch: - - amd64 - - arm - os: + platform: - ubuntu-24.04 + - ubuntu-24.04-arm python: - "3.11" - "3.12" @@ -41,7 +39,7 @@ jobs: # that uses the same venv to run multiple linting sessions - "ci_checks_max" - "pytest_min" - runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }} + runs-on: ${{ matrix.platform }} steps: - name: Run nox @@ -60,7 +58,7 @@ jobs: needs: ["nox"] # We skip this job only if nox was also skipped if: always() && needs.nox.result != 'skipped' - runs-on: ubuntu-24.04 + runs-on: ubuntu-slim env: DEPS_RESULT: ${{ needs.nox.result }} steps: @@ -105,15 +103,13 @@ jobs: strategy: fail-fast: false matrix: - arch: - - amd64 - - arm - os: + platform: - ubuntu-24.04 + - ubuntu-24.04-arm python: - "3.11" - "3.12" - runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }} + runs-on: ${{ matrix.platform }} steps: - name: Setup Git @@ -161,7 +157,7 @@ jobs: needs: ["test-installation"] # We skip this job only if test-installation was also skipped if: always() && needs.test-installation.result != 'skipped' - runs-on: ubuntu-24.04 + runs-on: ubuntu-slim env: DEPS_RESULT: ${{ needs.test-installation.result }} steps: @@ -276,7 +272,7 @@ jobs: # discussions to create the release announcement in the discussion forums contents: write discussions: write - runs-on: ubuntu-24.04 + runs-on: ubuntu-slim steps: - name: Download distribution files uses: actions/download-artifact@v7 diff --git a/.github/workflows/dco-merge-queue.yml b/.github/workflows/dco-merge-queue.yml index fb1cd90c..d9597ad0 100644 --- a/.github/workflows/dco-merge-queue.yml +++ b/.github/workflows/dco-merge-queue.yml @@ -5,7 +5,7 @@ on: jobs: DCO: - runs-on: ubuntu-latest + runs-on: ubuntu-slim if: ${{ github.actor != 'dependabot[bot]' }} steps: - run: echo "This DCO job runs on merge_queue event and doesn't check PR contents" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 8d02c139..c327e7f2 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -7,7 +7,7 @@ jobs: permissions: contents: read pull-requests: write - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Labeler # XXX: !!! SECURITY WARNING !!! diff --git a/.github/workflows/release-notes-check.yml b/.github/workflows/release-notes-check.yml index 0b758cd3..ab3017f8 100644 --- a/.github/workflows/release-notes-check.yml +++ b/.github/workflows/release-notes-check.yml @@ -16,7 +16,7 @@ on: jobs: check-release-notes: name: Check release notes are updated - runs-on: ubuntu-latest + runs-on: ubuntu-slim steps: - name: Check for a release notes update if: github.event_name == 'pull_request' diff --git a/mkdocs.yml b/mkdocs.yml index 8986bd5a..97524e82 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -99,8 +99,8 @@ plugins: default_handler: python handlers: python: + paths: ["src"] options: - paths: ["src"] docstring_section_style: spacy inherited_members: true merge_init_into_class: false @@ -111,7 +111,7 @@ plugins: show_signature_annotations: true show_source: true signature_crossrefs: true - import: + inventories: - https://docs.python.org/3/objects.inv - https://typing-extensions.readthedocs.io/en/stable/objects.inv - https://frequenz-floss.github.io/frequenz-api-dispatch/v0.13/objects.inv diff --git a/pyproject.toml b/pyproject.toml index 9a4783f3..acff2249 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -13,7 +13,8 @@ build-backend = "setuptools.build_meta" name = "frequenz-client-dispatch" description = "Dispatch API client for Python" readme = "README.md" -license = { text = "MIT" } +license = "MIT" +license-files = ["LICENSE"] keywords = [ "frequenz", "python", @@ -28,7 +29,6 @@ keywords = [ classifiers = [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", - "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Topic :: Software Development :: Libraries", @@ -63,6 +63,7 @@ cli = [ dev-flake8 = [ "flake8 == 7.3.0", + "flake8-datetimez == 20.10.0", "flake8-docstrings == 1.7.0", "flake8-pyproject == 1.2.4", # For reading the flake8 config from pyproject.toml "pydoclint == 0.8.3",