Skip to content

Bump frequenz-repo-config from 0.14.0 to 0.17.0 in the repo-config group across 1 directory#1381

Merged
llucax merged 3 commits intov1.x.xfrom
dependabot/pip/repo-config-e8d352bcc8
May 5, 2026
Merged

Bump frequenz-repo-config from 0.14.0 to 0.17.0 in the repo-config group across 1 directory#1381
llucax merged 3 commits intov1.x.xfrom
dependabot/pip/repo-config-e8d352bcc8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026
edited
Loading

Bumps the repo-config group with 1 update in the / directory: frequenz-repo-config.

Updates frequenz-repo-config from 0.14.0 to 0.17.0

Release notes

Sourced from frequenz-repo-config's releases.

v0.17.0

Frequenz Repository Configuration Release Notes

Summary

This release improves workflows security, adds a black migration workflow, and fixes failed migrations from version v0.16.0.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.

curl -sSLf https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/<tag>/cookiecutter/migrate.py | python3 -I

But you might still need to adapt your code:

New Features

Cookiecutter template

  • Add a black-migration.yaml workflow that automatically reformats code when Dependabot upgrades black.

Bug Fixes

Cookiecutter template

  • Fix migration of CI workflow matrices that used arch/os dimensions with values different from the default template. The v0.16.0 migration relied on exact string matching, so projects with customized matrix items (for example arch: [amd64], os: [ubuntu-24.04]) could be left only partially migrated. The new migration step rebuilds the platform entries from the existing arch/os values and only rewrites runs-on when it still points to the old matrix keys.
  • Improve workflows security: tighten permissions, avoid potential shell injection, run Python in isolated mode, pin all dependencies using the SHA hash.

What's Changed

... (truncated)

Commits
  • 5814b77 Prepare for v0.17.0 release (#557)
  • 3d3a0de template: Bump version to the upcoming v0.17.0
  • b8165c5 Prepare release notes for the v0.17.0 release
  • 9bc1d61 Fix wrong trailing quote in migration script
  • f125700 Normalize tag comment
  • 488c80c Remove chardet pinning (#554)
  • 2ad88e7 migrate: Fix missed CI platform matrix migrations (#549)
  • eec17e3 Handle private repos in workflow migration (#548)
  • ce994a3 Add black auto-migration workflow (#556)
  • 5800adf Add release notes
  • Additional commits viewable in compare view

@dependabot dependabot Bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users labels Mar 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 27, 2026 11:56
@dependabot dependabot Bot removed the request for review from a team March 27, 2026 11:56
@dependabot dependabot Bot added the part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) label Mar 27, 2026
@dependabot dependabot Bot added the type:tech-debt Improves the project without visible changes for users label Mar 27, 2026
@github-actions github-actions Bot added the tool:auto-merged Auto-approved Dependabot PRs label Mar 27, 2026
github-actions[bot]
github-actions Bot previously approved these changes Mar 27, 2026
View reviewed changes
@github-actions github-actions Bot enabled auto-merge March 27, 2026 11:58
@github-project-automation github-project-automation Bot moved this from To do to Review approved in Python SDK Roadmap Mar 27, 2026
@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions Bot added the tool:repo-config:migration:executed Migration script has been run label Mar 27, 2026
@llucax llucax closed this Mar 27, 2026
auto-merge was automatically disabled March 27, 2026 12:00

Pull request was closed

@dependabot @github

This comment was marked as outdated.

Sign in to view
@github-project-automation github-project-automation Bot moved this from Review approved to Done in Python SDK Roadmap Mar 27, 2026
@dependabot dependabot Bot deleted the dependabot/pip/repo-config-e8d352bcc8 branch March 27, 2026 12:01
@llucax llucax restored the dependabot/pip/repo-config-e8d352bcc8 branch May 5, 2026 10:03
@llucax llucax reopened this May 5, 2026
@github-project-automation github-project-automation Bot moved this from Done to To do in Python SDK Roadmap May 5, 2026
@llucax

This comment was marked as outdated.

Sign in to view
@dependabot dependabot Bot changed the title Bump frequenz-repo-config from 0.14.0 to 0.16.0 in the repo-config group Bump frequenz-repo-config from 0.14.0 to 0.17.0 in the repo-config group across 1 directory May 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/repo-config-e8d352bcc8 branch from d151598 to 325275a Compare May 5, 2026 10:08
github-actions[bot]
github-actions Bot previously approved these changes May 5, 2026
View reviewed changes
@github-actions github-actions Bot enabled auto-merge May 5, 2026 10:13
@github-project-automation github-project-automation Bot moved this from To do to Review approved in Python SDK Roadmap May 5, 2026
@llucax llucax removed this pull request from the merge queue due to a manual request May 5, 2026
llucax

This comment was marked as outdated.

Sign in to view

@github-project-automation github-project-automation Bot moved this from Review approved to Review in progress in Python SDK Roadmap May 5, 2026
@llucax

This comment was marked as outdated.

Sign in to view
@dependabot
Bump frequenz-repo-config in the repo-config group across 1 directory
f9485d3 
Bumps the repo-config group with 1 update in the / directory: [frequenz-repo-config](https://github.com/frequenz-floss/frequenz-repo-config-python).


Updates `frequenz-repo-config` from 0.14.0 to 0.17.0
- [Release notes](https://github.com/frequenz-floss/frequenz-repo-config-python/releases)
- [Changelog](https://github.com/frequenz-floss/frequenz-repo-config-python/blob/v0.x.x/RELEASE_NOTES.md)
- [Commits](frequenz-floss/frequenz-repo-config-python@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: frequenz-repo-config
  dependency-version: 0.16.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: repo-config
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/repo-config-e8d352bcc8 branch from bcf9b5c to f9485d3 Compare May 5, 2026 10:54
@github-actions github-actions Bot added the tool:auto-merged Auto-approved Dependabot PRs label May 5, 2026
github-actions[bot]
github-actions Bot previously approved these changes May 5, 2026
View reviewed changes
@github-actions github-actions Bot enabled auto-merge May 5, 2026 10:54
@frequenz-auto-dependabot
Apply migration from 0.14.0 to 0.16.0
836d517 
=== v0.15.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.15.0/cookiecutter/migrate.py

========================================================================
Migrating workflows to use ubuntu-slim runner for lightweight jobs...
  Updated .github/workflows/ci.yaml: migrated job nox-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job test-installation-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job create-github-release to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job publish-to-pypi to ubuntu-slim
  Updated .github/workflows/release-notes-check.yml: migrated job check-release-notes to ubuntu-slim
  Updated .github/workflows/dco-merge-queue.yml: migrated job DCO to ubuntu-slim
  Updated .github/workflows/labeler.yml: migrated job Label to ubuntu-slim
========================================================================
Migrating pyproject license metadata to SPDX format...
  Updated pyproject.toml: migrated license metadata
========================================================================
Adding flake8-datetimez plugin to dev-flake8 dependencies...
  Updated pyproject.toml: added flake8-datetimez plugin
========================================================================
Fixing dependabot repo-config and mkdocstrings patterns...
  Skipped .github/dependabot.yml: repo-config patterns already updated
  Skipped .github/dependabot.yml: mkdocstrings patterns already updated
  Skipped .github/dependabot.yml (already up to date)
========================================================================
Migrating auto-dependabot workflow to use GitHub App token...
  Replacing .github/workflows/auto-dependabot.yaml with updated workflow (overwriting any local changes)
========================================================================
Migrating the CI workflows to use a platform matrix...
  - .github/workflows/ci.yaml
    Migrated arch+os matrix to platform
========================================================================
Installing repo-config migration workflow...
  Replacing .github/workflows/repo-config-migration.yaml with updated workflow (overwriting any local changes)
  Updated .github/workflows/auto-dependabot.yaml: added repo-config group exclusion
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅

=== v0.16.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py

========================================================================
Fixing repo-config migration merge queue trigger...
  Updated .github/workflows/repo-config-migration.yaml: added merge_group trigger
========================================================================
Fixing mkdocstrings-python v2 paths for api repos...
  Skipping mkdocs.yml (not an api project)
========================================================================
Migrating protolint and publish-to-pypi runners to ubuntu-24.04...
  Skipping protolint runner migration (not an api project)
  Updated .github/workflows/ci.yaml: migrated runner for job publish-to-pypi
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅



The migration completed successfully.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 5, 2026

Repo Config Migration

Update: 0.14.0 → 0.16.0

✅ Migration completed successfully.

Migration output 
=== v0.15.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.15.0/cookiecutter/migrate.py

========================================================================
Migrating workflows to use ubuntu-slim runner for lightweight jobs...
  Updated .github/workflows/ci.yaml: migrated job nox-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job test-installation-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job create-github-release to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job publish-to-pypi to ubuntu-slim
  Updated .github/workflows/release-notes-check.yml: migrated job check-release-notes to ubuntu-slim
  Updated .github/workflows/dco-merge-queue.yml: migrated job DCO to ubuntu-slim
  Updated .github/workflows/labeler.yml: migrated job Label to ubuntu-slim
========================================================================
Migrating pyproject license metadata to SPDX format...
  Updated pyproject.toml: migrated license metadata
========================================================================
Adding flake8-datetimez plugin to dev-flake8 dependencies...
  Updated pyproject.toml: added flake8-datetimez plugin
========================================================================
Fixing dependabot repo-config and mkdocstrings patterns...
  Skipped .github/dependabot.yml: repo-config patterns already updated
  Skipped .github/dependabot.yml: mkdocstrings patterns already updated
  Skipped .github/dependabot.yml (already up to date)
========================================================================
Migrating auto-dependabot workflow to use GitHub App token...
  Replacing .github/workflows/auto-dependabot.yaml with updated workflow (overwriting any local changes)
========================================================================
Migrating the CI workflows to use a platform matrix...
  - .github/workflows/ci.yaml
    Migrated arch+os matrix to platform
========================================================================
Installing repo-config migration workflow...
  Replacing .github/workflows/repo-config-migration.yaml with updated workflow (overwriting any local changes)
  Updated .github/workflows/auto-dependabot.yaml: added repo-config group exclusion
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅

=== v0.16.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py

========================================================================
Fixing repo-config migration merge queue trigger...
  Updated .github/workflows/repo-config-migration.yaml: added merge_group trigger
========================================================================
Fixing mkdocstrings-python v2 paths for api repos...
  Skipping mkdocs.yml (not an api project)
========================================================================
Migrating protolint and publish-to-pypi runners to ubuntu-24.04...
  Skipping protolint runner migration (not an api project)
  Updated .github/workflows/ci.yaml: migrated runner for job publish-to-pypi
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅

Next step

Migration changes were committed and auto-merge-on-changes is disabled. Please review, approve, and merge this PR manually.

📋 Full migration logs

@github-actions github-actions Bot added the tool:repo-config:migration:executed Migration script has been run label May 5, 2026
@llucax
Copy link
Copy Markdown
Contributor

llucax commented May 5, 2026

Added a commit to make the timezone-naive objects timezone-aware.

@github-actions github-actions Bot added the part:tests Affects the unit, integration and performance (benchmarks) tests label May 5, 2026
llucax
llucax previously approved these changes May 5, 2026
View reviewed changes
@llucax
Use timezone-aware datetimes in tests
e7f072d 
Replace naive datetime usage in the affected time-series tests with
timezone-aware values so the datetime lint checks pass the new flake8
checks.

Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>
@llucax llucax force-pushed the dependabot/pip/repo-config-e8d352bcc8 branch from ba96741 to e7f072d Compare May 5, 2026 11:18
@github-actions github-actions Bot added this pull request to the merge queue May 5, 2026
@github-project-automation github-project-automation Bot moved this from Review in progress to Review approved in Python SDK Roadmap May 5, 2026
@llucax llucax removed this pull request from the merge queue due to a manual request May 5, 2026
@llucax llucax added this pull request to the merge queue May 5, 2026
Merged via the queue into v1.x.x with commit 94fd1eb May 5, 2026
9 checks passed
@llucax llucax deleted the dependabot/pip/repo-config-e8d352bcc8 branch May 5, 2026 12:01
@github-project-automation github-project-automation Bot moved this from Review approved to Done in Python SDK Roadmap May 5, 2026
@llucax
Copy link
Copy Markdown
Contributor

llucax commented May 5, 2026

Dammit! This missed the update from v0.16 -> v0.17. I think because an old PR was used that only upgraded to v0.16. Will fix manually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-zullo-frequenz daniel-zullo-frequenz daniel-zullo-frequenz approved these changes

@llucax llucax llucax left review comments

@github-actions github-actions[bot] github-actions[bot] left review comments

@florian-wagner-frequenz florian-wagner-frequenz Awaiting requested review from florian-wagner-frequenz florian-wagner-frequenz is a code owner automatically assigned from frequenz-floss/python-sdk-team

Assignees

No one assigned

Labels

part:tests Affects the unit, integration and performance (benchmarks) tests part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) tool:auto-merged Auto-approved Dependabot PRs tool:repo-config:migration:executed Migration script has been run type:tech-debt Improves the project without visible changes for users

Projects

Python SDK Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@llucax @daniel-zullo-frequenz