From 6717014d5713c488c6d9526ea8a20ec9d21cb8d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 12:39:54 +0000 Subject: [PATCH 1/2] Build(deps-dev): Bump frequenz-repo-config Bumps the repo-config group with 1 update in the / directory: [frequenz-repo-config](https://github.com/frequenz-floss/frequenz-repo-config-python). Updates `frequenz-repo-config` from 0.17.0 to 0.18.0 - [Release notes](https://github.com/frequenz-floss/frequenz-repo-config-python/releases) - [Changelog](https://github.com/frequenz-floss/frequenz-repo-config-python/blob/v0.x.x/RELEASE_NOTES.md) - [Commits](https://github.com/frequenz-floss/frequenz-repo-config-python/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: frequenz-repo-config dependency-version: 0.18.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: repo-config ... Signed-off-by: dependabot[bot] --- pyproject.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index ee43bf5..421ed2f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ requires = [ "setuptools == 82.0.1", "setuptools_scm[toml] == 10.0.5", - "frequenz-repo-config[lib] == 0.17.0", + "frequenz-repo-config[lib] == 0.18.0", ] build-backend = "setuptools.build_meta" @@ -60,7 +60,7 @@ dev-mkdocs = [ "mkdocs-material == 9.7.6", "mkdocstrings[python] == 1.0.4", "mkdocstrings-python == 2.0.3", - "frequenz-repo-config[lib] == 0.17.0", + "frequenz-repo-config[lib] == 0.18.0", ] dev-mypy = [ "mypy == 2.1.0", @@ -68,7 +68,7 @@ dev-mypy = [ # For checking the noxfile, docs/ script, and tests "frequenz-quantities[dev-mkdocs,dev-noxfile,dev-pytest,marshmallow]", ] -dev-noxfile = ["nox == 2026.4.10", "frequenz-repo-config[lib] == 0.17.0"] +dev-noxfile = ["nox == 2026.4.10", "frequenz-repo-config[lib] == 0.18.0"] dev-pylint = [ # dev-pytest already defines a dependency to pylint because of the examples # For checking the noxfile, docs/ script, and tests @@ -77,7 +77,7 @@ dev-pylint = [ dev-pytest = [ "pytest == 9.0.3", "pylint == 4.0.5", # We need this to check for the examples - "frequenz-repo-config[extra-lint-examples] == 0.17.0", + "frequenz-repo-config[extra-lint-examples] == 0.18.0", "pytest-mock == 3.15.1", "pytest-asyncio == 1.4.0", "async-solipsism == 0.9", From 4c5ff78639e362d665de74e59adfe9686322610a Mon Sep 17 00:00:00 2001 From: "frequenz-auto-dependabot[bot]" <261417025+frequenz-auto-dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 12:40:26 +0000 Subject: [PATCH 2/2] Apply migration from 0.17.0 to 0.18.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit === v0.18.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.18.0/cookiecutter/migrate.py ======================================================================== Removing unused cross-arch testing files... Removed .github/containers/nox-cross-arch Removed .github/containers/test-installation Removed empty .github/containers Updated CONTRIBUTING.md: removed 'Cross-Arch Testing' section ======================================================================== Updating cookiecutter replay file... Updated .cookiecutter-replay.json: added `private_repo=no` replay data ======================================================================== Updating generated CI workflows... ======================================================================== Updating auxiliary GitHub workflows... Updated .github/workflows/black-migration.yaml: use explicit Dependabot migration iteration Updated .github/workflows/repo-config-migration.yaml: use explicit Dependabot migration iteration ======================================================================== Normalizing GitHub Action hashes... ======================================================================== Updating issue template configuration... Skipped .github/ISSUE_TEMPLATE/config.yml: already up to date ======================================================================== Setting up the gRPC migration workflow... Skipped: not an API project (type='lib'); the gRPC migration workflow is only needed for API repositories. ======================================================================== Fixing nox test path typo in CONTRIBUTING.md... Updated CONTRIBUTING.md: fixed nox 'test/' -> 'tests/' typo ======================================================================== Adjusting CONTRIBUTING.md release section for repo privacy... Skipped CONTRIBUTING.md: public repository, no change needed ======================================================================== Excluding submodules from black for API projects... Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory. ======================================================================== Setting up the isort migration workflow... Created .github/workflows/isort-migration.yaml Updated .github/workflows/auto-dependabot.yaml: skip individual isort bump PRs Updated .github/dependabot.yml: added 'isort' to exclude-patterns of patch and minor ======================================================================== Excluding submodules from isort for API projects... Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory. ======================================================================== ✅ Migration script finished successfully ✅ The migration completed successfully. --- .cookiecutter-replay.json | 5 + .../arm64-ubuntu-20.04-python-3.11.Dockerfile | 33 ------- .../containers/nox-cross-arch/entrypoint.bash | 9 -- .../containers/test-installation/Dockerfile | 17 ---- .github/dependabot.yml | 2 + .github/workflows/auto-dependabot.yaml | 3 +- .github/workflows/black-migration.yaml | 3 +- .github/workflows/isort-migration.yaml | 92 +++++++++++++++++++ .github/workflows/repo-config-migration.yaml | 4 +- CONTRIBUTING.md | 33 +------ 10 files changed, 109 insertions(+), 92 deletions(-) delete mode 100644 .github/containers/nox-cross-arch/arm64-ubuntu-20.04-python-3.11.Dockerfile delete mode 100755 .github/containers/nox-cross-arch/entrypoint.bash delete mode 100644 .github/containers/test-installation/Dockerfile create mode 100644 .github/workflows/isort-migration.yaml diff --git a/.cookiecutter-replay.json b/.cookiecutter-replay.json index 996efce..8c0899e 100644 --- a/.cookiecutter-replay.json +++ b/.cookiecutter-replay.json @@ -8,6 +8,7 @@ "keywords": "unit, conversion", "github_org": "frequenz-floss", "license": "MIT", + "private_repo": "no", "author_name": "Frequenz Energy-as-a-Service GmbH", "author_email": "floss@frequenz.com", "python_package": "frequenz.quantities", @@ -34,6 +35,10 @@ "MIT", "Proprietary" ], + "private_repo": [ + "{{ 'yes' if cookiecutter.license == 'Proprietary' else 'no' }}", + "{{ 'no' if cookiecutter.license == 'Proprietary' else 'yes' }}" + ], "author_name": "Frequenz Energy-as-a-Service GmbH", "author_email": "floss@frequenz.com", "python_package": "{{cookiecutter | python_package}}", diff --git a/.github/containers/nox-cross-arch/arm64-ubuntu-20.04-python-3.11.Dockerfile b/.github/containers/nox-cross-arch/arm64-ubuntu-20.04-python-3.11.Dockerfile deleted file mode 100644 index 4a29eec..0000000 --- a/.github/containers/nox-cross-arch/arm64-ubuntu-20.04-python-3.11.Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -# License: MIT -# Copyright © 2024 Frequenz Energy-as-a-Service GmbH -# This Dockerfile is used to run the tests in arm64, which is not supported by -# GitHub Actions at the moment. - -FROM docker.io/library/ubuntu:20.04 - -ENV DEBIAN_FRONTEND=noninteractive - -# Install Python 3.11 and curl to install pip later -RUN apt-get update -y && \ - apt-get install --no-install-recommends -y \ - software-properties-common && \ - add-apt-repository ppa:deadsnakes/ppa && \ - apt-get install --no-install-recommends -y \ - ca-certificates \ - curl \ - git \ - python3.11 \ - python3.11-distutils && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* - -# Install pip -RUN curl -sS https://bootstrap.pypa.io/get-pip.py | python3.11 - -RUN update-alternatives --install \ - /usr/local/bin/python python /usr/bin/python3.11 1 && \ - python -m pip install --upgrade --no-cache-dir pip - -COPY entrypoint.bash /usr/bin/entrypoint.bash - -ENTRYPOINT ["/usr/bin/entrypoint.bash"] diff --git a/.github/containers/nox-cross-arch/entrypoint.bash b/.github/containers/nox-cross-arch/entrypoint.bash deleted file mode 100755 index f344deb..0000000 --- a/.github/containers/nox-cross-arch/entrypoint.bash +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -# License: MIT -# Copyright © 2024 Frequenz Energy-as-a-Service GmbH -set -e - -echo "System details:" $(uname -a) -echo "Machine:" $(uname -m) - -exec "$@" diff --git a/.github/containers/test-installation/Dockerfile b/.github/containers/test-installation/Dockerfile deleted file mode 100644 index fa3ed3a..0000000 --- a/.github/containers/test-installation/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# License: MIT -# Copyright © 2024 Frequenz Energy-as-a-Service GmbH -# This Dockerfile is used to test the installation of the python package in -# multiple platforms in the CI. It is not used to build the package itself. - -FROM python:3.11-slim - -RUN apt-get update -y && \ - apt-get install --no-install-recommends -y \ - git && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - python -m pip install --upgrade --no-cache-dir pip - -COPY dist dist -RUN pip install dist/*.whl && \ - rm -rf dist diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1aba97f..79c84e1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -29,6 +29,7 @@ updates: exclude-patterns: # pydoclint has shipped breaking changes in patch updates often - "pydoclint" + - "isort" minor: update-types: - "minor" @@ -44,6 +45,7 @@ updates: - "mkdocstrings[python]" - "pydoclint" - "pytest-asyncio" + - "isort" # We group repo-config updates as it uses optional dependencies that are # considered different dependencies otherwise, and will create one PR for # each if we don't group them. diff --git a/.github/workflows/auto-dependabot.yaml b/.github/workflows/auto-dependabot.yaml index 572bd44..3245e91 100644 --- a/.github/workflows/auto-dependabot.yaml +++ b/.github/workflows/auto-dependabot.yaml @@ -23,7 +23,8 @@ jobs: if: > github.actor == 'dependabot[bot]' && !contains(github.event.pull_request.title, 'the repo-config group') && - !contains(github.event.pull_request.title, 'Bump black from ') + !contains(github.event.pull_request.title, 'Bump black from ') && + !contains(github.event.pull_request.title, 'Bump isort from ') runs-on: ubuntu-slim steps: - name: Generate GitHub App token diff --git a/.github/workflows/black-migration.yaml b/.github/workflows/black-migration.yaml index 3dc86fb..7116acd 100644 --- a/.github/workflows/black-migration.yaml +++ b/.github/workflows/black-migration.yaml @@ -66,7 +66,7 @@ jobs: # Read/update pull request metadata and labels. permission-pull-requests: write - name: Migrate - uses: frequenz-floss/gh-action-dependabot-migrate@eb100d3cf732b4808a7776eee8f303521efd494b # v1.2.1 + uses: frequenz-floss/gh-action-dependabot-migrate@27763fb5eb56476d91abe00132e8a0614171f92f # v1.2.0 with: migration-script: | import os @@ -81,6 +81,7 @@ jobs: subprocess.run([sys.executable, "-Im", "black", "."], check=True) token: ${{ steps.create-app-token.outputs.token }} auto-merge-on-changes: "false" + version-iteration: "false" sign-commits: "true" auto-merged-label: "tool:auto-merged" migrated-label: "tool:black:migration:executed" diff --git a/.github/workflows/isort-migration.yaml b/.github/workflows/isort-migration.yaml new file mode 100644 index 0000000..fde6c0c --- /dev/null +++ b/.github/workflows/isort-migration.yaml @@ -0,0 +1,92 @@ +# Automatic isort migration for Dependabot PRs +# +# When Dependabot upgrades isort, this workflow installs the new version and +# runs `isort .` so the PR already contains any import-ordering changes +# introduced by the upgrade, while leaving the PR open for review. +# +# isort follows SemVer but its release policy +# (https://github.com/PyCQA/isort/blob/main/docs/major_releases/release_policy.md) +# explicitly allows intentional formatting changes in minor releases, and +# patch releases may also adjust output in smaller bug-fix ways. Because of +# that, isort is excluded from the regular `patch` and `minor` Dependabot +# groups: every isort bump produces an individual `Bump isort from …` PR and +# is routed through this migration workflow. +# +# The companion auto-dependabot workflow skips those PRs so they're handled +# exclusively by this migration workflow. +# +# XXX: !!! SECURITY WARNING !!! +# pull_request_target has write access to the repo, and can read secrets. +# This is required because Dependabot PRs are treated as fork PRs: the +# GITHUB_TOKEN is read-only and secrets are unavailable with a plain +# pull_request trigger. The action mitigates the risk by: +# - Never executing code from the PR (the migration script is embedded +# in this workflow file on the base branch, not taken from the PR). +# - Gating migration steps on github.actor == 'dependabot[bot]'. +# - Running checkout with persist-credentials: false and isolating +# push credentials from the migration script environment. +# For more details read: +# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + +name: isort Migration + +on: + merge_group: # To allow using this as a required check for merging + pull_request_target: + types: [opened, synchronize, reopened, labeled, unlabeled] + +permissions: + # Commit reformatted files back to the PR branch. + contents: write + # Create and normalize migration state labels. + issues: write + # Read/update pull request metadata and comments. + pull-requests: write + +jobs: + isort-migration: + name: Migrate isort + # Skip if it was triggered by the merge queue. We only need the workflow to + # be executed to meet the "Required check" condition for merging, but we + # don't need to actually run the job, having the job present as Skipped is + # enough. + if: | + github.event_name == 'pull_request_target' && + github.actor == 'dependabot[bot]' && + contains(github.event.pull_request.title, 'Bump isort from ') + runs-on: ubuntu-24.04 + steps: + - name: Generate token + id: create-app-token + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 + with: + app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }} + private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }} + # Push reformatted files to the PR branch. + permission-contents: write + # Create and normalize migration state labels. + permission-issues: write + # Read/update pull request metadata and labels. + permission-pull-requests: write + - name: Migrate + uses: frequenz-floss/gh-action-dependabot-migrate@27763fb5eb56476d91abe00132e8a0614171f92f # v1.2.0 + with: + migration-script: | + import os + import subprocess + import sys + + version = os.environ["MIGRATION_VERSION"].lstrip("v") + subprocess.run( + [sys.executable, "-Im", "pip", "install", f"isort=={version}"], + check=True, + ) + subprocess.run([sys.executable, "-Im", "isort", "."], check=True) + token: ${{ steps.create-app-token.outputs.token }} + auto-merge-on-changes: "false" + version-iteration: "false" + sign-commits: "true" + auto-merged-label: "tool:auto-merged" + migrated-label: "tool:isort:migration:executed" + intervention-pending-label: "tool:isort:migration:intervention-pending" + intervention-done-label: "tool:isort:migration:intervention-done" diff --git a/.github/workflows/repo-config-migration.yaml b/.github/workflows/repo-config-migration.yaml index 8ab5e01..9608e91 100644 --- a/.github/workflows/repo-config-migration.yaml +++ b/.github/workflows/repo-config-migration.yaml @@ -58,12 +58,14 @@ jobs: # Allow pushes when migration changes workflow files. permission-workflows: write - name: Migrate - uses: frequenz-floss/gh-action-dependabot-migrate@eb100d3cf732b4808a7776eee8f303521efd494b # v1.2.1 + uses: frequenz-floss/gh-action-dependabot-migrate@27763fb5eb56476d91abe00132e8a0614171f92f # v1.2.0 with: script-url-template: >- https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/{version}/cookiecutter/migrate.py token: ${{ steps.create-app-token.outputs.token }} migration-token: ${{ secrets.REPO_CONFIG_MIGRATION_TOKEN }} + version-iteration: "minor" + if-no-iterations: "pass" sign-commits: "true" auto-merged-label: "tool:auto-merged" migrated-label: "tool:repo-config:migration:executed" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 80dd4d0..0cc1491 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,14 +50,14 @@ pytest tests/test_*.py Or you can use `nox`: ```sh -nox -R -s pytest -- test/test_*.py +nox -R -s pytest -- tests/test_*.py ``` The same appliest to `pylint` or `mypy` for example: ```sh -nox -R -s pylint -- test/test_*.py -nox -R -s mypy -- test/test_*.py +nox -R -s pylint -- tests/test_*.py +nox -R -s mypy -- tests/test_*.py ``` ### Building the documentation @@ -154,30 +154,3 @@ These are the steps to create a new release: eventually too). 7. Celebrate! - -## Cross-Arch Testing - -This project has built-in support for testing across multiple architectures. -Currently, our CI conducts tests on `arm64` machines using QEMU emulation. We -also have the flexibility to expand this support to include additional -architectures in the future. - -This project contains Dockerfiles that can be used in the CI to test the -python package in non-native machine architectures, e.g., `arm64`. The -Dockerfiles exist in the directory `.github/containers/nox-cross-arch`, and -follow a naming scheme so that they can be easily used in build matrices in the -CI, in `nox-cross-arch` job. The naming scheme is: - -``` ---python-.Dockerfile -``` - -E.g., - -``` -arm64-ubuntu-20.04-python-3.11.Dockerfile -``` - -If a Dockerfile for your desired target architecture, OS, and python version -does not exist here, please add one before proceeding to add your options to -the test matrix.