Skip to content

Bump frequenz-repo-config from 0.17.0 to 0.18.0 in the repo-config group#175

Merged
llucax merged 2 commits into
v1.x.xfrom
dependabot/pip/repo-config-accf3b6b2f
Jun 29, 2026
Merged

Bump frequenz-repo-config from 0.17.0 to 0.18.0 in the repo-config group#175
llucax merged 2 commits into
v1.x.xfrom
dependabot/pip/repo-config-accf3b6b2f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the repo-config group with 1 update: frequenz-repo-config.

Updates frequenz-repo-config from 0.17.0 to 0.18.0

Release notes

Sourced from frequenz-repo-config's releases.

v0.18.0

Frequenz Repository Configuration Release Notes

Summary

This release focuses on finishing the automation of dependabot updates, adding more automated upgrade workflows and fixing some problems with the previous release.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.

curl -sSLf https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/<tag>/cookiecutter/migrate.py | python3 -I

New Features

Cookiecutter template

  • The cookiecutter now asks whether a repository is private, defaults that answer from the selected license, and uses it to toggle private-repository workflow behavior, public publishing jobs, and the link to GitHub Discussions in the issue template chooser.
  • All dependencies have been updated in the templates.
  • API projects now ship a dedicated grpc-migration.yaml workflow that runs after Dependabot bumps grpcio/grpcio-tools/protobuf and rewrites the matching runtime >= floors in pyproject.toml.
  • API projects now have a better grpcio/protobuf updates grouping in Dependabot, which should make upgrading easier, and plays nicer with the new grpc-migration.yaml workflow.
  • API projects should now use the new API-specific Protect version branches ruleset variant, which includes the required Fix gRPC/protobuf runtime floors check without affecting non-API Python projects.
  • Workflows using the gh-action-dependabot-migrate are upgraded to the latest version, which avoids unnecessary version iterations.
  • Add an isort-migration.yaml workflow that automatically reorders imports when Dependabot upgrades isort.

Bug Fixes

Cookiecutter template

  • The unused cross-arch QEMU-based testing infrastructure has been removed. The .github/containers/nox-cross-arch/ and .github/containers/test-installation/ directories, as well as the "Cross-Arch Testing" section in CONTRIBUTING.md.
  • Private repositories now are generated with credentials uncommented and the publishing workflows disabled.
  • The issue template chooser (config.yml) no longer includes the contact_links section for private repositories, since GitHub Discussions are typically disabled for them.
  • Normalized the GitHub Action hashes for gh-action-setup-git and gh-action-setup-python-with-deps to point to the actual commit object, which is what Dependabot expects.
  • API projects now configure black with extend-exclude = '^/submodules/' so the formatting check doesn't descend into external git submodules that don't follow our formatting rules.
  • API projects now configure isort with skip_glob = ["submodules/*"] so the import-sorting check doesn't descend into external git submodules that don't follow our rules.
  • CONTRIBUTING.md
    • Fixed the nox example commands in to use the correct tests/ directory instead of the non-existent test/ directory.
    • Fixed the wrong mention to PyPI publishing when releasing for private repositories.

What's Changed

... (truncated)

Commits
  • 9536002 Update template versions and prepare the v0.18.0 release (#590)
  • 0851215 Prepare release notes for v0.18.0
  • bee542d template: Bump dependencies
  • 80402d2 build(deps): bump the compatible group with 2 updates (#589)
  • df8ba24 build(deps): bump the compatible group with 2 updates
  • e5f4e39 Add isort dependabot auto-migration workflow (#585)
  • 3afcb70 Update release notes
  • e86009b Add isort submodules migration step
  • 22be0ee template: Make isort exclude submodules from API projects
  • a459500 isort: Exclude golden tests
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the repo-config group with 1 update: [frequenz-repo-config](https://github.com/frequenz-floss/frequenz-repo-config-python).


Updates `frequenz-repo-config` from 0.17.0 to 0.18.0
- [Release notes](https://github.com/frequenz-floss/frequenz-repo-config-python/releases)
- [Changelog](https://github.com/frequenz-floss/frequenz-repo-config-python/blob/v0.x.x/RELEASE_NOTES.md)
- [Commits](frequenz-floss/frequenz-repo-config-python@v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: frequenz-repo-config
  dependency-version: 0.18.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: repo-config
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users labels Jun 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 15:08
@dependabot dependabot Bot requested review from ela-kotulska-frequenz and removed request for a team June 29, 2026 15:08
@dependabot dependabot Bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users labels Jun 29, 2026
=== v0.18.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.18.0/cookiecutter/migrate.py

========================================================================
Removing unused cross-arch testing files...
  Removed .github/containers/nox-cross-arch
  Removed .github/containers/test-installation
  Removed empty .github/containers
  Updated CONTRIBUTING.md: removed 'Cross-Arch Testing' section
========================================================================
Updating cookiecutter replay file...
  Failed to query repository visibility: HTTP 401: Bad credentials (https://api.github.com/graphql)
Try authenticating with:  gh auth login -h github.com
>>>   Could not determine repository visibility from GitHub (is the `gh` CLI installed and authenticated?). Inferred the repo is public from project metadata. If that is wrong, set `private_repo` in .cookiecutter-replay.json and re-run.
  Updated .cookiecutter-replay.json: added `private_repo=no` replay data
========================================================================
Updating generated CI workflows...
========================================================================
Updating auxiliary GitHub workflows...
  Updated .github/workflows/black-migration.yaml: use explicit Dependabot migration iteration
  Updated .github/workflows/repo-config-migration.yaml: use explicit Dependabot migration iteration
========================================================================
Normalizing GitHub Action hashes...
========================================================================
Updating issue template configuration...
  Skipped .github/ISSUE_TEMPLATE/config.yml: already up to date
========================================================================
Setting up the gRPC migration workflow...
  Skipped: not an API project (type='lib'); the gRPC migration workflow is only needed for API repositories.
========================================================================
Fixing nox test path typo in CONTRIBUTING.md...
  Updated CONTRIBUTING.md: fixed nox 'test/' -> 'tests/' typo
========================================================================
Adjusting CONTRIBUTING.md release section for repo privacy...
  Skipped CONTRIBUTING.md: public repository, no change needed
========================================================================
Excluding submodules from black for API projects...
  Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory.
========================================================================
Setting up the isort migration workflow...
  Created .github/workflows/isort-migration.yaml
  Updated .github/workflows/auto-dependabot.yaml: skip individual isort bump PRs
  Updated .github/dependabot.yml: added 'isort' to exclude-patterns of patch and minor
========================================================================
Excluding submodules from isort for API projects...
  Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory.
========================================================================

⚠️⚠️⚠️ Remember to check the manual steps: ⚠️⚠️⚠️
⚠️⚠️⚠️   1.   Could not determine repository visibility from GitHub (is the `gh` CLI installed and authenticated?). Inferred the repo is public from project metadata. If that is wrong, set `private_repo` in .cookiecutter-replay.json and re-run.

❌ Migration script finished but requires manual intervention ❌



The migration completed but requires manual intervention.
@github-actions

Copy link
Copy Markdown
Contributor

Repo Config Migration

Update: 0.17.0 → 0.18.0

⚠️ Manual Intervention Needed

The migration script exited with a non-zero status. Please review the output above and perform any required manual steps.

After completing the intervention, either remove the tool:repo-config:migration:intervention-pending label or add the tool:repo-config:migration:intervention-done label to signal resolution.

After intervention is marked as completed, this PR still requires manual review, approval, and merge.

Migration output

=== v0.18.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.18.0/cookiecutter/migrate.py

========================================================================
Removing unused cross-arch testing files...
  Removed .github/containers/nox-cross-arch
  Removed .github/containers/test-installation
  Removed empty .github/containers
  Updated CONTRIBUTING.md: removed 'Cross-Arch Testing' section
========================================================================
Updating cookiecutter replay file...
  Failed to query repository visibility: HTTP 401: Bad credentials (https://api.github.com/graphql)
Try authenticating with:  gh auth login -h github.com
>>>   Could not determine repository visibility from GitHub (is the `gh` CLI installed and authenticated?). Inferred the repo is public from project metadata. If that is wrong, set `private_repo` in .cookiecutter-replay.json and re-run.
  Updated .cookiecutter-replay.json: added `private_repo=no` replay data
========================================================================
Updating generated CI workflows...
========================================================================
Updating auxiliary GitHub workflows...
  Updated .github/workflows/black-migration.yaml: use explicit Dependabot migration iteration
  Updated .github/workflows/repo-config-migration.yaml: use explicit Dependabot migration iteration
========================================================================
Normalizing GitHub Action hashes...
========================================================================
Updating issue template configuration...
  Skipped .github/ISSUE_TEMPLATE/config.yml: already up to date
========================================================================
Setting up the gRPC migration workflow...
  Skipped: not an API project (type='lib'); the gRPC migration workflow is only needed for API repositories.
========================================================================
Fixing nox test path typo in CONTRIBUTING.md...
  Updated CONTRIBUTING.md: fixed nox 'test/' -> 'tests/' typo
========================================================================
Adjusting CONTRIBUTING.md release section for repo privacy...
  Skipped CONTRIBUTING.md: public repository, no change needed
========================================================================
Excluding submodules from black for API projects...
  Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory.
========================================================================
Setting up the isort migration workflow...
  Created .github/workflows/isort-migration.yaml
  Updated .github/workflows/auto-dependabot.yaml: skip individual isort bump PRs
  Updated .github/dependabot.yml: added 'isort' to exclude-patterns of patch and minor
========================================================================
Excluding submodules from isort for API projects...
  Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory.
========================================================================

⚠️⚠️⚠️ Remember to check the manual steps: ⚠️⚠️⚠️
⚠️⚠️⚠️   1.   Could not determine repository visibility from GitHub (is the `gh` CLI installed and authenticated?). Inferred the repo is public from project metadata. If that is wrong, set `private_repo` in .cookiecutter-replay.json and re-run.

❌ Migration script finished but requires manual intervention ❌



📋 Full migration logs

@github-actions github-actions Bot added tool:repo-config:migration:intervention-pending Migration requires manual intervention tool:repo-config:migration:executed Migration script has been run part:docs Affects the documentation labels Jun 29, 2026
@llucax llucax removed the tool:repo-config:migration:intervention-pending Migration requires manual intervention label Jun 29, 2026
@github-actions github-actions Bot added the tool:repo-config:migration:intervention-done Manual migration intervention has been completed label Jun 29, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Repo Config Migration

Manual intervention has been marked as completed.

Because this PR required manual intervention, this action will not auto-approve or auto-merge it. Please review, approve, and merge this PR manually.

@llucax

llucax commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

⚠️⚠️⚠️ 1. Could not determine repository visibility from GitHub (is the gh CLI installed and authenticated?). Inferred the repo is public from project metadata. If that is wrong, set private_repo in .cookiecutter-replay.json and re-run.

This was inferred as public correctly anyways.

@llucax llucax added this pull request to the merge queue Jun 29, 2026
Merged via the queue into v1.x.x with commit a8b249c Jun 29, 2026
14 of 15 checks passed
@llucax llucax deleted the dependabot/pip/repo-config-accf3b6b2f branch June 29, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

part:docs Affects the documentation part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) tool:repo-config:migration:executed Migration script has been run tool:repo-config:migration:intervention-done Manual migration intervention has been completed type:tech-debt Improves the project without visible changes for users

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant