Apply migration from 0.14.0 to 0.16.0

=== v0.15.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.15.0/cookiecutter/migrate.py

========================================================================
Migrating workflows to use ubuntu-slim runner for lightweight jobs...
  Updated .github/workflows/ci.yaml: migrated job nox-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job test-installation-all to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job create-github-release to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job publish-to-pypi to ubuntu-slim
  Updated .github/workflows/ci.yaml: migrated job protolint to ubuntu-slim
  Updated .github/workflows/release-notes-check.yml: migrated job check-release-notes to ubuntu-slim
  Updated .github/workflows/dco-merge-queue.yml: migrated job DCO to ubuntu-slim
  Updated .github/workflows/labeler.yml: migrated job Label to ubuntu-slim
  Updated .github/workflows/ci-pr.yaml: migrated job protolint to ubuntu-slim
========================================================================
Migrating pyproject license metadata to SPDX format...
  Updated pyproject.toml: migrated license metadata
========================================================================
Adding flake8-datetimez plugin to dev-flake8 dependencies...
  Updated pyproject.toml: added flake8-datetimez plugin
========================================================================
Fixing dependabot repo-config and mkdocstrings patterns...
  Skipped .github/dependabot.yml: repo-config patterns already updated
  Skipped .github/dependabot.yml: mkdocstrings patterns already updated
  Skipped .github/dependabot.yml (already up to date)
========================================================================
Migrating auto-dependabot workflow to use GitHub App token...
  Replacing .github/workflows/auto-dependabot.yaml with updated workflow (overwriting any local changes)
========================================================================
Migrating the CI workflows to use a platform matrix...
  - .github/workflows/ci.yaml
    Migrated arch+os matrix to platform
========================================================================
Installing repo-config migration workflow...
  Replacing .github/workflows/repo-config-migration.yaml with updated workflow (overwriting any local changes)
  Updated .github/workflows/auto-dependabot.yaml: added repo-config group exclusion
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅

=== v0.16.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py

========================================================================
Fixing repo-config migration merge queue trigger...
  Updated .github/workflows/repo-config-migration.yaml: added merge_group trigger
========================================================================
Fixing mkdocstrings-python v2 paths for api repos...
  Updated mkdocs.yml: moved mkdocstrings api paths out of options
========================================================================
Migrating protolint and publish-to-pypi runners to ubuntu-24.04...
  Updated .github/workflows/ci-pr.yaml: migrated runner for job protolint
  Updated .github/workflows/ci.yaml: migrated runner for job protolint
  Updated .github/workflows/ci.yaml: migrated runner for job publish-to-pypi
========================================================================
Updating 'Protect version branches' GitHub ruleset...
  Ruleset 'Protect version branches' is already up to date
========================================================================

       ✅ Migration script finished successfully ✅



The migration completed successfully.

Author: frequenz-auto-dependabot[bot]

.github/workflows/auto-dependabot.yaml

@@ -1,21 +1,39 @@
 name: Auto-merge Dependabot PR
 
 on:
-  pull_request:
+  # XXX: !!! SECURITY WARNING !!!
+  # pull_request_target has write access to the repo, and can read secrets. We
+  # need to audit any external actions executed in this workflow and make sure no
+  # checked out code is run (not even installing dependencies, as installing
+  # dependencies usually can execute pre/post-install scripts). We should also
+  # only use hashes to pick the action to execute (instead of tags or branches).
+  # For more details read:
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  pull_request_target:
 
 permissions:
-  contents: write
+  contents: read
   pull-requests: write
 
 jobs:
   auto-merge:
-    if: github.actor == 'dependabot[bot]'
-    runs-on: ubuntu-latest
+    name: Auto-merge Dependabot PR
+    if: >
+      github.actor == 'dependabot[bot]' &&
+      !contains(github.event.pull_request.title, 'the repo-config group')
+    runs-on: ubuntu-slim
     steps:
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
+          private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
+
       - name: Auto-merge Dependabot PR
-        uses: frequenz-floss/dependabot-auto-approve@3cad5f42e79296505473325ac6636be897c8b8a1  # v1.3.2
+        uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165 # v1.5.0
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ steps.app-token.outputs.token }}
           dependency-type: 'all'
           auto-merge: 'true'
           merge-method: 'merge'

.github/workflows/ci.yaml

@@ -54,11 +54,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch:
-          - amd64
-          - arm
-        os:
+        platform:
           - ubuntu-24.04
+          - ubuntu-24.04-arm
         python:
           - "3.11"
           - "3.12"
@@ -67,7 +65,7 @@ jobs:
           # that uses the same venv to run multiple linting sessions
           - "ci_checks_max"
           - "pytest_min"
-    runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }}
+    runs-on: ${{ matrix.platform }}
 
     steps:
       - name: Run nox
@@ -86,7 +84,7 @@ jobs:
     needs: ["nox"]
     # We skip this job only if nox was also skipped
     if: always() && needs.nox.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.nox.result }}
     steps:
@@ -131,15 +129,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch:
-          - amd64
-          - arm
-        os:
+        platform:
           - ubuntu-24.04
+          - ubuntu-24.04-arm
         python:
           - "3.11"
           - "3.12"
-    runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }}
+    runs-on: ${{ matrix.platform }}
 
     steps:
       - name: Setup Git
@@ -187,7 +183,7 @@ jobs:
     needs: ["test-installation"]
     # We skip this job only if test-installation was also skipped
     if: always() && needs.test-installation.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.test-installation.result }}
     steps:
@@ -302,7 +298,7 @@ jobs:
       # discussions to create the release announcement in the discussion forums
       contents: write
       discussions: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     steps:
       - name: Download distribution files
         uses: actions/download-artifact@v7

.github/workflows/dco-merge-queue.yml

@@ -5,7 +5,7 @@ on:
 
 jobs:
   DCO:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - run: echo "This DCO job runs on merge_queue event and doesn't check PR contents"

.github/workflows/labeler.yml

@@ -7,7 +7,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Labeler
         # XXX: !!! SECURITY WARNING !!!

.github/workflows/release-notes-check.yml

@@ -16,7 +16,7 @@ on:
 jobs:
   check-release-notes:
     name: Check release notes are updated
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     permissions:
       pull-requests: read
     steps:

mkdocs.yml

@@ -99,8 +99,8 @@ plugins:
       default_handler: python
       handlers:
         python:
+          paths: ["py"]
           options:
-            paths: ["py"]
             docstring_section_style: spacy
             inherited_members: true
             merge_init_into_class: false

pyproject.toml

@@ -21,7 +21,8 @@ build-backend = "setuptools.build_meta"
 name = "frequenz-api-reporting"
 description = "Frequenz gRPC API to aggregate component data from microgrids"
 readme = "README.md"
-license = { text = "MIT" }
+license = "MIT"
+license-files = ["LICENSE"]
 keywords = [
   "frequenz",
   "python",
@@ -36,7 +37,6 @@ keywords = [
 classifiers = [
   "Development Status :: 3 - Alpha",
   "Intended Audience :: Developers",
-  "License :: OSI Approved :: MIT License",
   "Programming Language :: Python :: 3",
   "Programming Language :: Python :: 3 :: Only",
   "Topic :: Software Development :: Libraries",
@@ -63,6 +63,7 @@ email = "floss@frequenz.com"
 [project.optional-dependencies]
 dev-flake8 = [
   "flake8 == 7.3.0",
+  "flake8-datetimez == 20.10.0",
   "flake8-docstrings == 1.7.0",
   "flake8-pyproject == 1.2.4", # For reading the flake8 config from pyproject.toml
   "pydoclint == 0.8.3",