Bump frequenz-repo-config from 0.14.0 to 0.16.0 in the repo-config group (#507)

Bumps the repo-config group with 1 update:
[frequenz-repo-config](https://github.com/frequenz-floss/frequenz-repo-config-python).

Updates `frequenz-repo-config` from 0.14.0 to 0.16.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/releases">frequenz-repo-config's
releases</a>.</em></p>
<blockquote>
<h2>v0.16.0</h2>
<h1>Frequenz Repository Configuration Release Notes</h1>
<h2>Summary</h2>
<p>This is a maintenance, template-only, bugfix release.</p>
<h2>Upgrading</h2>
<h3>Cookiecutter template</h3>
<p>All upgrading should be done via the migration script or regenerating
the templates.</p>
<pre lang="bash"><code>curl -sSL
https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py
| python3
</code></pre>
<h2>Bug Fixes</h2>
<h3>Cookiecutter template</h3>
<ul>
<li>Added a migration step for api repositories to fix
<code>mkdocs.yml</code> when the previous
<code>mkdocstrings-python</code> v2 migration moved only <code>paths:
[&quot;src&quot;]</code> under <code>handlers.python.options</code> but
not <code>paths: [&quot;py&quot;]</code>.</li>
<li>Fixed runners for jobs that require Docker and where wrongly
converted to <code>ubuntu-slim</code> in v0.15.0, changing them back to
<code>ubuntu-24.04</code> to avoid Docker-related failures. The template
and the migration script were both updated to reflect this change.</li>
<li>Updated the repo-config migration workflow template and migration
script so existing repositories also add the <code>merge_group</code>
trigger and skip the job unless the event is
<code>pull_request_target</code>, allowing the workflow to be used as a
required merge-queue check.</li>
<li>Added a migration step to remove the copilot review request from the
Protect version branch protection rules. This was also done by v0.15.0
in theory, but the migration step was wrong and didn't update it
properly.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Fix mkdocs python path for API repos by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/pull/534">frequenz-floss/frequenz-repo-config-python#534</a></li>
<li>migrate: Update runners for Docker jobs by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/pull/536">frequenz-floss/frequenz-repo-config-python#536</a></li>
<li>ci: Trigger repo-config migration in merge queue by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/pull/537">frequenz-floss/frequenz-repo-config-python#537</a></li>
<li>migrate: Fix version ruleset copilot removal by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/pull/535">frequenz-floss/frequenz-repo-config-python#535</a></li>
<li>Prepare for the v0.16.0 release by <a
href="https://github.com/llucax"><code>@​llucax</code></a> in <a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/pull/538">frequenz-floss/frequenz-repo-config-python#538</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/compare/v0.15.1...v0.16.0">https://github.com/frequenz-floss/frequenz-repo-config-python/compare/v0.15.1...v0.16.0</a></p>
<h2>v0.15.1</h2>
<h1>Frequenz Repository Configuration Release Notes</h1>
<blockquote>
<p>[!NOTE]
This is a bugfix release for v0.15.0. This release was never published
to PyPI, so we keep the entire release notes for v0.15.0 here (updated
to the new changes) to make it easier for users to upgrade from v0.14.0
to v0.15.x.</p>
<p>The only change with respect to v0.15.0 is using the appropriate job
runner for the <code>publish-to-pypi</code> job in <code>ci.yaml</code>.
v0.15.0 updated it to <code>ubuntu-slim</code> but that didn't work
because it requires Docker, and it is not installed on the
<code>ubuntu-slim</code> runner.</p>
</blockquote>
<h2>Summary</h2>
<p>This release reduces CI cost by moving lightweight GitHub Actions
jobs to the new <code>ubuntu-slim</code> runner, fixes Dependabot
auto-merge/merge-queue issues by switching to a GitHub App installation
token, and introduces an automated repo-config migration workflow
(including updating existing repos' version-branch protection
defaults).</p>
<h2>Upgrading</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/blob/v0.16.0/RELEASE_NOTES.md">frequenz-repo-config's
changelog</a>.</em></p>
<blockquote>
<h1>Frequenz Repository Configuration Release Notes</h1>
<h2>Summary</h2>
<p>This is a maintenance, template-only, bugfix release.</p>
<h2>Upgrading</h2>
<h3>Cookiecutter template</h3>
<p>All upgrading should be done via the migration script or regenerating
the templates.</p>
<pre lang="bash"><code>curl -sSL
https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.16.0/cookiecutter/migrate.py
| python3
</code></pre>
<h2>Bug Fixes</h2>
<h3>Cookiecutter template</h3>
<ul>
<li>Added a migration step for api repositories to fix
<code>mkdocs.yml</code> when the previous
<code>mkdocstrings-python</code> v2 migration moved only <code>paths:
[&quot;src&quot;]</code> under <code>handlers.python.options</code> but
not <code>paths: [&quot;py&quot;]</code>.</li>
<li>Fixed runners for jobs that require Docker and where wrongly
converted to <code>ubuntu-slim</code> in v0.15.0, changing them back to
<code>ubuntu-24.04</code> to avoid Docker-related failures. The template
and the migration script were both updated to reflect this change.</li>
<li>Updated the repo-config migration workflow template and migration
script so existing repositories also add the <code>merge_group</code>
trigger and skip the job unless the event is
<code>pull_request_target</code>, allowing the workflow to be used as a
required merge-queue check.</li>
<li>Added a migration step to remove the copilot review request from the
Protect version branch protection rules. This was also done by v0.15.0
in theory, but the migration step was wrong and didn't update it
properly.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/fa0fc91875b45e3e947249d9e7b936ef0a804387"><code>fa0fc91</code></a>
Prepare for the v0.16.0 release (<a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/issues/538">#538</a>)</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/028d1b588630839b9afa0ef12fcd4d7c8df7d5b0"><code>028d1b5</code></a>
Prepare release notes for v0.16.0</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/395f7e2f1f571a5a8bf434cc152998ca7dc0aaa1"><code>395f7e2</code></a>
Update version to v0.16.0</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/30bba6864cda88c2c92b268b3721b7ce3c4a1fb6"><code>30bba68</code></a>
migrate: Fix version ruleset copilot removal (<a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/issues/535">#535</a>)</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/8c21ad0f24421320934032f9bbcd725863fe5a3c"><code>8c21ad0</code></a>
migrate: Fix version ruleset copilot removal</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/75090ee7d69246d548273d966e8880be206d2bb5"><code>75090ee</code></a>
ci: Trigger repo-config migration in merge queue (<a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/issues/537">#537</a>)</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/47db92e3b5357230eb731ec076befb103ab4c7e7"><code>47db92e</code></a>
ci: Trigger repo-config migration in merge queue</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/f97e24afe626b8b71e5b56ec57f994dc9220e11e"><code>f97e24a</code></a>
migrate: Update runners for Docker jobs (<a
href="https://redirect.github.com/frequenz-floss/frequenz-repo-config-python/issues/536">#536</a>)</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/675b22ff6f1dbca3a4bb5973faa4f72d8a9d59ea"><code>675b22f</code></a>
migrate: Update runners for Docker jobs</li>
<li><a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/commit/ec164048192edec03b7a34658e070c63e8ff7a35"><code>ec16404</code></a>
migrate: Disable too-many-locals and branches lints</li>
<li>Additional commits viewable in <a
href="https://github.com/frequenz-floss/frequenz-repo-config-python/compare/v0.14.0...v0.16.0">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=frequenz-repo-config&package-manager=pip&previous-version=0.14.0&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions

</details>

Author: llucax

.github/workflows/auto-dependabot.yaml

@@ -1,21 +1,39 @@
 name: Auto-merge Dependabot PR
 
 on:
-  pull_request:
+  # XXX: !!! SECURITY WARNING !!!
+  # pull_request_target has write access to the repo, and can read secrets. We
+  # need to audit any external actions executed in this workflow and make sure no
+  # checked out code is run (not even installing dependencies, as installing
+  # dependencies usually can execute pre/post-install scripts). We should also
+  # only use hashes to pick the action to execute (instead of tags or branches).
+  # For more details read:
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  pull_request_target:
 
 permissions:
-  contents: write
+  contents: read
   pull-requests: write
 
 jobs:
   auto-merge:
-    if: github.actor == 'dependabot[bot]'
-    runs-on: ubuntu-latest
+    name: Auto-merge Dependabot PR
+    if: >
+      github.actor == 'dependabot[bot]' &&
+      !contains(github.event.pull_request.title, 'the repo-config group')
+    runs-on: ubuntu-slim
     steps:
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
+          private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
+
       - name: Auto-merge Dependabot PR
-        uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165  # v1.5.0
+        uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165 # v1.5.0
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ steps.app-token.outputs.token }}
           dependency-type: 'all'
           auto-merge: 'true'
           merge-method: 'merge'

.github/workflows/ci.yaml

@@ -28,11 +28,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch:
-          - amd64
-          - arm
-        os:
+        platform:
           - ubuntu-24.04
+          - ubuntu-24.04-arm
         python:
           - "3.11"
           - "3.12"
@@ -41,7 +39,7 @@ jobs:
           # that uses the same venv to run multiple linting sessions
           - "ci_checks_max"
           - "pytest_min"
-    runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }}
+    runs-on: ${{ matrix.platform }}
 
     steps:
       - name: Run nox
@@ -60,7 +58,7 @@ jobs:
     needs: ["nox"]
     # We skip this job only if nox was also skipped
     if: always() && needs.nox.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.nox.result }}
     steps:
@@ -105,15 +103,13 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        arch:
-          - amd64
-          - arm
-        os:
+        platform:
           - ubuntu-24.04
+          - ubuntu-24.04-arm
         python:
           - "3.11"
           - "3.12"
-    runs-on: ${{ matrix.os }}${{ matrix.arch != 'amd64' && format('-{0}', matrix.arch) || '' }}
+    runs-on: ${{ matrix.platform }}
 
     steps:
       - name: Setup Git
@@ -161,7 +157,7 @@ jobs:
     needs: ["test-installation"]
     # We skip this job only if test-installation was also skipped
     if: always() && needs.test-installation.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.test-installation.result }}
     steps:
@@ -276,7 +272,7 @@ jobs:
       # discussions to create the release announcement in the discussion forums
       contents: write
       discussions: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     steps:
       - name: Download distribution files
         uses: actions/download-artifact@v8

.github/workflows/dco-merge-queue.yml

@@ -5,7 +5,7 @@ on:
 
 jobs:
   DCO:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - run: echo "This DCO job runs on merge_queue event and doesn't check PR contents"

.github/workflows/labeler.yml

@@ -7,7 +7,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Labeler
         # XXX: !!! SECURITY WARNING !!!

.github/workflows/release-notes-check.yml

@@ -16,7 +16,7 @@ on:
 jobs:
   check-release-notes:
     name: Check release notes are updated
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Check for a release notes update
         if: github.event_name == 'pull_request'

.github/workflows/repo-config-migration.yaml

@@ -47,7 +47,7 @@ jobs:
           app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
           private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
       - name: Migrate
-        uses: frequenz-floss/gh-action-dependabot-migrate@b389f72f9282346920150a67495efbae450ac07b # v1.1.0
+        uses: frequenz-floss/gh-action-dependabot-migrate@07dc7e74726498c50726a80cc2167a04d896508f # v1.0.0
         with:
           script-url-template: >-
             https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/{version}/cookiecutter/migrate.py

pyproject.toml

@@ -5,20 +5,20 @@
 requires = [
   "setuptools == 80.9.0",
   "setuptools_scm[toml] == 9.2.2",
-  "frequenz-repo-config[lib] == 0.14.0",
+  "frequenz-repo-config[lib] == 0.17.0",
 ]
 build-backend = "setuptools.build_meta"
 
 [project]
 name = "frequenz-channels"
 description = "Channel implementations for Python"
 readme = "README.md"
-license = { text = "MIT" }
+license = "MIT"
+license-files = ["LICENSE"]
 keywords = ["frequenz", "python", "lib", "library", "channels", "channel"]
 classifiers = [
   "Development Status :: 5 - Production/Stable",
   "Intended Audience :: Developers",
-  "License :: OSI Approved :: MIT License",
   "Programming Language :: Python :: 3",
   "Programming Language :: Python :: 3 :: Only",
   "Topic :: Software Development :: Libraries",
@@ -38,6 +38,7 @@ email = "floss@frequenz.com"
 [project.optional-dependencies]
 dev-flake8 = [
   "flake8 == 7.3.0",
+  "flake8-datetimez == 20.10.0",
   "flake8-docstrings == 1.7.0",
   "flake8-pyproject == 1.2.4", # For reading the flake8 config from pyproject.toml
   "pydoclint == 0.7.6",
@@ -47,7 +48,7 @@ dev-formatting = ["black == 25.9.0", "isort == 7.0.0"]
 dev-mkdocs = [
   "Markdown == 3.9",
   "black == 25.9.0",
-  "frequenz-repo-config[lib] == 0.14.0",
+  "frequenz-repo-config[lib] == 0.17.0",
   "markdown-callouts == 0.4.0",
   "markdown-svgbob == 202406.1023",
   "mike == 2.1.4",
@@ -67,15 +68,15 @@ dev-mypy = [
   "mypy == 1.18.2",
   "types-Markdown == 3.9.0.20250906",
 ]
-dev-noxfile = ["nox == 2025.10.16", "frequenz-repo-config[lib] == 0.14.0"]
+dev-noxfile = ["nox == 2025.10.16", "frequenz-repo-config[lib] == 0.17.0"]
 dev-pylint = [
   # For checking the noxfile, docs/ script, and tests
   "frequenz-channels[dev-mkdocs,dev-noxfile,dev-pytest]",
   "pylint == 4.0.5",
 ]
 dev-pytest = [
   "async-solipsism == 0.9",
-  "frequenz-repo-config[extra-lint-examples] == 0.14.0",
+  "frequenz-repo-config[extra-lint-examples] == 0.17.0",
   "hypothesis == 6.143.0",
   "pytest == 8.4.2",
   "pytest-asyncio == 1.1.0",