Apply migration from 0.17.0 to 0.18.0

frequenz-auto-dependabot[bot] · web-flow · commit 4ecdbcac938d · 2026-06-03T04:44:21.000Z
=== v0.18.0 ========================================================= Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.18.0/cookiecutter/migrate.py ======================================================================== Removing unused cross-arch testing files... Removed .github/containers/nox-cross-arch Removed .github/containers/test-installation Removed empty .github/containers Updated CONTRIBUTING.md: removed 'Cross-Arch Testing' section ======================================================================== Updating cookiecutter replay file... Updated .cookiecutter-replay.json: added `private_repo=no` replay data ======================================================================== Updating generated CI workflows... ======================================================================== Updating auxiliary GitHub workflows... Updated .github/workflows/black-migration.yaml: use explicit Dependabot migration iteration Updated .github/workflows/repo-config-migration.yaml: use explicit Dependabot migration iteration ======================================================================== Normalizing GitHub Action hashes... Updated .github/workflows/ci-pr.yaml: normalized GitHub Action hashes Updated .github/workflows/ci.yaml: normalized GitHub Action hashes ======================================================================== Updating issue template configuration... Skipped .github/ISSUE_TEMPLATE/config.yml: already up to date ======================================================================== Setting up the gRPC migration workflow... Skipped: not an API project (type='lib'); the gRPC migration workflow is only needed for API repositories. ======================================================================== Fixing nox test path typo in CONTRIBUTING.md... Updated CONTRIBUTING.md: fixed nox 'test/' -> 'tests/' typo ======================================================================== Adjusting CONTRIBUTING.md release section for repo privacy... Skipped CONTRIBUTING.md: public repository, no change needed ======================================================================== Excluding submodules from black for API projects... Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory. ======================================================================== Setting up the isort migration workflow... Created .github/workflows/isort-migration.yaml Updated .github/workflows/auto-dependabot.yaml: skip individual isort bump PRs Updated .github/dependabot.yml: added 'isort' to exclude-patterns of patch and minor ======================================================================== Excluding submodules from isort for API projects... Skipped: not an API project (type='lib'); only API repositories ship a submodules/ directory. ======================================================================== ✅ Migration script finished successfully ✅ The migration completed successfully.
diff --git a/.cookiecutter-replay.json b/.cookiecutter-replay.json
@@ -8,6 +8,7 @@
     "keywords": "client, api, python, trading, electricity-trading",
     "github_org": "frequenz-floss",
     "license": "MIT",
+    "private_repo": "no",
     "author_name": "Frequenz Energy-as-a-Service GmbH",
     "author_email": "floss@frequenz.com",
     "python_package": "frequenz.client.electricity_trading",
@@ -36,6 +37,10 @@
       "MIT",
       "Proprietary"
     ],
+    "private_repo": [
+      "{{ 'yes' if cookiecutter.license == 'Proprietary' else 'no' }}",
+      "{{ 'no' if cookiecutter.license == 'Proprietary' else 'yes' }}"
+    ],
     "author_name": "Frequenz Energy-as-a-Service GmbH",
     "author_email": "floss@frequenz.com",
     "python_package": "{{cookiecutter | python_package}}",
diff --git a/.github/containers/nox-cross-arch/arm64-ubuntu-20.04-python-3.11.Dockerfile b/.github/containers/nox-cross-arch/arm64-ubuntu-20.04-python-3.11.Dockerfile
diff --git a/.github/containers/nox-cross-arch/entrypoint.bash b/.github/containers/nox-cross-arch/entrypoint.bash
diff --git a/.github/containers/test-installation/Dockerfile b/.github/containers/test-installation/Dockerfile
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -29,6 +29,7 @@ updates:
         exclude-patterns:
           # pydoclint has shipped breaking changes in patch updates often
           - "pydoclint"
+          - "isort"
       minor:
         update-types:
           - "minor"
@@ -49,6 +50,7 @@ updates:
           - "mkdocstrings[python]"
           - "pydoclint"
           - "pytest-asyncio"
+          - "isort"
       # We group repo-config updates as it uses optional dependencies that are
       # considered different dependencies otherwise, and will create one PR for
       # each if we don't group them.
diff --git a/.github/workflows/auto-dependabot.yaml b/.github/workflows/auto-dependabot.yaml
@@ -23,7 +23,8 @@ jobs:
     if: >
       github.actor == 'dependabot[bot]' &&
       !contains(github.event.pull_request.title, 'the repo-config group') &&
-      !contains(github.event.pull_request.title, 'Bump black from ')
+      !contains(github.event.pull_request.title, 'Bump black from ') &&
+      !contains(github.event.pull_request.title, 'Bump isort from ')
     runs-on: ubuntu-slim
     steps:
       - name: Generate GitHub App token
diff --git a/.github/workflows/black-migration.yaml b/.github/workflows/black-migration.yaml
@@ -66,7 +66,7 @@ jobs:
           # Read/update pull request metadata and labels.
           permission-pull-requests: write
       - name: Migrate
-        uses: frequenz-floss/gh-action-dependabot-migrate@45994e185a9040449304a470e8f02d0e197873b4  # v1.1.1
+        uses: frequenz-floss/gh-action-dependabot-migrate@27763fb5eb56476d91abe00132e8a0614171f92f # v1.2.0
         with:
           migration-script: |
             import os
@@ -81,6 +81,7 @@ jobs:
             subprocess.run([sys.executable, "-Im", "black", "."], check=True)
           token: ${{ steps.create-app-token.outputs.token }}
           auto-merge-on-changes: "false"
+          version-iteration: "false"
           sign-commits: "true"
           auto-merged-label: "tool:auto-merged"
           migrated-label: "tool:black:migration:executed"
diff --git a/.github/workflows/ci-pr.yaml b/.github/workflows/ci-pr.yaml
@@ -31,15 +31,15 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Setup Git
-        uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
+        uses: frequenz-floss/gh-action-setup-git@f9d86a01228ee1cadaac5224d4d7626f1eb23f90 # v1.0.0
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@0d0d77eac3b54799f31f25a1060ef2c6ebdf9299 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: .[dev-mkdocs]
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -80,15 +80,15 @@ jobs:
 
     steps:
       - name: Setup Git
-        uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
+        uses: frequenz-floss/gh-action-setup-git@f9d86a01228ee1cadaac5224d4d7626f1eb23f90 # v1.0.0
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@0d0d77eac3b54799f31f25a1060ef2c6ebdf9299 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: build
@@ -119,7 +119,7 @@ jobs:
 
     steps:
       - name: Setup Git
-        uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
+        uses: frequenz-floss/gh-action-setup-git@f9d86a01228ee1cadaac5224d4d7626f1eb23f90 # v1.0.0
 
       - name: Print environment (debug)
         run: env
@@ -145,7 +145,7 @@ jobs:
             > pyproject.toml
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@0d0d77eac3b54799f31f25a1060ef2c6ebdf9299 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
         with:
           python-version: ${{ matrix.python }}
           dependencies: dist/*.whl
@@ -178,15 +178,15 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Setup Git
-        uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
+        uses: frequenz-floss/gh-action-setup-git@f9d86a01228ee1cadaac5224d4d7626f1eb23f90 # v1.0.0
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@0d0d77eac3b54799f31f25a1060ef2c6ebdf9299 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: .[dev-mkdocs]
@@ -218,15 +218,15 @@ jobs:
       contents: write
     steps:
       - name: Setup Git
-        uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
+        uses: frequenz-floss/gh-action-setup-git@f9d86a01228ee1cadaac5224d4d7626f1eb23f90 # v1.0.0
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           submodules: true
 
       - name: Setup Python
-        uses: frequenz-floss/gh-action-setup-python-with-deps@0d0d77eac3b54799f31f25a1060ef2c6ebdf9299 # v1.0.2
+        uses: frequenz-floss/gh-action-setup-python-with-deps@e4d0b2ef8f5a1612d7827f3abaef17c931d2b946 # v1.0.2
         with:
           python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
           dependencies: .[dev-mkdocs]
diff --git a/.github/workflows/isort-migration.yaml b/.github/workflows/isort-migration.yaml
@@ -0,0 +1,92 @@
+# Automatic isort migration for Dependabot PRs
+#
+# When Dependabot upgrades isort, this workflow installs the new version and
+# runs `isort .` so the PR already contains any import-ordering changes
+# introduced by the upgrade, while leaving the PR open for review.
+#
+# isort follows SemVer but its release policy
+# (https://github.com/PyCQA/isort/blob/main/docs/major_releases/release_policy.md)
+# explicitly allows intentional formatting changes in minor releases, and
+# patch releases may also adjust output in smaller bug-fix ways.  Because of
+# that, isort is excluded from the regular `patch` and `minor` Dependabot
+# groups: every isort bump produces an individual `Bump isort from …` PR and
+# is routed through this migration workflow.
+#
+# The companion auto-dependabot workflow skips those PRs so they're handled
+# exclusively by this migration workflow.
+#
+# XXX: !!! SECURITY WARNING !!!
+# pull_request_target has write access to the repo, and can read secrets.
+# This is required because Dependabot PRs are treated as fork PRs: the
+# GITHUB_TOKEN is read-only and secrets are unavailable with a plain
+# pull_request trigger.  The action mitigates the risk by:
+#   - Never executing code from the PR (the migration script is embedded
+#     in this workflow file on the base branch, not taken from the PR).
+#   - Gating migration steps on github.actor == 'dependabot[bot]'.
+#   - Running checkout with persist-credentials: false and isolating
+#     push credentials from the migration script environment.
+# For more details read:
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+
+name: isort Migration
+
+on:
+  merge_group:  # To allow using this as a required check for merging
+  pull_request_target:
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+
+permissions:
+  # Commit reformatted files back to the PR branch.
+  contents: write
+  # Create and normalize migration state labels.
+  issues: write
+  # Read/update pull request metadata and comments.
+  pull-requests: write
+
+jobs:
+  isort-migration:
+    name: Migrate isort
+    # Skip if it was triggered by the merge queue. We only need the workflow to
+    # be executed to meet the "Required check" condition for merging, but we
+    # don't need to actually run the job, having the job present as Skipped is
+    # enough.
+    if: |
+      github.event_name == 'pull_request_target' &&
+      github.actor == 'dependabot[bot]' &&
+      contains(github.event.pull_request.title, 'Bump isort from ')
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Generate token
+        id: create-app-token
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        with:
+          app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
+          private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
+          # Push reformatted files to the PR branch.
+          permission-contents: write
+          # Create and normalize migration state labels.
+          permission-issues: write
+          # Read/update pull request metadata and labels.
+          permission-pull-requests: write
+      - name: Migrate
+        uses: frequenz-floss/gh-action-dependabot-migrate@27763fb5eb56476d91abe00132e8a0614171f92f # v1.2.0
+        with:
+          migration-script: |
+            import os
+            import subprocess
+            import sys
+
+            version = os.environ["MIGRATION_VERSION"].lstrip("v")
+            subprocess.run(
+                [sys.executable, "-Im", "pip", "install", f"isort=={version}"],
+                check=True,
+            )
+            subprocess.run([sys.executable, "-Im", "isort", "."], check=True)
+          token: ${{ steps.create-app-token.outputs.token }}
+          auto-merge-on-changes: "false"
+          version-iteration: "false"
+          sign-commits: "true"
+          auto-merged-label: "tool:auto-merged"
+          migrated-label: "tool:isort:migration:executed"
+          intervention-pending-label: "tool:isort:migration:intervention-pending"
+          intervention-done-label: "tool:isort:migration:intervention-done"
diff --git a/.github/workflows/repo-config-migration.yaml b/.github/workflows/repo-config-migration.yaml
@@ -58,12 +58,14 @@ jobs:
           # Allow pushes when migration changes workflow files.
           permission-workflows: write
       - name: Migrate
-        uses: frequenz-floss/gh-action-dependabot-migrate@45994e185a9040449304a470e8f02d0e197873b4 # v1.1.1
+        uses: frequenz-floss/gh-action-dependabot-migrate@27763fb5eb56476d91abe00132e8a0614171f92f # v1.2.0
         with:
           script-url-template: >-
             https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/{version}/cookiecutter/migrate.py
           token: ${{ steps.create-app-token.outputs.token }}
           migration-token: ${{ secrets.REPO_CONFIG_MIGRATION_TOKEN }}
+          version-iteration: "minor"
+          if-no-iterations: "pass"
           sign-commits: "true"
           auto-merged-label: "tool:auto-merged"
           migrated-label: "tool:repo-config:migration:executed"
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -50,14 +50,14 @@ pytest tests/test_*.py
 Or you can use `nox`:
 
 ```sh
-nox -R -s pytest -- test/test_*.py
+nox -R -s pytest -- tests/test_*.py
 ```
 
 The same appliest to `pylint` or `mypy` for example:
 
 ```sh
-nox -R -s pylint -- test/test_*.py
-nox -R -s mypy -- test/test_*.py
+nox -R -s pylint -- tests/test_*.py
+nox -R -s mypy -- tests/test_*.py
 ```
 
 ### Building the documentation
@@ -154,30 +154,3 @@ These are the steps to create a new release:
    eventually too).
 
 7. Celebrate!
-
-##  Cross-Arch Testing
-
-This project has built-in support for testing across multiple architectures.
-Currently, our CI conducts tests on `arm64` machines using QEMU emulation. We
-also have the flexibility to expand this support to include additional
-architectures in the future.
-
-This project contains Dockerfiles that can be used in the CI to test the
-python package in non-native machine architectures, e.g., `arm64`. The
-Dockerfiles exist in the directory `.github/containers/nox-cross-arch`, and
-follow a naming scheme so that they can be easily used in build matrices in the
-CI, in `nox-cross-arch` job. The naming scheme is:
-
-```
-<arch>-<os>-python-<python-version>.Dockerfile
-```
-
-E.g.,
-
-```
-arm64-ubuntu-20.04-python-3.11.Dockerfile
-```
-
-If a Dockerfile for your desired target architecture, OS, and python version
-does not exist here, please add one before proceeding to add your options to
-the test matrix.
