Migrate lightweight workflow jobs to ubuntu-slim runner

Use the new 1 vCPU ubuntu-slim runner for lightweight jobs that don't
need full resources:
- protolint (api only)
- nox-all (aggregator job)
- test-installation-all (aggregator job)
- create-github-release
- publish-to-pypi
- auto-merge (dependabot)
- check-release-notes
- DCO
- Label

The ubuntu-slim runner is more cost-effective for these simple jobs
that primarily do API calls, artifact downloads, or run short scripts.

Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>

Author: llucax

RELEASE_NOTES.md

@@ -2,7 +2,7 @@
 
 ## Summary
 
-<!-- Here goes a general summary of what this release is about -->
+This release migrates lightweight GitHub Actions workflow jobs to use the new cost-effective `ubuntu-slim` runner.
 
 ## Upgrading
 
@@ -26,7 +26,14 @@ But you might still need to adapt your code:
 
 ### Cookiecutter template
 
-<!-- Here new features for cookiecutter specifically -->
+- Migrated lightweight workflow jobs to use the new `ubuntu-slim` runner for cost savings.
+  The following jobs now use `ubuntu-slim`:
+  - `ci.yaml`: `protolint`, `nox-all`, `test-installation-all`, `create-github-release`, `publish-to-pypi`
+  - `ci-pr.yaml`: `protolint`
+  - `auto-dependabot.yaml`: `auto-merge`
+  - `release-notes-check.yml`: `check-release-notes`
+  - `dco-merge-queue.yml`: `DCO`
+  - `labeler.yml`: `Label`
 
 ## Bug Fixes
 

cookiecutter/migrate.py

@@ -32,10 +32,152 @@ def main() -> None:
     """Run the migration steps."""
     # Add a separation line like this one after each migration step.
     print("=" * 72)
+    print("Migrating workflows to use ubuntu-slim runner for lightweight jobs...")
+    migrate_to_ubuntu_slim()
+    print("=" * 72)
     print("Migration script finished. Remember to follow any manual instructions.")
     print("=" * 72)
 
 
+def migrate_to_ubuntu_slim() -> None:
+    """Migrate workflow files to use ubuntu-slim runner for lightweight jobs.
+
+    This updates several workflow files to use the new cost-effective ubuntu-slim
+    runner for jobs that are lightweight (e.g., labeling, release notes checks,
+    simple API calls).
+    """
+    workflows_dir = Path(".github") / "workflows"
+
+    # Define the migration rules: (filename, old_runner, new_runner, job_patterns)
+    # job_patterns is a list of job identifiers to help locate the right runs-on line
+    migrations = [
+        (
+            "ci.yaml",
+            [
+                # nox-all job
+                (
+                    "    if: always() && needs.nox.result != 'skipped'\n"
+                    "    runs-on: ubuntu-24.04",
+                    "    if: always() && needs.nox.result != 'skipped'\n"
+                    "    runs-on: ubuntu-slim",
+                ),
+                # test-installation-all job
+                (
+                    "    if: always() && needs.test-installation.result != 'skipped'\n"
+                    "    runs-on: ubuntu-24.04",
+                    "    if: always() && needs.test-installation.result != 'skipped'\n"
+                    "    runs-on: ubuntu-slim",
+                ),
+                # create-github-release job
+                (
+                    "      discussions: write\n    runs-on: ubuntu-24.04",
+                    "      discussions: write\n    runs-on: ubuntu-slim",
+                ),
+                # publish-to-pypi job
+                (
+                    '    needs: ["create-github-release"]\n    runs-on: ubuntu-24.04',
+                    '    needs: ["create-github-release"]\n    runs-on: ubuntu-slim',
+                ),
+                # protolint job (for API projects)
+                (
+                    "  protolint:\n"
+                    "    name: Check proto files with protolint\n"
+                    "    runs-on: ubuntu-24.04",
+                    "  protolint:\n"
+                    "    name: Check proto files with protolint\n"
+                    "    runs-on: ubuntu-slim",
+                ),
+            ],
+        ),
+        (
+            "ci-pr.yaml",
+            [
+                # protolint job (for API projects)
+                (
+                    "  protolint:\n"
+                    "    name: Check proto files with protolint\n"
+                    "    runs-on: ubuntu-24.04",
+                    "  protolint:\n"
+                    "    name: Check proto files with protolint\n"
+                    "    runs-on: ubuntu-slim",
+                ),
+            ],
+        ),
+        (
+            "auto-dependabot.yaml",
+            [
+                (
+                    "  auto-merge:\n"
+                    "    if: github.actor == 'dependabot[bot]'\n"
+                    "    runs-on: ubuntu-latest",
+                    "  auto-merge:\n"
+                    "    if: github.actor == 'dependabot[bot]'\n"
+                    "    runs-on: ubuntu-slim",
+                ),
+            ],
+        ),
+        (
+            "release-notes-check.yml",
+            [
+                (
+                    "  check-release-notes:\n"
+                    "    name: Check release notes are updated\n"
+                    "    runs-on: ubuntu-latest",
+                    "  check-release-notes:\n"
+                    "    name: Check release notes are updated\n"
+                    "    runs-on: ubuntu-slim",
+                ),
+            ],
+        ),
+        (
+            "dco-merge-queue.yml",
+            [
+                (
+                    "jobs:\n  DCO:\n    runs-on: ubuntu-latest",
+                    "jobs:\n  DCO:\n    runs-on: ubuntu-slim",
+                ),
+            ],
+        ),
+        (
+            "labeler.yml",
+            [
+                (
+                    "  Label:\n"
+                    "    permissions:\n"
+                    "      contents: read\n"
+                    "      pull-requests: write\n"
+                    "    runs-on: ubuntu-latest",
+                    "  Label:\n"
+                    "    permissions:\n"
+                    "      contents: read\n"
+                    "      pull-requests: write\n"
+                    "    runs-on: ubuntu-slim",
+                ),
+            ],
+        ),
+    ]
+
+    for filename, replacements in migrations:
+        filepath = workflows_dir / filename
+        if not filepath.exists():
+            print(f"  Skipping {filename} (file not found)")
+            continue
+
+        updated = False
+        for old, new in replacements:
+            try:
+                content = filepath.read_text(encoding="utf-8")
+                if old in content:
+                    replace_file_contents_atomically(filepath, old, new)
+                    updated = True
+                    print(f"  Updated {filename}: migrated to ubuntu-slim")
+            except FileNotFoundError:
+                pass
+
+        if not updated:
+            print(f"  Skipping {filename} (already migrated or pattern not found)")
+
+
 def apply_patch(patch_content: str) -> None:
     """Apply a patch using the patch utility."""
     subprocess.run(["patch", "-p1"], input=patch_content.encode(), check=True)

cookiecutter/{{cookiecutter.github_repo_name}}/.github/workflows/auto-dependabot.yaml

@@ -10,7 +10,7 @@ permissions:
 jobs:
   auto-merge:
     if: github.actor == 'dependabot[bot]'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Auto-merge Dependabot PR
         uses: frequenz-floss/dependabot-auto-approve@3cad5f42e79296505473325ac6636be897c8b8a1 # v1.3.2

cookiecutter/{{cookiecutter.github_repo_name}}/.github/workflows/ci-pr.yaml

@@ -15,7 +15,7 @@ jobs:
   {% endraw %}{% if cookiecutter.type == "api" %}{% raw -%}
   protolint:
     name: Check proto files with protolint
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
 
     steps:
       - name: Setup Git

cookiecutter/{{cookiecutter.github_repo_name}}/.github/workflows/ci.yaml

@@ -27,7 +27,7 @@ jobs:
   {% endraw %}{% if cookiecutter.type == "api" %}{% raw -%}
   protolint:
     name: Check proto files with protolint
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
 
     steps:
       - name: Setup Git
@@ -96,7 +96,7 @@ jobs:
     needs: ["nox"]
     # We skip this job only if nox was also skipped
     if: always() && needs.nox.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.nox.result }}
     steps:
@@ -205,7 +205,7 @@ jobs:
     needs: ["test-installation"]
     # We skip this job only if test-installation was also skipped
     if: always() && needs.test-installation.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.test-installation.result }}
     steps:
@@ -328,7 +328,7 @@ jobs:
       # discussions to create the release announcement in the discussion forums
       contents: write
       discussions: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     steps:
       - name: Download distribution files
         uses: actions/download-artifact@v4
@@ -370,7 +370,7 @@ jobs:
   publish-to-pypi:
     name: Publish packages to PyPI
     needs: ["create-github-release"]
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     permissions:
       # For trusted publishing. See:
       # https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/

cookiecutter/{{cookiecutter.github_repo_name}}/.github/workflows/dco-merge-queue.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   DCO:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - run: echo "This DCO job runs on merge_queue event and doesn't check PR contents"

cookiecutter/{{cookiecutter.github_repo_name}}/.github/workflows/labeler.yml

@@ -8,7 +8,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Labeler
         # XXX: !!! SECURITY WARNING !!!

cookiecutter/{{cookiecutter.github_repo_name}}/.github/workflows/release-notes-check.yml

@@ -16,7 +16,7 @@ on:
 jobs:
   check-release-notes:
     name: Check release notes are updated
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     permissions:
       pull-requests: read
     steps:

tests_golden/integration/test_cookiecutter_generation/actor/frequenz-actor-test/.github/workflows/auto-dependabot.yaml

@@ -10,7 +10,7 @@ permissions:
 jobs:
   auto-merge:
     if: github.actor == 'dependabot[bot]'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Auto-merge Dependabot PR
         uses: frequenz-floss/dependabot-auto-approve@3cad5f42e79296505473325ac6636be897c8b8a1 # v1.3.2

tests_golden/integration/test_cookiecutter_generation/actor/frequenz-actor-test/.github/workflows/ci.yaml

@@ -63,7 +63,7 @@ jobs:
     needs: ["nox"]
     # We skip this job only if nox was also skipped
     if: always() && needs.nox.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.nox.result }}
     steps:
@@ -172,7 +172,7 @@ jobs:
     needs: ["test-installation"]
     # We skip this job only if test-installation was also skipped
     if: always() && needs.test-installation.result != 'skipped'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     env:
       DEPS_RESULT: ${{ needs.test-installation.result }}
     steps:
@@ -295,7 +295,7 @@ jobs:
       # discussions to create the release announcement in the discussion forums
       contents: write
       discussions: write
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     steps:
       - name: Download distribution files
         uses: actions/download-artifact@v4
@@ -337,7 +337,7 @@ jobs:
   publish-to-pypi:
     name: Publish packages to PyPI
     needs: ["create-github-release"]
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-slim
     permissions:
       # For trusted publishing. See:
       # https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/