Update golden tests

Signed-off-by: Leandro Lucarella <luca-frequenz@llucax.com>

Author: llucax

tests_golden/integration/test_cookiecutter_generation/actor-proprietary/frequenz-actor-test/.cookiecutter-replay.json

@@ -0,0 +1,48 @@
+{
+  "cookiecutter": {
+    "Introduction": "",
+    "type": "actor",
+    "name": "test",
+    "description": "Test description",
+    "title": "Frequenz Test Actor",
+    "keywords": "(comma separated: 'frequenz', <type> and <name> are included automatically)",
+    "github_org": "frequenz-floss",
+    "license": "Proprietary",
+    "private_repo": "yes",
+    "author_name": "Frequenz Energy-as-a-Service GmbH",
+    "author_email": "floss@frequenz.com",
+    "python_package": "frequenz.actor.test",
+    "pypi_package_name": "frequenz-actor-test",
+    "github_repo_name": "frequenz-actor-test",
+    "default_codeowners": "(like @some-org/some-team; defaults to a team based on the repo type)"
+  },
+  "_cookiecutter": {
+    "Introduction": "{{cookiecutter | introduction}}",
+    "type": [
+      "actor",
+      "api",
+      "app",
+      "lib",
+      "model"
+    ],
+    "name": "test",
+    "description": "Test description",
+    "title": "{{cookiecutter | proj_title}}",
+    "keywords": "(comma separated: 'frequenz', <type> and <name> are included automatically)",
+    "github_org": "frequenz-floss",
+    "license": [
+      "Proprietary",
+      "MIT"
+    ],
+    "private_repo": [
+      "{{ 'yes' if cookiecutter.license == 'Proprietary' else 'no' }}",
+      "{{ 'no' if cookiecutter.license == 'Proprietary' else 'yes' }}"
+    ],
+    "author_name": "Frequenz Energy-as-a-Service GmbH",
+    "author_email": "floss@frequenz.com",
+    "python_package": "{{cookiecutter | python_package}}",
+    "pypi_package_name": "{{cookiecutter | pypi_package_name}}",
+    "github_repo_name": "{{cookiecutter | github_repo_name}}",
+    "default_codeowners": "(like @some-org/some-team; defaults to a team based on the repo type)"
+  }
+}

tests_golden/integration/test_cookiecutter_generation/actor-proprietary/frequenz-actor-test/.github/workflows/auto-dependabot.yaml

@@ -0,0 +1,49 @@
+name: Auto-merge Dependabot PR
+
+on:
+  # XXX: !!! SECURITY WARNING !!!
+  # pull_request_target has write access to the repo, and can read secrets. We
+  # need to audit any external actions executed in this workflow and make sure no
+  # checked out code is run (not even installing dependencies, as installing
+  # dependencies usually can execute pre/post-install scripts). We should also
+  # only use hashes to pick the action to execute (instead of tags or branches).
+  # For more details read:
+  # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+  pull_request_target:
+
+permissions:
+  # Read repository contents and Dependabot metadata used by the nested action.
+  contents: read
+  # The nested action also uses `github.token` internally for PR operations.
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    name: Auto-merge Dependabot PR
+    if: |
+      github.actor == 'dependabot[bot]' &&
+      !contains(github.event.pull_request.title, 'the repo-config group') &&
+      !contains(github.event.pull_request.title, 'Bump black from ')
+    runs-on: ubuntu-slim
+    steps:
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        with:
+          app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
+          private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
+          # Merge Dependabot PRs.
+          permission-contents: write
+          # Create the auto-merged label if it does not exist.
+          permission-issues: write
+          # Approve PRs, add labels, and enable auto-merge.
+          permission-pull-requests: write
+
+      - name: Auto-merge Dependabot PR
+        uses: frequenz-floss/dependabot-auto-approve@e943399cc9d76fbb6d7faae446cd57301d110165 # v1.5.0
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          dependency-type: 'all'
+          auto-merge: 'true'
+          merge-method: 'merge'
+          add-label: 'tool:auto-merged'

tests_golden/integration/test_cookiecutter_generation/actor-proprietary/frequenz-actor-test/.github/workflows/black-migration.yaml

@@ -0,0 +1,88 @@
+# Automatic black formatting migration for Dependabot PRs
+#
+# When Dependabot upgrades black, this workflow installs the new version
+# and runs `black .` so the PR already contains any formatting changes
+# introduced by the upgrade, while leaving the PR open for review.
+#
+# Black uses calendar versioning.  Only the first release of a new calendar
+# year may introduce formatting changes (major bump in Dependabot's terms).
+# Minor and patch updates within a year keep formatting stable, so they stay
+# in the regular Dependabot groups and are auto-merged normally.
+#
+# The companion auto-dependabot workflow skips major black PRs so they're
+# handled exclusively by this migration workflow.
+#
+# XXX: !!! SECURITY WARNING !!!
+# pull_request_target has write access to the repo, and can read secrets.
+# This is required because Dependabot PRs are treated as fork PRs: the
+# GITHUB_TOKEN is read-only and secrets are unavailable with a plain
+# pull_request trigger.  The action mitigates the risk by:
+#   - Never executing code from the PR (the migration script is embedded
+#     in this workflow file on the base branch, not taken from the PR).
+#   - Gating migration steps on github.actor == 'dependabot[bot]'.
+#   - Running checkout with persist-credentials: false and isolating
+#     push credentials from the migration script environment.
+# For more details read:
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+
+name: Black Migration
+
+on:
+  merge_group:  # To allow using this as a required check for merging
+  pull_request_target:
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+
+permissions:
+  # Commit reformatted files back to the PR branch.
+  contents: write
+  # Create and normalize migration state labels.
+  issues: write
+  # Read/update pull request metadata and comments.
+  pull-requests: write
+
+jobs:
+  black-migration:
+    name: Migrate Black
+    # Skip if it was triggered by the merge queue. We only need the workflow to
+    # be executed to meet the "Required check" condition for merging, but we
+    # don't need to actually run the job, having the job present as Skipped is
+    # enough.
+    if: |
+      github.event_name == 'pull_request_target' &&
+      github.actor == 'dependabot[bot]' &&
+      contains(github.event.pull_request.title, 'Bump black from ')
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Generate token
+        id: create-app-token
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        with:
+          app-id: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_ID }}
+          private-key: ${{ secrets.FREQUENZ_AUTO_DEPENDABOT_APP_PRIVATE_KEY }}
+          # Push reformatted files to the PR branch.
+          permission-contents: write
+          # Create and normalize migration state labels.
+          permission-issues: write
+          # Read/update pull request metadata and labels.
+          permission-pull-requests: write
+      - name: Migrate
+        uses: frequenz-floss/gh-action-dependabot-migrate@b389f72f9282346920150a67495efbae450ac07b  # v1.1.0
+        with:
+          migration-script: |
+            import os
+            import subprocess
+            import sys
+
+            version = os.environ["MIGRATION_VERSION"].lstrip("v")
+            subprocess.run(
+                [sys.executable, "-Im", "pip", "install", f"black=={version}"],
+                check=True,
+            )
+            subprocess.run([sys.executable, "-Im", "black", "."], check=True)
+          token: ${{ steps.create-app-token.outputs.token }}
+          auto-merge-on-changes: "false"
+          sign-commits: "true"
+          auto-merged-label: "tool:auto-merged"
+          migrated-label: "tool:black:migration:executed"
+          intervention-pending-label: "tool:black:migration:intervention-pending"
+          intervention-done-label: "tool:black:migration:intervention-done"

tests_golden/integration/test_cookiecutter_generation/actor/cookiecutter-stdout.txt

@@ -2,14 +2,6 @@
 ./.github/ISSUE_TEMPLATE/config.yml:    # TODO(cookiecutter): Make sure the GitHub repository has a discussion category "Support"
 ./.github/keylabeler.yml:  # TODO(cookiecutter): Add other parts
 ./.github/labeler.yml:# TODO(cookiecutter): Add different parts of the source
-./.github/workflows/ci-pr.yaml:          # TODO(cookiecutter): Uncomment this for projects with private dependencies
-./.github/workflows/ci-pr.yaml:        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-./.github/workflows/ci.yaml:          # TODO(cookiecutter): Uncomment this for projects with private dependencies
-./.github/workflows/ci.yaml:        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-./.github/workflows/ci.yaml:        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-./.github/workflows/ci.yaml:        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-./.github/workflows/ci.yaml:        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-./.github/workflows/release-notes-check.yml:          # TODO(cookiecutter): Uncomment the following line for private repositories, otherwise remove it
 ./CODEOWNERS:# TODO(cookiecutter): Add more specific code-owners, check if the default is correct
 ./CODEOWNERS:* TODO(cookiecutter): Add codeowners (like @{github_org}/some-team)# Temporary, should probably change
 ./README.md:TODO(cookiecutter): Improve the README file

tests_golden/integration/test_cookiecutter_generation/actor/frequenz-actor-test/.cookiecutter-replay.json

@@ -8,6 +8,7 @@
     "keywords": "(comma separated: 'frequenz', <type> and <name> are included automatically)",
     "github_org": "frequenz-floss",
     "license": "MIT",
+    "private_repo": "no",
     "author_name": "Frequenz Energy-as-a-Service GmbH",
     "author_email": "floss@frequenz.com",
     "python_package": "frequenz.actor.test",
@@ -33,6 +34,10 @@
       "MIT",
       "Proprietary"
     ],
+    "private_repo": [
+      "{{ 'yes' if cookiecutter.license == 'Proprietary' else 'no' }}",
+      "{{ 'no' if cookiecutter.license == 'Proprietary' else 'yes' }}"
+    ],
     "author_name": "Frequenz Energy-as-a-Service GmbH",
     "author_email": "floss@frequenz.com",
     "python_package": "{{cookiecutter | python_package}}",

tests_golden/integration/test_cookiecutter_generation/actor/frequenz-actor-test/.github/workflows/ci-pr.yaml

@@ -25,20 +25,13 @@ jobs:
         with:
           python-version: "3.11"
           nox-session: ci_checks_max
-          # TODO(cookiecutter): Uncomment this for projects with private dependencies
-          # git-username: ${{ secrets.GIT_USER }}
-          # git-password: ${{ secrets.GIT_PASS }}
 
   test-docs:
     name: Test documentation website generation
     runs-on: ubuntu-24.04
     steps:
       - name: Setup Git
         uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
-        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-        # with:
-        #   username: ${{ secrets.GIT_USER }}
-        #   password: ${{ secrets.GIT_PASS }}
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

tests_golden/integration/test_cookiecutter_generation/actor/frequenz-actor-test/.github/workflows/ci.yaml

@@ -51,9 +51,6 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
           nox-session: ${{ matrix.nox-session }}
-          # TODO(cookiecutter): Uncomment this for projects with private dependencies
-          # git-username: ${{ secrets.GIT_USER }}
-          # git-password: ${{ secrets.GIT_PASS }}
 
   # This job runs if all the `nox` matrix jobs ran and succeeded.
   # It is only used to have a single job that we can require in branch
@@ -84,10 +81,6 @@ jobs:
     steps:
       - name: Setup Git
         uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
-        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-        # with:
-        #   username: ${{ secrets.GIT_USER }}
-        #   password: ${{ secrets.GIT_PASS }}
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -127,10 +120,6 @@ jobs:
     steps:
       - name: Setup Git
         uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
-        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-        # with:
-        #   username: ${{ secrets.GIT_USER }}
-        #   password: ${{ secrets.GIT_PASS }}
 
       - name: Print environment (debug)
         run: env
@@ -190,10 +179,6 @@ jobs:
     steps:
       - name: Setup Git
         uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
-        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-        # with:
-        #   username: ${{ secrets.GIT_USER }}
-        #   password: ${{ secrets.GIT_PASS }}
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -234,10 +219,6 @@ jobs:
     steps:
       - name: Setup Git
         uses: frequenz-floss/gh-action-setup-git@16952aac3ccc01d27412fe0dea3ea946530dcace # v1.0.0
-        # TODO(cookiecutter): Uncomment this for projects with private dependencies
-        # with:
-        #   username: ${{ secrets.GIT_USER }}
-        #   password: ${{ secrets.GIT_PASS }}
 
       - name: Fetch sources
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

tests_golden/integration/test_cookiecutter_generation/actor/frequenz-actor-test/.github/workflows/release-notes-check.yml

@@ -25,8 +25,6 @@ jobs:
         if: github.event_name == 'pull_request'
         uses: brettcannon/check-for-changed-files@871d7b8b5917a4f6f06662e2262e8ffc51dff6d1 # v1.2.1
         with:
-          # TODO(cookiecutter): Uncomment the following line for private repositories, otherwise remove it
-          # token: ${{ secrets.github_token }}
           file-pattern: "RELEASE_NOTES.md"
           prereq-pattern: "src/**"
           skip-label: "cmd:skip-release-notes"

tests_golden/integration/test_cookiecutter_generation/api-proprietary/frequenz-api-test/.cookiecutter-replay.json

@@ -0,0 +1,48 @@
+{
+  "cookiecutter": {
+    "Introduction": "",
+    "type": "api",
+    "name": "test",
+    "description": "Test description",
+    "title": "Frequenz Test API",
+    "keywords": "(comma separated: 'frequenz', <type> and <name> are included automatically)",
+    "github_org": "frequenz-floss",
+    "license": "Proprietary",
+    "private_repo": "yes",
+    "author_name": "Frequenz Energy-as-a-Service GmbH",
+    "author_email": "floss@frequenz.com",
+    "python_package": "frequenz.api.test",
+    "pypi_package_name": "frequenz-api-test",
+    "github_repo_name": "frequenz-api-test",
+    "default_codeowners": "(like @some-org/some-team; defaults to a team based on the repo type)"
+  },
+  "_cookiecutter": {
+    "Introduction": "{{cookiecutter | introduction}}",
+    "type": [
+      "api",
+      "actor",
+      "app",
+      "lib",
+      "model"
+    ],
+    "name": "test",
+    "description": "Test description",
+    "title": "{{cookiecutter | proj_title}}",
+    "keywords": "(comma separated: 'frequenz', <type> and <name> are included automatically)",
+    "github_org": "frequenz-floss",
+    "license": [
+      "Proprietary",
+      "MIT"
+    ],
+    "private_repo": [
+      "{{ 'yes' if cookiecutter.license == 'Proprietary' else 'no' }}",
+      "{{ 'no' if cookiecutter.license == 'Proprietary' else 'yes' }}"
+    ],
+    "author_name": "Frequenz Energy-as-a-Service GmbH",
+    "author_email": "floss@frequenz.com",
+    "python_package": "{{cookiecutter | python_package}}",
+    "pypi_package_name": "{{cookiecutter | pypi_package_name}}",
+    "github_repo_name": "{{cookiecutter | github_repo_name}}",
+    "default_codeowners": "(like @some-org/some-team; defaults to a team based on the repo type)"
+  }
+}