Skip to content

v0.17.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 30 Mar 10:51
· 51 commits to v0.x.x since this release
Immutable release. Only release title and notes can be modified.
v0.17.0
This tag was signed with the committer’s verified signature. The key has expired.
llucax Leandro Lucarella
GPG key ID: F75C5E5CA8EB7FE7
Expired
Verified
Learn about vigilant mode.
5814b77
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Frequenz Repository Configuration Release Notes

Summary

This release improves workflows security, adds a black migration workflow, and fixes failed migrations from version v0.16.0.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.

curl -sSLf https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/<tag>/cookiecutter/migrate.py | python3 -I

But you might still need to adapt your code:

New Features

Cookiecutter template

  • Add a black-migration.yaml workflow that automatically reformats code when Dependabot upgrades black.

Bug Fixes

Cookiecutter template

  • Fix migration of CI workflow matrices that used arch/os dimensions with values different from the default template. The v0.16.0 migration relied on exact string matching, so projects with customized matrix items (for example arch: [amd64], os: [ubuntu-24.04]) could be left only partially migrated. The new migration step rebuilds the platform entries from the existing arch/os values and only rewrites runs-on when it still points to the old matrix keys.
  • Improve workflows security: tighten permissions, avoid potential shell injection, run Python in isolated mode, pin all dependencies using the SHA hash.

What's Changed

  • Fix the cookiecutter migration script template by @llucax in #540
  • build(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 by @dependabot[bot] in #542
  • build(deps): bump the patch group with 5 updates by @dependabot[bot] in #543
  • build(deps-dev): bump the minor group with 2 updates by @dependabot[bot] in #544
  • Reset release notes and migration script by @llucax in #539
  • Improve workflows security by @llucax in #546
  • build(deps-dev): bump mkdocs-material from 9.7.5 to 9.7.6 in the patch group by @dependabot[bot] in #550
  • build(deps-dev): bump setuptools-scm from 9.2.2 to 10.0.3 by @dependabot[bot] in #552
  • build(deps-dev): update sybil requirement from <10,>=6.1.1 to >=6.1.1,<11 by @dependabot[bot] in #553
  • Add black auto-migration workflow by @llucax in #556
  • Handle private repos in workflow migration by @llucax in #548
  • migrate: Fix missed CI platform matrix migrations by @llucax in #549
  • Remove chardet pinning by @llucax in #554
  • Prepare for v0.17.0 release by @llucax in #557

Full Changelog: v0.16.0...v0.17.0

Contributors

llucax and dependabot
Assets 5
Loading