Bump the repo-config group with 2 updates

[dependabot]

Bumps the repo-config group with 2 updates: frequenz-repo-config[lib] and frequenz-repo-config[extra-lint-examples].

Updates frequenz-repo-config[lib] from 0.13.8 to 0.14.0

Release notes

Sourced from frequenz-repo-config[lib]'s releases.

v0.14.0

Frequenz Repository Configuration Release Notes

Summary

This release adds a new workflow for Dependabot auto-merge and updates mkdocstrings to v2.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.

curl -sSL https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py | python3

But you might still need to adapt your code, just have a look at the script output for further instructions.

New Features

• mkdocsstrings-python v2 is now supported.

Cookiecutter template

• Dependencies have been updated.
• New warning ignores for protobuf gencode versions in pytest.
• Added Dependabot auto-merge workflow using frequenz-floss/dependabot-auto-approve action.

Bug Fixes

Cookiecutter template

• mkdocstrings: Move paths key to the right section in mkdocs.yml.
• Fix invalid YAML syntax in Dependabot workflow template.

What's Changed

• Bump types-pyyaml from 6.0.12.20250402 to 6.0.12.20250516 by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#410
• Bump the patch group with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#408
• Bump the minor group with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#409
• Improve filtering of warnings in pytest by @​llucax in frequenz-floss/frequenz-repo-config-python#411
• Fix mkdocsstrings config by @​llucax in frequenz-floss/frequenz-repo-config-python#412
• Merge v0.13.x into v0.x.x by @​llucax in frequenz-floss/frequenz-repo-config-python#420
• Bump the patch group with 3 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#424
• Bump the minor group with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#423
• Update templates dependencies by @​llucax in frequenz-floss/frequenz-repo-config-python#431
• Bump types-markdown from 3.8.0.20250415 to 3.8.0.20250708 by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#430
• Bump mypy from 1.16.1 to 1.17.1 in the minor group by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#428
• Bump the mkdocstrings group across 1 directory with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#432

... (truncated)

Changelog

Sourced from frequenz-repo-config[lib]'s changelog.

Frequenz Repository Configuration Release Notes

Summary

This release migrates lightweight GitHub Actions workflow jobs to use the new cost-effective ubuntu-slim runner. It also updates cookiecutter pyproject license metadata to SPDX expressions to avoid setuptools deprecation warnings. The auto-dependabot workflow now uses a GitHub App installation token instead of GITHUB_TOKEN to fix merge queue and auto-merge failures.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.

curl -sSL https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py | python3

But you might still need to adapt your code:

New Features

Cookiecutter template

• Migrated lightweight workflow jobs to use the new ubuntu-slim runner for cost savings. The following jobs now use ubuntu-slim:

  • ci.yaml: protolint, nox-all, test-installation-all, create-github-release, publish-to-pypi
  • ci-pr.yaml: protolint
  • auto-dependabot.yaml: auto-merge
  • release-notes-check.yml: check-release-notes
  • dco-merge-queue.yml: DCO
  • labeler.yml: Label

• Added the flake8-datetimez plugin to the flake8 session. This plugin prevents accidental use of naive datetime objects by flagging calls that create or return datetimes without timezone information.

• The CI workflow now uses a simpler matrix.

Bug Fixes

Cookiecutter template

• Switched project.license to SPDX expressions and added project.license-files. This removes deprecated setuptools license metadata and avoids build warnings.

... (truncated)

Commits

• a72bd53 Update mypy-protobuf requirement from <4,>=3.0.0 to >=3.0.0,<5 (#489)
• 10341d6 template: Bump protobuf and grpcio to latest versions
• af44767 Update mypy-protobuf requirement from <4,>=3.0.0 to >=3.0.0,<5
• 8a4e067 Prepare for release v0.14.0 (#490)
• 73dc4ef Prepare for release v0.14.0
• 3d86e08 Bump actions/download-artifact from 5 to 6 (#460)
• 5894e50 Bump pydoclint from 0.7.3 to 0.8.3 (#477)
• 4a81cbb Bump frequenz-floss/gh-action-nox from 1.0.1 to 1.1.0 in the compatible group...
• 41b3a2c Bump pytest from 9.0.1 to 9.0.2 in the patch group (#487)
• c2bbc77 Bump the minor group with 7 updates (#488)
• Additional commits viewable in compare view

Updates frequenz-repo-config[extra-lint-examples] from 0.13.8 to 0.14.0

Release notes

Sourced from frequenz-repo-config[extra-lint-examples]'s releases.

v0.14.0

Frequenz Repository Configuration Release Notes

Summary

This release adds a new workflow for Dependabot auto-merge and updates mkdocstrings to v2.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.

curl -sSL https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py | python3

But you might still need to adapt your code, just have a look at the script output for further instructions.

New Features

• mkdocsstrings-python v2 is now supported.

Cookiecutter template

• Dependencies have been updated.
• New warning ignores for protobuf gencode versions in pytest.
• Added Dependabot auto-merge workflow using frequenz-floss/dependabot-auto-approve action.

Bug Fixes

Cookiecutter template

• mkdocstrings: Move paths key to the right section in mkdocs.yml.
• Fix invalid YAML syntax in Dependabot workflow template.

What's Changed

• Bump types-pyyaml from 6.0.12.20250402 to 6.0.12.20250516 by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#410
• Bump the patch group with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#408
• Bump the minor group with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#409
• Improve filtering of warnings in pytest by @​llucax in frequenz-floss/frequenz-repo-config-python#411
• Fix mkdocsstrings config by @​llucax in frequenz-floss/frequenz-repo-config-python#412
• Merge v0.13.x into v0.x.x by @​llucax in frequenz-floss/frequenz-repo-config-python#420
• Bump the patch group with 3 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#424
• Bump the minor group with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#423
• Update templates dependencies by @​llucax in frequenz-floss/frequenz-repo-config-python#431
• Bump types-markdown from 3.8.0.20250415 to 3.8.0.20250708 by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#430
• Bump mypy from 1.16.1 to 1.17.1 in the minor group by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#428
• Bump the mkdocstrings group across 1 directory with 2 updates by @​dependabot[bot] in frequenz-floss/frequenz-repo-config-python#432

... (truncated)

Changelog

Sourced from frequenz-repo-config[extra-lint-examples]'s changelog.

Frequenz Repository Configuration Release Notes

Summary

This release migrates lightweight GitHub Actions workflow jobs to use the new cost-effective ubuntu-slim runner. It also updates cookiecutter pyproject license metadata to SPDX expressions to avoid setuptools deprecation warnings. The auto-dependabot workflow now uses a GitHub App installation token instead of GITHUB_TOKEN to fix merge queue and auto-merge failures.

Upgrading

Cookiecutter template

All upgrading should be done via the migration script or regenerating the templates.

curl -sSL https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py | python3

But you might still need to adapt your code:

New Features

Cookiecutter template

• Migrated lightweight workflow jobs to use the new ubuntu-slim runner for cost savings. The following jobs now use ubuntu-slim:

  • ci.yaml: protolint, nox-all, test-installation-all, create-github-release, publish-to-pypi
  • ci-pr.yaml: protolint
  • auto-dependabot.yaml: auto-merge
  • release-notes-check.yml: check-release-notes
  • dco-merge-queue.yml: DCO
  • labeler.yml: Label

• Added the flake8-datetimez plugin to the flake8 session. This plugin prevents accidental use of naive datetime objects by flagging calls that create or return datetimes without timezone information.

• The CI workflow now uses a simpler matrix.

Bug Fixes

Cookiecutter template

• Switched project.license to SPDX expressions and added project.license-files. This removes deprecated setuptools license metadata and avoids build warnings.

... (truncated)

Commits

• a72bd53 Update mypy-protobuf requirement from <4,>=3.0.0 to >=3.0.0,<5 (#489)
• 10341d6 template: Bump protobuf and grpcio to latest versions
• af44767 Update mypy-protobuf requirement from <4,>=3.0.0 to >=3.0.0,<5
• 8a4e067 Prepare for release v0.14.0 (#490)
• 73dc4ef Prepare for release v0.14.0
• 3d86e08 Bump actions/download-artifact from 5 to 6 (#460)
• 5894e50 Bump pydoclint from 0.7.3 to 0.8.3 (#477)
• 4a81cbb Bump frequenz-floss/gh-action-nox from 1.0.1 to 1.1.0 in the compatible group...
• 41b3a2c Bump pytest from 9.0.1 to 9.0.2 in the patch group (#487)
• c2bbc77 Bump the minor group with 7 updates (#488)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Repo Config Migration

Update: 0.13.8 → 0.14.0

✅ Migration completed successfully.

Migration output

=== v0.14.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py

========================================================================
Creating Dependabot auto-merge workflow...
Created/Updated Dependabot auto-merge workflow at .github/workflows/auto-dependabot.yaml
========================================================================
Disabling CODEOWNERS review requirement in GitHub ruleset...
Default branch: v0.x.x
Found ruleset ID: 4521486
CODEOWNERS review requirement already disabled.
========================================================================
Updating the mkdocs.yml for mkdocstrings-python v2 compatibility...
========================================================================
Migration script finished. Remember to follow any manual instructions.
========================================================================

---

📋 Full migration logs

[llucax]

I'm actually blocking this from merging because the v0.14.0 migration is breaking the auto-dependabot workflow again 😬

[llucax]

@dependabot recreate

[llucax]

@dependabot recreate

[github-actions]

Repo Config Migration

Update: 0.13.8 → 0.14.0

✅ Migration completed successfully.

Migration output

=== v0.14.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py

========================================================================
Creating Dependabot auto-merge workflow...
Created/Updated Dependabot auto-merge workflow at .github/workflows/auto-dependabot.yaml
========================================================================
Disabling CODEOWNERS review requirement in GitHub ruleset...
Default branch: v0.x.x
Found ruleset ID: 4521486
CODEOWNERS review requirement already disabled.
========================================================================
Updating the mkdocs.yml for mkdocstrings-python v2 compatibility...
========================================================================
Migration script finished. Remember to follow any manual instructions.
========================================================================

---

📋 Full migration logs

[llucax]

@dependabot recreate

[llucax]

@dependabot rebase

[github-actions]

Repo Config Migration

Update: 0.13.8 → 0.14.0

✅ Migration completed successfully.

Migration output

=== v0.14.0 =========================================================
Script URL: https://raw.githubusercontent.com/frequenz-floss/frequenz-repo-config-python/v0.14.0/cookiecutter/migrate.py

========================================================================
Creating Dependabot auto-merge workflow...
Created/Updated Dependabot auto-merge workflow at .github/workflows/auto-dependabot.yaml
========================================================================
Disabling CODEOWNERS review requirement in GitHub ruleset...
Failed to get default branch: Command '['gh', 'api', 'repos/:owner/:repo', '--jq', '.default_branch']' returned non-zero exit status 1.
>>> Failed to get default branch. Please manually disable the CODEOWNERS review requirement in the 'Protect version branches' ruleset at: GitHub repository settings > Rules
========================================================================
Updating the mkdocs.yml for mkdocstrings-python v2 compatibility...
========================================================================
Migration script finished. Remember to follow any manual instructions.
========================================================================

---

📋 Full migration logs

[llucax]

OK, it looks like this is finally working. It needs manual approval (from someone else) now because I pushed some changes to revert updates to the auto-dependabot workflow as it already contained some fixes we'll ship in repo-config v0.15.

[llucax]

Approving to revert the change requests, but someone else needs to approve because I'm the last pusher.

[llucax]

You're not authorized to push to this branch.

Dammit! Now what? 😭

[llucax]

I don't get it, the app does have push permissions (contents: write). It doesn't have "merge queues" permissions, maybe that's needed too for merge queues?