From fe6e72a7360d926d3ca55db291e3d9f919938991 Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Tue, 7 May 2024 16:29:59 -0500
Subject: [PATCH] chore: group dependabot dependency updates for minor/patch
 updates

Closes #268, Closes #269, Closes #270, Close #271, Close #272

To minimize the number of pull requests we get from dependabot, using
groups will help with this.  Still want major semver changes to be
single PRs so that stand out and we pay particular attention to them.

- [x] handle our multiple github action updates while in here.

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/dependabot.yml                      | 18 ++++++++++++++++++
 .github/workflows/codeql-analysis.yml       |  2 +-
 .github/workflows/contributor_report.yaml   |  2 +-
 .github/workflows/docker-image.yml          |  2 +-
 .github/workflows/linter.yaml               |  2 +-
 .github/workflows/major-version-updater.yml |  2 +-
 .github/workflows/pr-title.yml              |  2 +-
 .github/workflows/python-package.yml        |  2 +-
 .github/workflows/release.yml               |  2 +-
 .github/workflows/scorecard.yml             |  6 +++---
 10 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 06abb02..9c47c59 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,15 +7,33 @@ updates:
       interval: "daily"
     commit-message:
       prefix: "chore(deps)"
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
     commit-message:
       prefix: "chore(deps)"
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
       interval: "daily"
     commit-message:
       prefix: "chore(deps)"
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 665e1d0..6a020cd 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -36,7 +36,7 @@ jobs:
         language: [ 'python' ]
     steps:
     - name: Checkout repository
-      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+      uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
     - name: Initialize CodeQL
       uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14
       with:
diff --git a/.github/workflows/contributor_report.yaml b/.github/workflows/contributor_report.yaml
index c3f14dc..2c528f4 100644
--- a/.github/workflows/contributor_report.yaml
+++ b/.github/workflows/contributor_report.yaml
@@ -28,7 +28,7 @@ jobs:
         echo "END_DATE=$end_date" >> "$GITHUB_ENV"
 
     - name: Run contributor action
-      uses: github/contributors@832b6518181710ef277bc9ddafda6696e6b312bd
+      uses: github/contributors@fa291c69abb946173a963a32f20ee29e8a7b6775
       env:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         START_DATE: ${{ env.START_DATE }}
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index f4d9291..55cae41 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -14,6 +14,6 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+    - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
     - name: Build the Docker image
       run: docker build . --file Dockerfile --platform linux/amd64 --tag issue-metrics:"$(date +%s)"
diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml
index e5ba162..08a3da6 100644
--- a/.github/workflows/linter.yaml
+++ b/.github/workflows/linter.yaml
@@ -18,7 +18,7 @@ jobs:
       statuses: write
     steps:
       - name: Checkout Code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           # Full git history is needed to get a proper
           # list of changed files within `super-linter`
diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml
index 58a85c5..6e5c012 100644
--- a/.github/workflows/major-version-updater.yml
+++ b/.github/workflows/major-version-updater.yml
@@ -15,7 +15,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: version
         id: version
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index 8331afd..50a04a8 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -20,7 +20,7 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
+      - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
index bdbdc87..a194b09 100644
--- a/.github/workflows/python-package.yml
+++ b/.github/workflows/python-package.yml
@@ -22,7 +22,7 @@ jobs:
         python-version: [3.11, 3.12]
 
     steps:
-    - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+    - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
       with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 42cb9c2..32649d4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,7 +62,7 @@
             registry: ${{ env.REGISTRY }}
             username: ${{ github.actor }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+        - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         - name: Push Docker Image
           if: ${{ success() }}
           uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index ac47aaf..00d8ce6 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           persist-credentials: false
 
@@ -36,12 +36,12 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload artifact"
-        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.24.9
         with:
           sarif_file: results.sarif