From ff36e444cd2ecb817dcc0a50418d50991fe1fc0c Mon Sep 17 00:00:00 2001
From: jmeridth <jmeridth@gmail.com>
Date: Tue, 7 May 2024 18:54:34 -0500
Subject: [PATCH] chore: group dependabot dependency updates for minor/patch
 updates

Closes #123, Closes #124, Closes #125, Close #126, Close #127

To minimize the number of pull requests we get from dependabot, using
groups will help with this.  Still want major semver changes to be
single PRs so that stand out and we pay particular attention to them.

- [x] handle our multiple github action updates while in here.

Signed-off-by: jmeridth <jmeridth@gmail.com>
---
 .github/dependabot.yml                      | 18 ++++++++++++++++++
 .github/workflows/contributors_report.yaml  |  2 +-
 .github/workflows/docker-ci.yml             |  2 +-
 .github/workflows/major-version-updater.yml |  2 +-
 .github/workflows/pr-title.yml              |  2 +-
 .github/workflows/python-ci.yml             |  2 +-
 .github/workflows/release.yml               |  2 +-
 .github/workflows/scorecard.yml             |  6 +++---
 .github/workflows/super-linter.yaml         |  2 +-
 9 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9db8279..db56316 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,15 +7,33 @@ updates:
       interval: "daily"
     commit-message:
       prefix: "chore(deps)"
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
     commit-message:
       prefix: "chore(deps)"
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
       interval: "daily"
     commit-message:
       prefix: "chore(deps)"
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"
diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml
index e3e06e4..fb6b323 100644
--- a/.github/workflows/contributors_report.yaml
+++ b/.github/workflows/contributors_report.yaml
@@ -29,7 +29,7 @@ jobs:
           echo "END_DATE=$end_date" >> "$GITHUB_ENV"
 
       - name: Run contributor action
-        uses: github/contributors@832b6518181710ef277bc9ddafda6696e6b312bd
+        uses: github/contributors@fa291c69abb946173a963a32f20ee29e8a7b6775
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           START_DATE: ${{ env.START_DATE }}
diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml
index f618f97..4869567 100644
--- a/.github/workflows/docker-ci.yml
+++ b/.github/workflows/docker-ci.yml
@@ -14,6 +14,6 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Build the Docker image
         run: docker build . --file Dockerfile --platform linux/amd64
diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml
index fdfd737..ad80de1 100644
--- a/.github/workflows/major-version-updater.yml
+++ b/.github/workflows/major-version-updater.yml
@@ -15,7 +15,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: version
         id: version
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index 8331afd..50a04a8 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -20,7 +20,7 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
+      - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
index 2f14a85..cf0bca0 100644
--- a/.github/workflows/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -20,7 +20,7 @@ jobs:
       matrix:
         python-version: [3.11, 3.12]
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0437108..6398697 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,7 +62,7 @@
             registry: ${{ env.REGISTRY }}
             username: ${{ github.actor }}
             password: ${{ secrets.GITHUB_TOKEN }}
-        - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+        - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         - name: Push Docker Image
           if: ${{ success() }}
           uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index ac47aaf..62b75c5 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           persist-credentials: false
 
@@ -36,12 +36,12 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload artifact"
-        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml
index 930d201..1377371 100644
--- a/.github/workflows/super-linter.yaml
+++ b/.github/workflows/super-linter.yaml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           fetch-depth: 0
       - name: Install dependencies