WIP: test new dependabot strategy

Signed-off-by: Jussi Kukkonen <[email protected]>

.github/dependabot.yml

@@ -4,13 +4,35 @@ updates:
 - package-ecosystem: "pip"
   directory: "/"
   schedule:
-    interval: "daily"
-    time: "10:00"
+    interval: "weekly"
   open-pull-requests-limit: 10
+  groups:
+    build-and-release-dependencies:
+      # Python dependencies known to be critical to our build/release security
+      patterns:
+        - "build"
+    test-and-lint-dependencies:
+      # Python dependencies that are only pinned to ensure test reproducibility
+      patterns:
+        - "black"
+        - "isort"
+        - "pylint"
+        - "mypy"
+        - "bandit"
+        - "pydocstyle"
+    dependencies:
+      # Python (developer) runtime dependencies. Also any new dependencies not
+      # caught by earlier groups
+      patterns:
+        - "*"
+
 
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: "daily"
-    time: "10:00"
+    interval: "weekly"
   open-pull-requests-limit: 10
+  groups:
+    action-dependencies:
+    patterns:
+      - "*"