From e62f47550d10e76f601711c240a8e56f23ab67ae Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 17 Aug 2025 19:59:05 -0500
Subject: [PATCH 1/4] chore(deps): bump python from 3.13-slim to 3.13.7-slim in
 the dependencies group (#311)

* chore(deps): bump python in the dependencies group

Bumps the dependencies group with 1 update: python.


Updates `python` from 3.13-slim to 3.13.7-slim

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.13.7-slim
  dependency-type: direct:production
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: git version in Dockerfile

Signed-off-by: jmeridth <35014+jmeridth@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: jmeridth <35014+jmeridth@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jmeridth <35014+jmeridth@users.noreply.github.com>
---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 13e578e..cc948ee 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 #checkov:skip=CKV_DOCKER_2
 #checkov:skip=CKV_DOCKER_3
-FROM python:3.13-slim@sha256:6f79e7a10bb7d0b0a50534a70ebc78823f941fba26143ecd7e6c5dca9d7d7e8a
+FROM python:3.13.7-slim@sha256:8220ccec22e88cddd9a541cacd1bf48423bda8cdeb1015249e4b298edf86cdc7
 LABEL com.github.actions.name="contributors" \
     com.github.actions.description="GitHub Action that given an organization or repository, produces information about the contributors over the specified time period." \
     com.github.actions.icon="users" \
@@ -17,7 +17,7 @@ COPY requirements.txt *.py /action/workspace/
 
 RUN python3 -m pip install --no-cache-dir -r requirements.txt \
     && apt-get -y update \
-    && apt-get -y install --no-install-recommends git=1:2.39.5-0+deb12u2 \
+    && apt-get -y install --no-install-recommends git=1:2.47.2-0.2 \
     && rm -rf /var/lib/apt/lists/*
 
 CMD ["/action/workspace/contributors.py"]

From eb64da25ca2e7323be5c86e5fbe3c6f327920280 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Aug 2025 01:21:28 +0000
Subject: [PATCH 2/4] chore(deps): bump the dependencies group with 2 updates

Bumps the dependencies group with 2 updates: [github/contributors](https://github.com/github/contributors) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/contributors` from 1.5.10 to 1.5.11
- [Release notes](https://github.com/github/contributors/releases)
- [Commits](https://github.com/github/contributors/compare/34fad9a6770332457ef52dfefc24a282ff47e929...69e531b620b7e5b0fad2e9823681607b54db447a)

Updates `github/codeql-action` from 3.29.8 to 3.29.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/76621b61decf072c1cee8dd1ce2d2a82d33c17ed...df559355d593797519d70b90fc8edd5db049e7a2)

---
updated-dependencies:
- dependency-name: github/contributors
  dependency-version: 1.5.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-version: 3.29.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/contributors_report.yaml | 2 +-
 .github/workflows/scorecard.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml
index 1c44273..3f9a1b0 100644
--- a/.github/workflows/contributors_report.yaml
+++ b/.github/workflows/contributors_report.yaml
@@ -30,7 +30,7 @@ jobs:
           echo "END_DATE=$end_date" >> "$GITHUB_ENV"
 
       - name: Run contributor action
-        uses: github/contributors@34fad9a6770332457ef52dfefc24a282ff47e929
+        uses: github/contributors@69e531b620b7e5b0fad2e9823681607b54db447a
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           START_DATE: ${{ env.START_DATE }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index a3c3254..9722392 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -42,6 +42,6 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
+        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.5
         with:
           sarif_file: results.sarif

From 22953ca71acd1f3340384e15d90c247ee398b320 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 17 Aug 2025 20:46:45 -0500
Subject: [PATCH 3/4] chore(deps): bump actions/checkout from 4.2.2 to 5.0.0
 (#313)

---
 .github/workflows/docker-ci.yml     | 2 +-
 .github/workflows/python-ci.yml     | 2 +-
 .github/workflows/scorecard.yml     | 2 +-
 .github/workflows/super-linter.yaml | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml
index 14cc976..ec1a05c 100644
--- a/.github/workflows/docker-ci.yml
+++ b/.github/workflows/docker-ci.yml
@@ -14,6 +14,6 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v5.0.0
       - name: Build the Docker image
         run: docker build . --file Dockerfile --platform linux/amd64
diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
index 22e4de0..9878b08 100644
--- a/.github/workflows/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -20,7 +20,7 @@ jobs:
       matrix:
         python-version: [3.11, 3.12]
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v5.0.0
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v5.6.0
         with:
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index a3c3254..195e93f 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml
index 7105f0a..83e28ac 100644
--- a/.github/workflows/super-linter.yaml
+++ b/.github/workflows/super-linter.yaml
@@ -18,7 +18,7 @@ jobs:
       statuses: write
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           fetch-depth: 0
       - name: Install dependencies

From 464f172932ab3d42ff81ceac50f66e525281c69a Mon Sep 17 00:00:00 2001
From: jmeridth <35014+jmeridth@users.noreply.github.com>
Date: Wed, 20 Aug 2025 17:57:46 -0500
Subject: [PATCH 4/4] feat: copilot files (instructions and setup steps)

This ensures that when we have the copilot agent writing PRs, it sets up its environment correctly and understands our standards for coding.

- Copilot Instructions file ([docs](https://docs.github.com/en/enterprise-cloud@latest/copilot/how-tos/agents/copilot-coding-agent/best-practices-for-using-copilot-to-work-on-tasks#adding-custom-instructions-to-your-repository))
- Copilot Setup Steps ([docs](https://docs.github.com/en/copilot/how-tos/agents/copilot-coding-agent/customizing-the-development-environment-for-copilot-coding-agent#preinstalling-tools-or-dependencies-in-copilots-environment))

Already added to [Evergreen](https://github.com/github/evergreen/pull/382)

Signed-off-by: jmeridth <35014+jmeridth@users.noreply.github.com>
---
 .github/copilot-instructions.md           | 30 ++++++++++++++++++
 .github/workflows/copilot-setup-steps.yml | 38 +++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 .github/copilot-instructions.md
 create mode 100644 .github/workflows/copilot-setup-steps.yml

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
new file mode 100644
index 0000000..175606a
--- /dev/null
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,30 @@
+# Copilot Instructions
+
+This is a GitHub Action that given an organization or specified repositories, produces information about the [contributors](https://chaoss.community/kb/metric-contributors/) over the specified time period.
+
+## Code Standards
+
+### Required Before Each Commit
+
+- Run `make lint` before committing any changes to ensure proper code linting and formatting.
+
+### Development Flow
+
+- Lint: `make lint`
+- Test: `make test`
+
+## Repository Structure
+
+- `Makefile`: Contains commands for linting, testing, and other tasks
+- `requirements.txt`: Python dependencies for the project
+- `requirements-test.txt`: Python dependencies for testing
+- `README.md`: Project documentation and setup instructions
+- `setup.py`: Python package setup configuration
+- `test_*.py`: Python test files matching the naming convention for test discovery
+
+## Key Guidelines
+
+1. Follow Python best practices and idiomatic patterns
+2. Maintain existing code structure and organization
+3. Write unit tests for new functionality.
+4. Document changes to environment variables in the `README.md` file.
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
new file mode 100644
index 0000000..cddb8d9
--- /dev/null
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -0,0 +1,38 @@
+name: "Copilot Setup Steps"
+
+# Automatically run the setup steps when they are changed to allow for easy validation, and
+# allow manual testing through the repository's "Actions" tab
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+# Set the permissions to the lowest permissions possible needed for your steps.
+# Copilot will be given its own token for its operations.
+permissions:
+  # If you want to clone the repository as part of your setup steps, for example to install dependencies, you'll need the `contents: read` permission. If you don't clone the repository in your setup steps, Copilot will do this for you automatically after the steps complete.
+  contents: read
+
+jobs:
+  # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot.
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+
+    # You can define any steps you want, and they will run before the agent starts.
+    # If you do not check out your code, Copilot will do this for you.
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5.0.0
+
+      - name: Set up Python
+        uses: actions/setup-python@v5.6.0
+        with:
+          python-version: 3.12
+
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt -r requirements-test.txt