github · zkoppert · Feb 2, 2024 · Jan 31, 2024
@@ -41,7 +41,7 @@ Below are the allowed configuration options:
 | `EXEMPT_REPOS`        | False    |   ""    |  These repositories will be exempt from this action considering them for dependabot enablement. ex: If my org is set to `github` then I might want to exempt a few of the repos but get the rest by setting `EXEMPT_REPOS` to ``github/evergreen,github/contributors` |
 | `TYPE`                | False    | pull    | Type refers to the type of action you want taken if this workflow determines that dependabot could be enabled. Valid values are `pull` or `issue`.|
 | `TITLE`               | False    | "Enable Dependabot" | The title of the issue or pull request that will be created if dependabot could be enabled. |
-| `BODY`                | False    | "Dependabot could be enabled for this repository. Please enable it by merging this pull request so that we can keep our dependencies up to date and secure." | The body of the issue or pull request that will be created if dependabot could be enabled. |
+| `BODY`                | False    | **Pull Request:** "Dependabot could be enabled for this repository. Please enable it by merging this pull request so that we can keep our dependencies up to date and secure." **Issue:** "Please update the repository to include a Dependabot configuration file. This will ensure our dependencies remain updated and secure.Follow the guidelines in [creating Dependabot configuration files](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) to set it up properly.Here's an example of the code:" | The body of the issue or pull request that will be created if dependabot could be enabled. |
 | `COMMIT_MESSAGE`      | False    | "Create dependabot.yaml" | The commit message for the pull request that will be created if dependabot could be enabled. |
 | `CREATED_AFTER_DATE`          | False    | none       | If a value is set, this action will only consider repositories created on or after this date for dependabot enablement. This is useful if you want to only consider newly created repositories. If I set up this action to run weekly and I only want to scan for repos created in the last week that need dependabot enabled, then I would set `CREATED_AFTER_DATE` to 7 days ago. That way only repositories created after 7 days ago will be considered for dependabot enablement. If not set or set to nothing, all repositories will be scanned and a duplicate issue/pull request may occur. Ex: 2023-12-31 for Dec. 31st 2023 |
 | `PROJECT_ID`          | False    | ""     | If set, this will assign the issue or pull request to the project with the given ID. ( The project ID on GitHub can be located by navigating to the respective project and observing the URL's end.) **The `ORGANIZATION` variable is required** |

@@ -99,14 +99,23 @@ def get_env_vars() -> (
         title = "Enable Dependabot"
 
     body = os.getenv("BODY")
-    # make sure that body is a string with less than 65536 characters
-    if body:
-        if len(body) > 65536:
-            raise ValueError("BODY environment variable is too long")
-    else:
-        body = "Dependabot could be enabled for this repository. \
-Please enable it by merging this pull request \
-so that we can keep our dependencies up to date and secure."
+    if body and len(body) > 65536:
+        raise ValueError("BODY environment variable is too long")
+
+    if not body:
+        default_bodies = {
+            "pull": "Dependabot could be enabled for this repository. \
+Please enable it by merging this pull request so that we can keep our dependencies up to date and secure.",
+            "issue": (
+                "Please update the repository to include a Dependabot configuration file.\n"
+                "This will ensure our dependencies remain updated and secure.\n"
+                "Follow the guidelines in [creating Dependabot configuration files]"
+                "(https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) "
+                "to set it up properly.\n\n"
+                "Here's an example of the code:"
+            ),
+        }
+        body = body = default_bodies[follow_up_type]
 
     commit_message = os.getenv("COMMIT_MESSAGE")
     if commit_message:

@@ -95,7 +95,14 @@ def main():  # pragma: no cover
             skip = check_pending_issues_for_duplicates(title, repo)
             if not skip:
                 count_eligible += 1
-                issue = repo.create_issue(title, body)
+                body_issue = (
+                    body
+                    + "\n\n```yaml\n"
+                    + "# .github/dependabot.yml\n"
+                    + dependabot_file
+                    + "\n```"
+                )
+                issue = repo.create_issue(title, body_issue)
                 print("\tCreated issue " + issue.html_url)
                 if project_id:
                     issue_id = get_global_issue_id(