-
Notifications
You must be signed in to change notification settings - Fork 9
34 lines (30 loc) · 1.67 KB
/
dependabot-create-issues.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# This workflow opens issues for pull requests opened by dependabot.
# See for more info: https://github.com/actions/dependency-review-action
name: Create Dependabot Issues # from pull requests
on:
pull_request:
types: [opened]
branches: [main]
jobs:
create-issue:
runs-on: ubuntu-latest
permissions:
issues: write
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Create issue
uses: actions-cool/issues-helper@v3
with:
actions: 'create-issue'
token: ${{ secrets.GITHUB_TOKEN }}
title: ${{ github.event.pull_request.title }}
body: |
### Dependabot opened a pull request to update a dependency. Please review it: ${{ github.event.pull_request.html_url }}
- [ ] Comment on this issue tagging Chayn staff (@kyleecodes) to be assigned as a reviewer on the PR.
- [ ] Review the pull request. See GitHub Docs below for guidance. Check the files changed, dependency review, and workflow test runs.
- [ ] Verify tests and happy paths are functional by cloning the dependabot branch and running locally.
- [ ] If pull request does not pass tests, suggest changes or write comments in the review.
- [ ] When tests pass, approve changes to complete the review, then notify us in issue discussions so we can get this merged.
### Resources
GitHub Docs - Reviewing Pull Requests with Dependency Updates: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request
labels: 'dependencies'