Add ability to create a Change Log fragment file

[tjanez]

At @oasisprotocol, we use the towncrier tool to automatically assemble the Change Log (an example for the Oasis Core 20.11 release) from the Change Log Fragments when preparing a new release.

We have a CI check that ensures each pull request has a corresponding Change Log fragment and now we need to manually amend each Dependabot's pull request with a Change Log fragment file.

It would be great if Dependabot supported creating a file at a given location that would include the same line as in git commit message's subject.

For example, for the following git commit message:

ci: bump actions/setup-python from v1 to v2.1.3

Bumps [actions/setup-python](https://github.com/actions/setup-python) from v1 to v2.1.3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/[email protected])

Signed-off-by: dependabot[bot] <[email protected]>

it would create a file at .changelog/<PR-number>.internal.md with the following contents:

ci: bump actions/setup-python from v1 to v2.1.3

where the file's location and name template would be configurable.

[jurre]

This doesn't seem like something we'll likely add to dependabot, but you could certainly write a GitHub Action to do this for you rather than manually doing it each time, we do something similar internally for license information. Here's an example as inspiration:

name: Dependabot
on:
  push:
    branches:
      - "dependabot/**"

jobs:
  ci-image:
    name: Change log fragment
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 1
          ref: ${{ github.event.pull_request.head.ref }}
      - name: Configure git
        run: |
          git config --local user.email "$(git log --pretty='%ae' -1)"
          git config --local user.name "Dependabot[bot]"
          git checkout ${{ github.event.pull_request.head.ref }}
      - name: Do things
        run: |
          # Parse the dependency
          commit_message=$(git show -s --format=%B ${{ github.event.pull_request.head.sha }} | head -1)
          dependency_name=$(sed -nE 's/Bump (.*) from.*/\1/p' <(echo $commit_message))
          # Grab the version and write it to a file.. I don't have any code handy but should be similar to ^
      - name: Commit
        run: |
          git add .changelog/<PR-number>.internal.md
          lockfile_changed=$(git status | grep 'Gemfile_next.lock\|vendor/licenses/bundler/')
          git commit -m "[dependabot skip] Add fragment"
      - name: Push changes back to branch
        run: |
          git push origin ${{ github.event.pull_request.head.ref }}

These are just snippets of things I had laying around, you may want to change/omit parts of that to fit your usecase

Handy tip is to include [dependabot skip] in the commit message, so Dependabot will still rebase the PR and not complain that it has been edited. The action will run again after Dependabot force pushes to the branch.

Hope that helps

[tjanez]

@jurre, thanks for your suggestion!

I agree that this is probably too niche to be added to Dependabot directly and automating it via a GitHub Action is a great idea. I'll give it a try.

[Tjitse-E]

@jurre what are your thoughts on implementing changelog edits with Github Actions after this change from Github?

I've switched to the 'pull_request_target' event because on the 'push' event git push doesn't work anymore (probably due to the permissions change of last februari). This poses a new problem, because the workflow isn't executed when Dependabot commits to the PR.

[jeffwidman]

Closing, as recommended above, a GitHub action is the best way to accomplish this.