Configurable commit message

README.md

@@ -42,6 +42,7 @@ Below are the allowed configuration options:
 | `TYPE`                | False    | pull    | Type refers to the type of action you want taken if this workflow determines that dependabot could be enabled. Valid values are `pull` or `issue`.|
 | `TITLE`               | False    | "Enable Dependabot" | The title of the issue or pull request that will be created if dependabot could be enabled. |
 | `BODY`                | False    | "Dependabot could be enabled for this repository. Please enable it by merging this pull request so that we can keep our dependencies up to date and secure." | The body of the issue or pull request that will be created if dependabot could be enabled. |
+| `COMMIT_MESSAGE`      | False    | "Create dependabot.yaml" | The commit message for the pull request that will be created if dependabot could be enabled. |
 | `CREATED_AFTER_DATE`          | False    | none       | If a value is set, this action will only consider repositories created on or after this date for dependabot enablement. This is useful if you want to only consider newly created repositories. If I set up this action to run weekly and I only want to scan for repos created in the last week that need dependabot enabled, then I would set `CREATED_AFTER_DATE` to 7 days ago. That way only repositories created after 7 days ago will be considered for dependabot enablement. If not set or set to nothing, all repositories will be scanned and a duplicate issue/pull request may occur. Ex: 2023-12-31 for Dec. 31st 2023 |
 | `DRY_RUN`             | False    | false   | If set to true, this action will not create any issues or pull requests. It will only log the repositories that could have dependabot enabled. This is useful for testing. |
 

env.py

@@ -9,7 +9,9 @@
 
 
 def get_env_vars() -> (
-    tuple[str | None, list[str], str, str, list[str], str, str, str, str | None, bool]
+    tuple[
+        str | None, list[str], str, str, list[str], str, str, str, str | None, bool, str
+    ]
 ):
     """
     Get the environment variables for use in the action.
@@ -28,6 +30,7 @@ def get_env_vars() -> (
         body (str): The body of the follow up
         created_after_date (str): The date to filter repositories by
         dry_run (bool): Whether or not to actually open issues/pull requests
+        commit_message (str): The commit message of the follow up
 
     """
     # Load from .env file if it exists
@@ -94,6 +97,13 @@ def get_env_vars() -> (
 Please enable it by merging this pull request \
 so that we can keep our dependencies up to date and secure."
 
+    commit_message = os.getenv("COMMIT_MESSAGE")
+    if commit_message:
+        if len(commit_message) > 65536:
+            raise ValueError("COMMIT_MESSAGE environment variable is too long")
+    else:
+        commit_message = "Create dependabot.yaml"
+
     created_after_date = os.getenv("CREATED_AFTER_DATE")
     # make sure that created_after_date is a date in the format YYYY-MM-DD
     if created_after_date and len(created_after_date) != 10:
@@ -119,4 +129,5 @@ def get_env_vars() -> (
         body,
         created_after_date,
         dry_run_bool,
+        commit_message,
     )

evergreen.py

@@ -24,6 +24,7 @@ def main():  # pragma: no cover
         body,
         created_after_date,
         dry_run,
+        commit_message,
     ) = env.get_env_vars()
 
     # Auth to GitHub.com or GHE
@@ -94,7 +95,9 @@ def main():  # pragma: no cover
             # Create a dependabot.yaml file, a branch, and a PR
             if not skip:
                 try:
-                    pull = commit_changes(title, body, repo, dependabot_file)
+                    pull = commit_changes(
+                        title, body, repo, dependabot_file, commit_message
+                    )
                     print("\tCreated pull request " + pull.html_url)
                 except github3.exceptions.NotFoundError:
                     print("\tFailed to create pull request. Check write permissions.")
@@ -171,7 +174,7 @@ def check_pending_issues_for_duplicates(title, repo) -> bool:
     return skip
 
 
-def commit_changes(title, body, repo, dependabot_file):
+def commit_changes(title, body, repo, dependabot_file, message):
     """Commit the changes to the repo and open a pull reques and return the pull request object"""
     default_branch = repo.default_branch
     # Get latest commit sha from default branch
@@ -181,7 +184,7 @@ def commit_changes(title, body, repo, dependabot_file):
     repo.create_ref(front_matter + branch_name, default_branch_commit)
     repo.create_file(
         path=".github/dependabot.yaml",
-        message="Create dependabot.yaml",
+        message=message,
         content=dependabot_file.encode(),  # Convert to bytes object
         branch=branch_name,
     )

test_env.py

@@ -19,6 +19,7 @@ class TestEnv(unittest.TestCase):
             "TITLE": "Dependabot Alert custom title",
             "BODY": "Dependabot custom body",
             "CREATED_AFTER_DATE": "2023-01-01",
+            "COMMIT_MESSAGE": "Create dependabot configuration",
         },
     )
     def test_get_env_vars_with_org(self):
@@ -34,6 +35,7 @@ def test_get_env_vars_with_org(self):
             "Dependabot custom body",
             "2023-01-01",
             False,
+            "Create dependabot configuration",
         )
         result = get_env_vars()
         self.assertEqual(result, expected_result)
@@ -49,6 +51,7 @@ def test_get_env_vars_with_org(self):
             "BODY": "Dependabot custom body",
             "CREATED_AFTER_DATE": "2023-01-01",
             "DRY_RUN": "true",
+            "COMMIT_MESSAGE": "Create dependabot configuration",
         },
         clear=True,
     )
@@ -65,6 +68,7 @@ def test_get_env_vars_with_repos(self):
             "Dependabot custom body",
             "2023-01-01",
             True,
+            "Create dependabot configuration",
         )
         result = get_env_vars()
         self.assertEqual(result, expected_result)
@@ -91,6 +95,7 @@ def test_get_env_vars_optional_values(self):
 we can keep our dependencies up to date and secure.",
             None,
             False,
+            "Create dependabot.yaml",
         )
         result = get_env_vars()
         self.assertEqual(result, expected_result)
@@ -137,6 +142,7 @@ def test_get_env_vars_with_repos_no_dry_run(self):
 we can keep our dependencies up to date and secure.",
             None,
             False,
+            "Create dependabot.yaml",
         )
         result = get_env_vars()
         self.assertEqual(result, expected_result)

test_evergreen.py

@@ -201,15 +201,16 @@ def test_commit_changes(self, mock_uuid):
         body = "Test Body"
         dependabot_file = 'dependencies:\n  - package_manager: "python"\n    directory: "/"\n    update_schedule: "live"'
         branch_name = "dependabot-12345678-1234-5678-1234-567812345678"
-        result = commit_changes(title, body, mock_repo, dependabot_file)
+        commit_message = "Create dependabot.yaml"
+        result = commit_changes(title, body, mock_repo, dependabot_file, commit_message)
 
         # Assert that the methods were called with the correct arguments
         mock_repo.create_ref.assert_called_once_with(
             f"refs/heads/{branch_name}", "abc123"
         )
         mock_repo.create_file.assert_called_once_with(
             path=".github/dependabot.yaml",
-            message="Create dependabot.yaml",
+            message=commit_message,
             content=dependabot_file.encode(),
             branch=branch_name,
         )