Create Issues Automatically with Dependabot

I recently coached a DevOps hackathon where one of the success criteria was “Every PR must have an associated Issue”. This is easy to enforce in Azure DevOps, and while it can’t be currently enforced in GitHub, it’s possible to use this GitHub Action to verify that all pull requests in your repo contain a reference to an issue.

All fine and good, except that when I turned on Dependabot for my repo, I realized that Dependabot only creates pull requests, but it does not create issues, which doesn’t meet my success criteria. Well, GitHub workflows to the rescue! The following workflow will create an issue whenever Dependabot opens a PR:

name: CreateDependabotIssue
on:
  workflow_dispatch:
  pull_request:
    branches:
      - master
    types: [ opened, reopened]

jobs:
  issue:
      runs-on: ubuntu-latest
      env:
        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
      steps:
        - uses: actions/checkout@v2
          if: github.event.pull_request.user.login  == 'dependabot[bot]'
          
        - name: Open issue if Dependabot PR
          if: github.event.pull_request.user.login  == 'dependabot[bot]'
          env:
            pr_title: ${{github.event.pull_request.title}}
            pr_number: ${{github.event.pull_request.number}}
            pr_url: ${{github.event.pull_request.url}}
          run: |
            title="Dependabot PR $pr_title opened"
            body="Dependabot has opened PR #$pr_number
            Link: $pr_url"
            gh issue create --title "$title" --body "$body"