feat: publish a pull request with updates

3 files changed, 68 insertions, 2 deletions

diff --git a/lib/dependabot/cli/scan.rb b/lib/dependabot/cli/scan.rb
index 9e8b35e..7892482 100644
--- a/lib/dependabot/cli/scan.rb
+++ b/lib/dependabot/cli/scan.rb
@@ -3,7 +3,7 @@
 module Dependabot
   module CLI
     class Scan
-      attr_reader :path
+      attr_reader :path, :options
 
       def initialize(path, options)
         @path = ::Pathname.new(path)
@@ -48,11 +48,58 @@ module Dependabot
         git.checkout(branch: branch_name)
         yield git
         git.commit(all: true, message: "chore: Update #{dependency.name}")
-        git.push(remote: "origin", branch: branch_name)
+        publish_pull_request_for(dependency, default_branch, branch_name, git) if options[:push]
       ensure
         git.repo.checkout_head(strategy: :force)
         git.repo.checkout(default_branch)
       end
+
+      def description_for(dependency)
+        <<~MARKDOWN
+          Bumps [#{dependency.name}](#)
+
+          <details>
+          <summary>Changelog</summary>
+          </details>
+
+          <details>
+          <summary>Commits</summary>
+          </details>
+
+          <br />
+
+          Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
+          ---
+
+          <details>
+          <summary>Dependabot commands and options</summary>
+          <br />
+
+          You can trigger Dependabot actions by commenting on this PR:
+          - `@dependabot rebase` will rebase this PR
+          - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
+          - `@dependabot merge` will merge this PR after your CI passes on it
+          - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
+          - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
+          - `@dependabot reopen` will reopen this PR if it is closed
+          - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
+          - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
+          - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
+          - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
+          </details>
+        MARKDOWN
+      end
+
+      def publish_pull_request_for(dependency, default_branch, branch_name, git)
+        git.push(remote: "origin", branch: branch_name)
+        Dependabot.octokit.create_pull_request(
+          GitHub.name_with_owner_from(git.repo.remotes["origin"].url),
+          default_branch,
+          branch_name,
+          "chore(deps): bump #{dependency}",
+          description_for(dependency)
+        )
+      end
     end
   end
 end
diff --git a/lib/github.rb b/lib/github.rb
index 63a9a7a..80c7ecc 100644
--- a/lib/github.rb
+++ b/lib/github.rb
@@ -18,6 +18,14 @@ class GitHub
     @workspace = workspace
   end
 
+  class << self
+    def name_with_owner_from(url)
+      regex = %r{git@github.com:(?<nwo>\w+/\w+)\.git}
+      match = url.match(regex)
+      match["nwo"]
+    end
+  end
+
   private
 
   def default_api_url
diff --git a/spec/unit/github_spec.rb b/spec/unit/github_spec.rb
new file mode 100644
index 0000000..867375d
--- /dev/null
+++ b/spec/unit/github_spec.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+RSpec.describe GitHub do
+  subject { described_class }
+
+  describe ".name_with_owner_from" do
+    it "parses the nwo from a ssh url" do
+      expect(subject.name_with_owner_from("git@github.com:dependanot/examples.git")).to eq("dependanot/examples")
+    end
+  end
+end