Pass the serialized group name when creating a PR for grouped updates

common/lib/dependabot/dependency_group.rb

@@ -16,5 +16,9 @@ def contains?(dependency)
       @dependencies.include?(dependency) if @dependencies.any?
       rules.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
     end
+
+    def to_h
+      { "name" => name }
+    end
   end
 end

updater/lib/dependabot/api_client.rb

@@ -166,6 +166,15 @@ def http_client
       client
     end
 
+    def dependency_group_hash(dependency_change)
+      return {} unless dependency_change.grouped_update?
+
+      # FIXME: We currently assumpt that _an attempt_ to send a DependencyGroup#id should
+      # result in the `grouped-update` flag being set, regardless of whether the
+      # DependencyGroup actually exists.
+      { "dependency-group": dependency_change.dependency_group.to_h }.compact
+    end
+
     def create_pull_request_data(dependency_change, base_commit_sha)
       data = {
         dependencies: dependency_change.updated_dependencies.map do |dep|
@@ -181,17 +190,8 @@ def create_pull_request_data(dependency_change, base_commit_sha)
         end,
         "updated-dependency-files": dependency_change.updated_dependency_files_hash,
         "base-commit-sha": base_commit_sha
-      }.merge({
-        # TODO: Replace this flag with a dependency-group object
-        #
-        # In future this should be something like:
-        #    "dependency-group": dependency_change.dependency_group_hash
-        #
-        # This will allow us to pass back the rule id and other parameters
-        # to allow Dependabot API to augment PR creation and associate it
-        # with the rule for rebasing, etc.
-        "grouped-update": dependency_change.grouped_update? ? true : nil
-      }.compact)
+      }.merge(dependency_group_hash(dependency_change))
+
       return data unless dependency_change.pr_message
 
       data["commit-message"] = dependency_change.pr_message.commit_message

updater/spec/dependabot/api_client_spec.rb

@@ -175,22 +175,24 @@
     end
 
     context "grouped updates" do
-      it "does not include the grouped_update key by default" do
+      it "does not include the dependency-group key by default" do
         client.create_pull_request(dependency_change, base_commit)
 
         expect(WebMock).
           to(have_requested(:post, create_pull_request_url).
              with do |req|
-               expect(req.body).not_to include("grouped-update")
+               expect(req.body).not_to include("dependency-group")
              end)
       end
 
-      it "flags the PR as a grouped-update if the dependency change has a dependency group assigned" do
+      it "flags the PR as having dependency-groups if the dependency change has a dependency group assigned" do
+        group = Dependabot::DependencyGroup.new(name: "dummy-group-name", rules: ["*"])
+
         grouped_dependency_change = Dependabot::DependencyChange.new(
           job: job,
           updated_dependencies: dependencies,
           updated_dependency_files: dependency_files,
-          dependency_group: anything
+          dependency_group: group
         )
 
         client.create_pull_request(grouped_dependency_change, base_commit)
@@ -199,7 +201,7 @@
           to(have_requested(:post, create_pull_request_url).
              with do |req|
                data = JSON.parse(req.body)["data"]
-               expect(data["grouped-update"]).to be true
+               expect(data["dependency-group"]).to eq({ "name" => "dummy-group-name" })
              end)
       end
     end