Skip to content

Automated Dependency Updates for Git Submodules

Categories: no-category

Renovate supports updating Git Submodules dependencies.

Enabling

Git Submodules functionality is currently in beta testing, so you must opt-in to test it. To enable it, add a configuration like this to either your bot config or your renovate.json:

{
  "git-submodules": {
    "enabled": true
  }
}

If you find any bugs, please create a new discussion first. If you find that it works well, then let us know too.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)\.gitmodules$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: git-refs.

Default config

{
  "enabled": false,
  "versioning": "git",
  "fileMatch": [
    "(^|/)\\.gitmodules$"
  ]
}

Additional Information

Keeps Git submodules updated within a repository.

You can customize the per-submodule checks of the git-submodules manager like this:

{
  "ignoreDeps": ["path/to/submodule", "path/to/submodule2"],
  "git-submodules": {
    "enabled": true
  }
}

Updating to Specific Tag Values

If you want to update your Git submodules to a specific tag, you can set the desired tag as the branch in your .gitmodules file. Renovate will then automatically update this version to the latest Git branch or tag which satisfies your versioning scheme.

[submodule "renovate"]
  path = deps/renovate
  url = https://github.com/renovatebot/renovate.git
  branch = v0.0.1

Note: Using this approach will disrupt the native git submodule update experience when using git submodule update --remote. You may encounter an error like fatal: Unable to find refs/remotes/origin/v0.0.1 revision in submodule path... because Git can only update submodules when tracking a branch. To manually update the submodule, navigate to the submodule directory and run the following commands: git fetch && git checkout <new tag>.

Private Modules Authentication

Before running the git commands to update the submodules, Renovate exports git insteadOf directives in environment variables.

The following logic is executed prior to "submodules" updating:

The token from the hostRules entry matching hostType=github and matchHost=api.github.com is added as the default authentication for github.com. For those running against github.com, this token will be the default platform token.

Next, all hostRules with both a token or username/password and matchHost will be fetched, except for any github.com one from above.

Rules from this list are converted to environment variable directives if they match any of the following characteristics:

  • No hostType is defined, or
  • hostType is git-tags or git-refs, or
  • hostType is a platform (github, gitlab, azure, etc.)

Open items

The below list of bugs were current when this page was generated on November 21, 2024.

Bug reports

  • Grouped updates with git-submodules enabled causes flacky updates #30279