Our code is organized such that some of the repositories are included as submodules in others. Since we update these dependencies regularly, it’s important to keep them updated in the repositories that use them. Given a submodule named content, please implement a solution to create a GitHub pull request which updates the version of that submodule to the latest commit on its main branch. Your solution should run on a regular schedule and also automatically add a set of GitHub users as reviewers on the pull request.

In order to accomplish this we rely on dependabot, a tool from GitHub that facilitates the dependecy updates in our repositories. To start with it, we need to create a configuration file called dependabot.yaml at the .github subdirectory.

version: 2
updates:
  - package-ecosystem: "gitsubmodule"
    directory: "/"
    schedule:
      interval: "daily"
    reviewers:
      - "crosvera"

In this configuration file we can set the different dependencies update mechanisms, in this case we are using gitsubmodule. dependabot will check all submodules under the directory. You can set the frequency that dependabot can check for dependency updates using the schedule.interval option. dependabot will gather all the updates available for our dependencies and will push them as a PR, in order to add reviewers to that PR, we can set the reviewers option with the usernames of the GitHub accounts.

This approach will only works if the submodules are public Github repositories. But if the submodule and the repository that is using it are in the same project, you can configure dependabot to allow it to update it.