feat(github-action): Support updating digest pinned actions

[viceice]

Changes:

Support updating github action sha pinned actions.

Sample pr's:

• chore(deps): update actions/checkout action to v1.2.0 viceice-tests/gh-action-digests#2
• chore(deps): update actions/checkout action to v2 viceice-tests/gh-action-digests#3
• chore(deps): update docker/setup-qemu-action commit hash to 4259ef6 viceice-tests/gh-action-digests#4
• chore(deps): pin docker/setup-buildx-action action to v1.4.0 viceice-tests/gh-action-digests#5
• chore(deps): update docker/setup-buildx-action action to v1.5.1 viceice-tests/gh-action-digests#6
• chore(deps): update actions/setup-node commit hash to 38d90ce viceice-tests/gh-action-digests#7

Context:

closes #7537

Documentation (please check one with an [x])

• I have updated the documentation, or
• No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

• Code inspection only, or
• Newly added/modified unit tests, or
• No unit tests but ran on a real repository, or
• Both unit tests + ran on a real repository

[rarkins]

Can you also create feature issues for:

• supporting an informative "version" field for Renovate to use as currentValue, so that we don't need to propose a PR every time there's a commit to the action's main branch?
• supporting displaying a gitRef deep link diff (could apply to more than just actions)

I think we need both of these in order for actions digest PRs to be more usable

[viceice]

add tag follow support for pinned actions via renovate comment

[rarkins]

Do we support pinning digests for actions? And can it move the tag to a comment if it does? :)

[viceice]

Do we support pinning digests for actions? And can it move the tag to a comment if it does? :)

Not yet, working on it 🙃

[HonkingGoose]

Some docs changes to keep up with new feature.

[viceice]

It now also supports pin digests with auto replace 🎉

[viceice]

Anything missing?

[rarkins]

Thought I already commented here but can't see it. Need to test the use case where tag version remains same but digest is updated. Valid tag with bogus sha in base branch should reproduce it.

Also I noted that the pr body comment for pinning is wrong/outdated but it's unrelated to this PR

[viceice]

Thought I already commented here but can't see it. Need to test the use case where tag version remains same but digest is updated. Valid tag with bogus sha in base branch should reproduce it.

Also I noted that the pr body comment for pinning is wrong/outdated but it's unrelated to this PR

Sure, creating sample pr

[viceice]

Thought I already commented here but can't see it. Need to test the use case where tag version remains same but digest is updated. Valid tag with bogus sha in base branch should reproduce it.

Also I noted that the pr body comment for pinning is wrong/outdated but it's unrelated to this PR

@rarkins see viceice-tests/gh-action-digests#7 works 🎉

[renovate-release]

🎉 This PR is included in version 25.56.0 🎉

The release is available on:

• GitHub release
• 25.56.0

Your semantic-release bot 📦🚀