Retain docker image tag when pinning in Actions workflows

[varunsh-coder]

@Devils-Knight I noticed that when we pin docker images in Github Actions workflows, we do not retain the tag.

On the other hand, when we pin docker images in dockerfiles, we do retain the tag. Here is an example:

secure-repo/testfiles/dockerfiles/output/Dockerfile-not-pinned-as

Line 16 in abc34e3

FROM python:3.7@sha256:5fb6f4b9d73ddeb0e431c938bee25c69157a1e3c880a81ff72c43a8055628de5 as build

The 3.7 tag part is retained.

As next steps:

1. Can you please investigate that if the tag is retained for docker images in GitHub Actions workflows, does it work fine, and does dependabot update it?
2. If yes, make changes to retain the tag in GitHub Actions workflows.

In this case, the test cases would also need to be updated.

[Devils-Knight]

I think we can retain tag for docker image in the given format that you mentioned and the retained tag would act as a fallback option in case referencing the pinned tag version fails, view here.

And for the dependabot part, The functionality for bumping docker actions isn't added yet. There is an open issue tracking this functionality. dependabot/dependabot-core/issues/5541

I have created a pr updating the format and test cases for the same.
Update Format for Pinning Docker Actions #2014

[varunsh-coder]

This is done and released. Thanks!