From 27eb84f7fb14de85f045112fce149c34686e27d3 Mon Sep 17 00:00:00 2001
From: Artem Kamenev <artem+git@kamenev.pw>
Date: Wed, 13 Mar 2024 20:11:16 +0100
Subject: [PATCH] feat(github-actions): add support for version tag prefixes
 (#27882)

---
 .../manager/github-actions/__fixtures__/workflow_4.yml |  1 +
 lib/modules/manager/github-actions/extract.spec.ts     |  6 ++++++
 lib/modules/manager/github-actions/extract.ts          |  2 +-
 lib/modules/manager/github-actions/readme.md           | 10 ++++++++--
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml b/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml
index 1c3cbecb6b..809518dcf5 100644
--- a/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml
+++ b/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml
@@ -19,3 +19,4 @@ jobs:
       - uses: actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # v2.1.0 additional comment
       - uses: actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # ratchet:actions/checkout@v2.1.0
       - uses: actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # ratchet:exclude
+      - uses: actions-runner-controller/execute-assert-arc-e2e@f1d7c52253b89f0beae60141f8465d9495cdc2cf # actions-runner-controller-0.23.5
diff --git a/lib/modules/manager/github-actions/extract.spec.ts b/lib/modules/manager/github-actions/extract.spec.ts
index a660f80d9d..f45bc1c5bc 100644
--- a/lib/modules/manager/github-actions/extract.spec.ts
+++ b/lib/modules/manager/github-actions/extract.spec.ts
@@ -397,6 +397,12 @@ describe('modules/manager/github-actions/extract', () => {
           replaceString:
             'actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # ratchet:exclude',
         },
+        {
+          currentDigest: 'f1d7c52253b89f0beae60141f8465d9495cdc2cf',
+          currentValue: 'actions-runner-controller-0.23.5',
+          replaceString:
+            'actions-runner-controller/execute-assert-arc-e2e@f1d7c52253b89f0beae60141f8465d9495cdc2cf # actions-runner-controller-0.23.5',
+        },
       ]);
     });
 
diff --git a/lib/modules/manager/github-actions/extract.ts b/lib/modules/manager/github-actions/extract.ts
index edf09dbfed..ce6f18cd1c 100644
--- a/lib/modules/manager/github-actions/extract.ts
+++ b/lib/modules/manager/github-actions/extract.ts
@@ -15,7 +15,7 @@ import type { Workflow } from './types';
 
 const dockerActionRe = regEx(/^\s+uses\s*: ['"]?docker:\/\/([^'"]+)\s*$/);
 const actionRe = regEx(
-  /^\s+-?\s+?uses\s*: (?<replaceString>['"]?(?<registryUrl>https:\/\/[.\w-]+\/)?(?<depName>[\w-]+\/[.\w-]+)(?<path>\/.*)?@(?<currentValue>[^\s'"]+)['"]?(?:\s+#\s*(((?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?|(?:ratchet:[\w-]+\/[.\w-]+)?)@?(?<tag>v?\d+(?:\.\d+(?:\.\d+)?)?)|(?:ratchet:exclude)))?)/,
+  /^\s+-?\s+?uses\s*: (?<replaceString>['"]?(?<registryUrl>https:\/\/[.\w-]+\/)?(?<depName>[\w-]+\/[.\w-]+)(?<path>\/.*)?@(?<currentValue>[^\s'"]+)['"]?(?:\s+#\s*(((?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?|(?:ratchet:[\w-]+\/[.\w-]+)?)@?(?<tag>([\w-]*-)?v?\d+(?:\.\d+(?:\.\d+)?)?)|(?:ratchet:exclude)))?)/,
 );
 
 // SHA1 or SHA256, see https://github.blog/2020-10-19-git-2-29-released/
diff --git a/lib/modules/manager/github-actions/readme.md b/lib/modules/manager/github-actions/readme.md
index 2a8d381391..57c47c2284 100644
--- a/lib/modules/manager/github-actions/readme.md
+++ b/lib/modules/manager/github-actions/readme.md
@@ -1,7 +1,7 @@
 The `github-actions` manager extracts dependencies from GitHub Actions workflow and workflow template files.
 It can also be used for Gitea and Forgejo Actions workflows as such are compatible with GitHub Actions workflows.
 
-If you like to use digest pinning but want to follow the action version tag, you can use the following sample:
+If you like to use digest pinning but want to follow the action version tag, you can use the sample below:
 
 ```yaml
 name: build
@@ -15,8 +15,14 @@ jobs:
       - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 ```
 
-Renovate will update the commit SHA but follow the GitHub tag you specified.
+Renovate will update the commit SHA according to the GitHub tag you specified.
 Renovate can update digests that use SHA1 and SHA256 algorithms.
+The GitHub tag is in the format of `(prefix-)(v)1.0.0`, where `prefix` and `v` are optional and `1.0.0` is the version number.
+Here are the examples of valid GitHub tags:
+`1.0.1`, `1.0`, `1`,
+`v1.0.1`, `v1.0`, `v1`,
+`prefix-1.0.1`, `prefix-1.0`, `prefix-1`,
+`prefix-v1.0.1`, `prefix-v1.0`, `prefix-v1`.
 
 If you want to automatically pin action digests add the `helpers:pinGitHubActionDigests` preset to the `extends` array:
 
-- 
GitLab