GitHub offers Dependabot to update GitHub actions automatically. I found this quite useful for my own packages. The SciML organization and the Trixi.jl framework have already enabled it in many repositories, the remaining ones will be processed soon. You basically need to create a file .github/dependabot.yml with the following content:
To be more specific, you can see Dependabot as an anlog of CompatHelper for GitHub actions dependencies such as actions/checkout@v2. Based on semver, you will not use actions/checkout@v2 with this setup. Dependabot will create a PR updating such a line to actions/checkout@v3. This will fix deprecation warnings such as
Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16:
actions/checkout@v2, actions/cache@v2, codecov/codecov-action@v2.
For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.