Add tooling to bump action version

[githubnemo]

Add a CLI tool for bumping workflow actions to their newest release.
Requirements were:

• modify the workflow files as little as possible for easy review
• make it low friction to review the changes from old to new version
• keep the version comments in the YAML files

GitHub limits the number of API calls so for repeated execution it is recommended to create a .github_bearer_token file containing an API token for the user's account (no permissions are needed) to increase the rate limit significantly (60/h to 1000+/h).

Here's an example of a summary at the end of the update run:

Summary of combined updates:
----------------------------

The summary will include repos more than once if their current version differs.

* Repository: docker/setup-buildx-action, current version: 8d2750c68a42422c14e847fe6c8ac0403b4cbd6f (tag: v3)
  This was updated to version 8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
  This corresponds to release v3.12.0
  Release information: https://github.com/docker/setup-buildx-action/releases/tag/v3.12.0
  See what changed: https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...8d2750c68a42422c14e847fe6c8ac0403b4cbd6f

* Repository: tj-actions/changed-files, current version: 1c8e6069583811afb28f97afeaf8e7da80c6be5c (tag: UNKNOWN TAG)
  This was updated to version e0021407031f5be11a464abee9a0776171c79891
  This corresponds to release v47.0.1
  Release information: https://github.com/tj-actions/changed-files/releases/tag/v47.0.1
  See what changed: https://github.com/tj-actions/changed-files/compare/1c8e6069583811afb28f97afeaf8e7da80c6be5c...e0021407031f5be11a464abee9a0776171c79891

* Repository: huggingface/hf-workflows, current version: 3f88d63d3761558a32e8e46fc2a8536e04bb2aea (tag: UNKNOWN TAG)
  Was not updated. Error: Fetching release failed: Error: 404

Note that there's currently a lot of inconsistent formatting in the workflow files which the YAML formatter will rectify, git diff -w makes review rather simple, though.

[HuggingFaceDocBuilderDev]

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

[BenjaminBossan]

Very nice work, this could potentially be useful more generally. Besides my comments, let's fix the linting error.

In testing, I noticed that a comment was removed that followed a changed line, can this be prevented? python scripts/bump_action_versions.py ./.github/workflows/tests.yml; git diff -w .github/workflows/tests.yml

[...]
@@ -150,10 +150,7 @@ jobs:
         # make sure that cache cleaning doesn't break the pipeline
         python scripts/ci_clean_cache.py -d || true
     - name: Update model cache
-        uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809  # v4.2.4
-        # Only let one runner (preferably the one that covers most tests) update the model cache
-        # after *every* run. This way we make sure that our cache is never outdated and we don't
-        # have to keep track of hashes.
+      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306  # v5.0.3
       if: always() && matrix.os == 'ubuntu-latest' && matrix.python-version == '3.10'
       with:
         path: |

[BenjaminBossan]

Let's add instructions how to install this, as it's not a PEFT dependency.

[BenjaminBossan]

Let's add info on creating the bearer token (basically what's in the PR description) here. Let's also link to where to create it: https://github.com/settings/personal-access-tokens.

[salmanmkc]

this will also do the same thing but with one workflow file #3040