diff --git a/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml b/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml
index ae34907103bdcf..1c3cbecb6bf4f9 100644
--- a/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml
+++ b/lib/modules/manager/github-actions/__fixtures__/workflow_4.yml
@@ -17,3 +17,5 @@ jobs:
       - uses: actions/checkout@01aecc#v2.1.0
       - uses: actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # comment containing 2.1.0
       - uses: actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # v2.1.0 additional comment
+      - uses: actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # ratchet:actions/checkout@v2.1.0
+      - uses: actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # ratchet:exclude
diff --git a/lib/modules/manager/github-actions/extract.spec.ts b/lib/modules/manager/github-actions/extract.spec.ts
index 6cb38d7ac02909..a660f80d9da413 100644
--- a/lib/modules/manager/github-actions/extract.spec.ts
+++ b/lib/modules/manager/github-actions/extract.spec.ts
@@ -385,6 +385,18 @@ describe('modules/manager/github-actions/extract', () => {
           replaceString:
             'actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # v2.1.0',
         },
+        {
+          currentDigest: '689fcce700ae7ffc576f2b029b51b2ffb66d3abd',
+          currentValue: 'v2.1.0',
+          replaceString:
+            'actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # ratchet:actions/checkout@v2.1.0',
+        },
+        {
+          currentDigest: '689fcce700ae7ffc576f2b029b51b2ffb66d3abd',
+          currentValue: undefined,
+          replaceString:
+            'actions/checkout@689fcce700ae7ffc576f2b029b51b2ffb66d3abd # ratchet:exclude',
+        },
       ]);
     });
 
diff --git a/lib/modules/manager/github-actions/extract.ts b/lib/modules/manager/github-actions/extract.ts
index 14ba5c4b99b5e1..edf09dbfed2d9f 100644
--- a/lib/modules/manager/github-actions/extract.ts
+++ b/lib/modules/manager/github-actions/extract.ts
@@ -15,7 +15,7 @@ import type { Workflow } from './types';
 
 const dockerActionRe = regEx(/^\s+uses\s*: ['"]?docker:\/\/([^'"]+)\s*$/);
 const actionRe = regEx(
-  /^\s+-?\s+?uses\s*: (?<replaceString>['"]?(?<registryUrl>https:\/\/[.\w-]+\/)?(?<depName>[\w-]+\/[.\w-]+)(?<path>\/.*)?@(?<currentValue>[^\s'"]+)['"]?(?:\s+#\s*(?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?@?(?<tag>v?\d+(?:\.\d+(?:\.\d+)?)?))?)/,
+  /^\s+-?\s+?uses\s*: (?<replaceString>['"]?(?<registryUrl>https:\/\/[.\w-]+\/)?(?<depName>[\w-]+\/[.\w-]+)(?<path>\/.*)?@(?<currentValue>[^\s'"]+)['"]?(?:\s+#\s*(((?:renovate\s*:\s*)?(?:pin\s+|tag\s*=\s*)?|(?:ratchet:[\w-]+\/[.\w-]+)?)@?(?<tag>v?\d+(?:\.\d+(?:\.\d+)?)?)|(?:ratchet:exclude)))?)/,
 );
 
 // SHA1 or SHA256, see https://github.blog/2020-10-19-git-2-29-released/
diff --git a/lib/modules/manager/github-actions/readme.md b/lib/modules/manager/github-actions/readme.md
index be99cb2597fb22..2a8d381391445e 100644
--- a/lib/modules/manager/github-actions/readme.md
+++ b/lib/modules/manager/github-actions/readme.md
@@ -40,3 +40,10 @@ jobs:
   build:
     runs-on: ${{ env.RUNNER }}
 ```
+
+The `github-action` manager understands `ratchet` comments, like `# ratchet:actions/checkout@v2.1.0`.
+This means that Renovate will:
+
+- update the version of a _pinned_ Ratchet version if needed
+- not delete Ratchet comments after parsing them
+- keep `# ratchet:exclude` comments