[FIX] Pin sticky-pull-request-comment to SHA for supply-chain security

jaseemjaskp · jaseemjaskp · commit b687c17bb38d · 2026-03-31T21:28:22.000+05:30
diff --git a/.github/workflows/ci-frontend-lint.yaml b/.github/workflows/ci-frontend-lint.yaml
@@ -54,7 +54,7 @@ jobs:
           fi
 
       - name: Render lint report to PR
-        uses: marocchino/sticky-pull-request-comment@v3
+        uses: marocchino/sticky-pull-request-comment@70d2764d1a7d5d9560b100cbea0077fc8f633987 # v3.0.2
         if: always() && hashFiles('frontend/biome-report.md') != '' && github.event.pull_request.head.repo.fork == false
         with:
           header: frontend-lint-results
diff --git a/.github/workflows/ci-test.yaml b/.github/workflows/ci-test.yaml
@@ -54,7 +54,7 @@ jobs:
           bash .github/scripts/combine-test-reports.sh
 
       - name: Render combined test report to PR
-        uses: marocchino/sticky-pull-request-comment@v3
+        uses: marocchino/sticky-pull-request-comment@70d2764d1a7d5d9560b100cbea0077fc8f633987 # v3.0.2
         if: always() && hashFiles('combined-test-report.md') != '' && github.event.pull_request.head.repo.fork == false
         with:
           header: test-results
