philips-software · Ron (rjaegers) · Oct 27, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025
diff --git a/.github/actions/sticky-pr-comment/action.yml b/.github/actions/sticky-pr-comment/action.yml
@@ -0,0 +1,91 @@
+---
+name: 'Sticky PR Comment'
+description: 'Creates, updates or deletes a PR comment identified by a hidden marker'
+branding:
+  icon: message-circle
+  color: blue
+
+inputs:
+  pr-number:
+    description: 'Pull request number'
+    required: true
+  body:
+    description: 'Comment body content (without marker) to upsert. Required unless mode=delete.'
+    required: false
+  marker:
+    description: 'Unique hidden marker to identify the sticky comment'
+    default: 'sticky-comment'
+    required: false
+  mode:
+    description: 'Operation mode: upsert or delete'
+    default: 'upsert'
+    required: false
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Validate inputs
+      env:
+        MODE: ${{ inputs.mode }}
+        BODY: ${{ inputs.body }}
+      shell: bash
+      run: |
+        set -Eeuo pipefail
+
+        case "${MODE}" in
+          upsert|delete) ;;
+          *) echo "Invalid mode: ${MODE} (expected upsert|delete)" >&2; exit 1;;
+        esac
+
+        if [ "${MODE}" = delete ]; then
+          exit 0
+        fi
+
+        if [ -z "${BODY}" ]; then
+          echo 'Input "body" is required in upsert mode' >&2
+          exit 1
+        fi
+    - name: Upsert comment
+      if: inputs.mode == 'upsert'
+      env:
+        GH_TOKEN: ${{ github.token }}
+        PR_NUMBER: ${{ inputs.pr-number }}
+        MARKER: ${{ inputs.marker }}
+        BODY: ${{ inputs.body }}
+      shell: bash
+      run: |
+        set -Eeuo pipefail
+
+        MARKER_COMMENT="<!-- ${MARKER} -->"
+        FULL_BODY=$(printf "%s\n%s" "${MARKER_COMMENT}" "${BODY}")
+        EXISTING_ID=$(gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" --jq ".[] | select(.body|contains(\"${MARKER_COMMENT}\")) | .id" | head -n1 || true)
+
+        if [ -n "${EXISTING_ID}" ]; then
+          echo "Updating existing sticky comment (${EXISTING_ID})"
+          gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${EXISTING_ID}" -X PATCH -f body="${FULL_BODY}"
+        else
+          echo "Creating new sticky comment"
+          gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" -f body="${FULL_BODY}"
+        fi
+    - name: Delete comment(s)
+      if: inputs.mode == 'delete'
+      env:
+        GH_TOKEN: ${{ github.token }}
+        PR_NUMBER: ${{ inputs.pr-number }}
+        MARKER: ${{ inputs.marker }}
+      shell: bash
+      run: |
+        set -Eeuo pipefail
+
+        MARKER_COMMENT="<!-- ${MARKER} -->"
+        FOUND_IDS=$(gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" --jq ".[] | select(.body|contains(\"${MARKER_COMMENT}\")) | .id" || true)
+
+        if [ -z "${FOUND_IDS}" ]; then
+          echo "No sticky comment(s) to delete";
+          exit 0;
+        fi
+
+        for id in ${FOUND_IDS}; do
+          echo "Deleting sticky comment $id"
+          gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${id}" -X DELETE
+        done
@@ -14,6 +14,9 @@ jobs:
   validate-pr-title:
     runs-on: ubuntu-latest
     permissions:
+      # We need `contents: read` to be able to use the local GitHub Action
+      contents: read
+      # We need `pull-requests: write` to be able to post comments on PRs
       pull-requests: write
     steps:
       - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
@@ -32,21 +35,25 @@ jobs:
             doesn't start with an uppercase character.
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - uses: ./.github/actions/sticky-pr-comment
         if: always() && steps.pr-title.outputs.error_message != null
         with:
-          header: pr-title-lint-error
-          message: |
+          pr-number: ${{ github.event.pull_request.number }}
+          marker: pr-title-lint-error
+          body: |
             Hey there and thank you for opening this pull request! 👋🏼
 
             We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.
 
             :warning: Details
 
             ${{ steps.pr-title.outputs.error_message }}
-
-      - if: steps.pr-title.outputs.error_message == null
-        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
+      - uses: ./.github/actions/sticky-pr-comment
+        if: steps.pr-title.outputs.error_message == null
         with:
-          header: pr-title-lint-error
-          delete: true
+          pr-number: ${{ github.event.pull_request.number }}
+          marker: pr-title-lint-error
+          mode: delete
@@ -180,10 +180,11 @@ jobs:
         with:
           from-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:edge
           to-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:${{ steps.metadata.outputs.version }}
-      - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
+      - uses: ./.github/actions/sticky-pr-comment
         with:
-          header: container-size-diff-${{ inputs.flavor }}
-          message: |
+          pr-number: ${{ github.event.pull_request.number }}
+          marker: container-size-diff-${{ inputs.flavor }}
+          body: |
             ${{ steps.container-size-diff.outputs.size-diff-markdown }}
       - uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
         with: