Update GitHub Action to use specific version of github-script

[qgallouedec]

see https://github.com/huggingface/tracking-issues/issues/417

---

Note

Low Risk
Low risk: this only pins a GitHub Action dependency to a specific commit in a workflow, reducing supply-chain drift without changing the workflow logic.

Overview
Pins the actions/github-script dependency in pr_template_check.yml from the floating v7 tag to a specific commit SHA (still v7). This makes the PR template check workflow deterministic and less susceptible to upstream tag changes.

^{Reviewed by Cursor Bugbot for commit 9c21288. Bugbot is set up for automated code reviews on this repo. Configure here.}

[chatgpt-codex-connector]

💡 Codex Review

trl/.github/workflows/pr_template_check.yml

Line 14 in 4ce5a6d

types: [opened]

Re-run template check when closed PRs are reopened

Restricting pull_request_target to types: [opened] allows external contributors to bypass this policy by reopening a PR after the bot auto-closes it for a malformed template: the workflow no longer runs on that reopen, so the invalid PR can stay open. This regresses enforcement compared with the previous reopened handling for non-members and undermines the stated requirement that malformed PRs be closed until fixed.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[HuggingFaceDocBuilderDev]

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

[albertvillanova]

Thanks.