The external PRs workflow is still broken: commenting on the PR with the
lint results doesn't work because pull_request events triggered from
forks do not have write permissions.
Following GitHub recommendations, I broke it down into two workflows:
1. First workflow writes the lint results (if any) to an uploaded
artifact.
2. Second workflow (triggered by workflow_run and thus has write
permissions) downloads the artifact and posts the results as a PR
comment.
5dc929a584