This works by uploading the data from the main workflow with low permissions as an artifact, then downloading the data in a workflow with higher permissions to post the comment.
Third party actions are fixed at a commit, in case they get compromised.
Also set the build-firmware VM to ubuntu-22.04, which was missed when updating workflow deps earlier.
This will not run on this PR, because pull_request_target runs in the context of the base branch, but this file doesn't yet exist in develop.
This works by uploading the data from the main workflow with low permissions as an artifact, then downloading the data in a workflow with higher permissions to post the comment.
Third party actions are fixed at a commit, in case they get compromised.
Also set the build-firmware VM to ubuntu-22.04, which was missed when updating workflow deps earlier.
This will not run on this PR, because pull_request_target runs in the context of the base branch, but this file doesn't yet exist in develop.