pull_request gives fork PRs a read-only token, so the sticky comment can't be
posted from pr-title.yml. Split the comment into pr-title-comment.yml
(workflow_run), which runs from the base branch with a write token and works for
forks. pr-title.yml stays the required check (runs on the PR branch, forks
included, no deadlock) and hands the lint result to the commenter via an
artifact. workflow_run only fires once this workflow is on the default branch, so
it activates for fork PRs after merge; the required check is unaffected.
A pull_request_target workflow executes from the BASE branch, so pr-title.yml
(added in this PR, absent on develop) never runs under it — leaving the required
'Validate PR Title' check stuck in Expected. Back to pull_request so the check
runs from the PR branch. The fork-PR write-token improvement can be revisited in
a follow-up once this workflow exists on develop. Keep the success() guard and
the per-PR concurrency group.
pull_request_target gives fork PRs a write token so the title-lint sticky
comment posts for external contributors (the workflow only reads the title and
comments — it never checks out or runs PR code). Also AND the delete-comment
step with success() so a crashed lint run (not a lint violation) can't leave
error_message unset and wrongly delete the error comment.
Job-level 'edited' skips left matrix checks with an unexpanded
${{ matrix.command }} name and required checks stuck in Expected.
Filtering at the trigger level removes the phantom run entirely:
title edits now only run the PR title check.