Run OpenRewrite best practices on pull requests

.github/workflows/comment-pr.yml

@@ -0,0 +1,15 @@
+name: comment-pr
+
+# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
+on:
+  workflow_run:
+    workflows: ["receive-pr"]
+    types:
+      - completed
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
+jobs:
+  post-suggestions:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    uses: openrewrite/gh-automation/.github/workflows/comment-pr.yml@main

.github/workflows/receive-pr.yml

@@ -0,0 +1,17 @@
+name: receive-pr
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.ref }}'
+  cancel-in-progress: true
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
+jobs:
+  upload-patch:
+    uses: openrewrite/gh-automation/.github/workflows/receive-pr.yml@main