diff --git a/.github/workflows/linting_annotate.yml b/.github/workflows/linting_annotate.yml
new file mode 100644
index 00000000..298d73a7
--- /dev/null
+++ b/.github/workflows/linting_annotate.yml
@@ -0,0 +1,49 @@
+name: Annotate linting
+
+permissions:
+  actions: read # download artifact
+  checks: write # annotate
+
+# this is done as a seperate workflow so
+# the annotater has access to write to checks (to annotate)
+on:
+  workflow_run:
+    workflows: ["Linting and Testing"]
+    types:
+      - completed
+
+jobs:
+  annotate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Download linting report
+        uses: actions/github-script@v3.1.0
+        with:
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "eslint_report.zip"
+            })[0];
+            var download = await github.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/eslint_report.zip', Buffer.from(download.data));
+      
+      - run: unzip eslint_report.zip
+      
+      - run: ls -la
+
+      - name: Annotate linting
+        uses: ataylorme/eslint-annotate-action@v2
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          report-json: "eslint_report.json"
diff --git a/.github/workflows/linting_testing.yml b/.github/workflows/linting_testing.yml
index e51fc630..d37f2331 100644
--- a/.github/workflows/linting_testing.yml
+++ b/.github/workflows/linting_testing.yml
@@ -5,8 +5,7 @@ on:
     branches:
       - master
       - dev
-  pull_request_target:
-    types: [opened, reopened, synchronize]
+  pull_request:
 
 jobs:
   linting:
@@ -24,17 +23,16 @@ jobs:
       
       - name: Install Yarn packages
         run: yarn install
+
+      - name: Build Project
+        run: npm run build
       
       - name: Run ESLint Report
         run: yarn lint:report
         # continue on error, so it still reports it in the next step
         continue-on-error: true
 
-      - name: Annotate Code Linting Results
-        uses: ataylorme/eslint-annotate-action@v2
+      - uses: actions/upload-artifact@v2
         with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
-          report-json: "eslint_report.json"
-
-      - name: Build Project
-        run: npm run build
+          name: eslint_report.zip
+          path: eslint_report.json