The main Flutter GitHub repo does have infrastructure to run PR against all Google internal tests (which as you say, does find real bugs). https://imgur.com/a/Ih2oQIS
Does that automatically run against every PR? What mitigations did you have to put in place for Google security to allow running untrusted code from PRs on internal CI?