Getting "Resource not accessible by integration" when PR is opened from a fork

[hermanschaaf]

When using delta-action and a PR is opened from a fork, the workflow exits with the following error:

RequestError [HttpError]: Resource not accessible by integration
...
  status: 403,
  response: {
    url: 'https://api.github.com/repos/cloudquery/plugin-sdk/issues/430/comments',
    status: 403,

My simplified workflow file looks like this:

name: "Unit tests"
on:
  push:
    branches:
      - main
  pull_request:
    branches: [main]

jobs:
  unittests:
    steps:
      - name: Run benchmark
        run: make benchmark-ci
      - name: Delta
        uses: netlify/delta-action@v4.1.0
        with:
          title: "⏱️ Benchmark results"
          style: "text"
          token: ${{ secrets.GITHUB_TOKEN }}

I think the only way to handle this is to use the pull_request_target mode, but checking out the code to run benchmarks then becomes unsafe. How would a setup look that generates benchmark results using the (safe) pull_request trigger, but then uses pull_request_target to comment on the PR? Or is there another way to achieve this?

This issue is not really specific to delta-action, but I have run into this while using it, and was hoping someone here could offer some advice on how to set it up correctly, which might also help future users.