Hi there! I ran into the Resource not accessible by integration issue, and found #76. I've adjusted my organization / repo settings to be maximally permissive:

but I continue to see this error. Is it possible to use this action on private repro dependabot (fork) PRs? Or is the only solution to skip all create-or-update-comment steps on fork PRs?

Hi @schlosser

Dependabot is a special case. By default it does not have access to your secrets and if your workflow triggered by dependabot needs a secret to run then you must create a dependabot secret.

See here for details:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#accessing-secrets

Thanks Peter! Strangely, I have the same secrets setup in dependabot secrets as my actions secrets; the rest of my steps work fine, but my create-or-update-comment step is throwing the error. I think that all it should need secrets-wise is my GITHUB_TOKEN. Do I need to explicitly add GITHUB_TOKEN to my dependabot secrets? My reading of the docs made it look like it should be included automatically in the environment. Is there a way I could debug the token further?

For the default GITHUB_TOKEN there is a separate section in the doc about how to give it further permissions.
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#changing-github_token-permissions

It will need issues: write and/or pull-requests: write.

Ah! That's almost certainly it. Thanks for the pointer! Have been hunting and hunting for this. Appreciate it!