Looks like KiBot supports diff generation via the diff output type:

Generates a PDF with the differences between two PCBs or schematics.

https://github.com/INTI-CMNB/KiBot

To get those posted to the PR, care needs to be taken with the actions setup (can't expose secrets/permissions to untrusted PR runners). So I think we want to create a new github action that runs on PRs to run diffs for schematics and pcbs and generate PDFs for those, along with another new action that uses a workflow_run trigger to download the pdf from the PR build and post that diff to the github PR thread.

Together with the pull_request_target, a new trigger workflow_run was introduced to enable scenarios that require building the untrusted code and also need write permissions to update the PR with e.g. code coverage results or other test results. To do this in a secure manner, the untrusted code must be handled via the pull_request trigger so that it is isolated in an unprivileged environment. The workflow processing the PR should then store any results like code coverage or failed/passed tests in artifacts and exit. The following workflow then starts on workflow_run where it is granted write permission to the target repository and access to repository secrets, so that it can download the artifacts and make any necessary modifications to the repository or interact with third party services that require repository secrets (e.g. API tokens).

https://securitylab.github.com/research/github-actions-preventing-pwn-requests/