I submitted feedback to Apple last year; I'll transcribe it here for documentation purposes.

Apple feedback ID:
FB12609428
14 July 2023
Resolution(as of 27 Feb 2024): Open

Please provide a descriptive title for your feedback:
XCode Cloud not building Pull Requests from Forked Repos
Which area are you seeing an issue with?
Xcode Cloud
What type of feedback are you reporting?
Incorrect/Unexpected Behavior

Description
Please describe the issue and what steps we can take to reproduce it
Our app receives pull requests from volunteers, which means they originate from a fork of our repo, as volunteers do not have push privileges to the main repository. Unfortunately, Xcode Cloud doesn't run our PR test build to validate their PRs. Is there a way to configure it? I'm presented with a generic error when I try to run it manually (see screenshot). Maybe it is a configuration issue, but I couldn't figure it out. I appreciate any help you can provide.

Apple Feedback
2 August 2023 at 5:44 PM
Unfortunately this is intended, in order to avoid abuse by attackers who fork your project and run arbitrary scripts in a forked repo PR.
If this is important to your workflows, please let us know.

Marina Azevedo
3 August 2023 at 12:30 PM
Hi! Thanks for the response. I understand security issues may arise from allowing forked repos to trigger builds. We would need to run our "test build" that doesn't produce artifacts. If there could be a way for the internal team to trigger these forked builds individually after an internal analysis to mitigate risk, that would satisfy our needs.

Apple Feedback
7 August 2023 at 10:16 PM
The concern is not only the execution of custom build scripts but also the billable usage that these builds would consume. While we can't comment on upcoming features, we've noted your scenario as a desired use case.