chore(ci): Fix potential github action smells

[ceddy4395]

Hey! 🙂
I want to contribute the following changes to your workflow:

• Avoid running CI related actions when no source code has changed

• Use permissions whenever using Github Token

• Avoid executing scheduled workflows on forks

• Closes N/A

Additional details

These changes are part of a research Study at TU Delft looking at GitHub Action Smells. Find out more

Steps to test

N/A

How has the user experience changed?

N/A

PR Tasks

• Have tests been added/updated?
• Has a PR for user-facing changes been opened in cypress-documentation?
• Have API changes been updated in the type definitions?

[CLAassistant]

All committers have signed the CLA.

[cypress-app-bot]

• Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.

[jennifer-shehane]

@ceddy4395 We need to specify the permissions we want here right? What happens if this object is empty? https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idpermissions

[ceddy4395]

When the permissions are empty, the GITHUB_TOKEN and 'external' actions will have no permissions at all.
I assumed this would not be a problem looking at the workflow, however could you confirm what the ${{ github.event.release.upload_url }} usually points to? If this points to github somehow, we might need to add the correct permission for that.

[jennifer-shehane]

These are examples of the urls: e2dcf53#commitcomment-141413214

[ceddy4395]

Ah yes I see where it gets uploaded, I've added contents: write to the permission which will allow the uploading.