Fix gha smells:

- Avoid executing  scheduled workflows on forks
- Use 'if' for upload-artifact action
- Use permissions whenever using Github Token

Author: ceddy4395

.github/workflows/build_on_pr.yml

@@ -199,6 +199,7 @@ jobs:
 
       - name: Upload test coverage artifact
         uses: actions/upload-artifact@v3
+        if: success()
         with:
           name: report
           path: report/

.github/workflows/compatiblity_test_on_schedule.yml

@@ -10,6 +10,7 @@ jobs:
   matrix_preparation:
     name: Prepare Container List
     runs-on: ubuntu-latest
+    if: ${{github.event_name != 'schedule' || github.repository == 'hpcaitech-colossalai'}}
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:

.github/workflows/draft_github_release_post_after_merge.yml

@@ -13,6 +13,8 @@ jobs:
     name: Draft Release Post
     if: ( github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true ) && github.repository == 'hpcaitech/ColossalAI'
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v2
         with:

.github/workflows/report_test_coverage.yml

@@ -10,6 +10,8 @@ jobs:
   report-test-coverage:
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    permissions:
+      contents: write
     steps:
       - name: "Download artifact"
         uses: actions/github-script@v6

.github/workflows/submodule.yml

@@ -9,6 +9,9 @@ jobs:
   sync-submodule:
     runs-on: ubuntu-latest
     if: github.repository == 'hpcaitech/ColossalAI'
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout
         uses: actions/checkout@v2