chore(ci): validate user's permissions before uploading artifacts step (

#558)

.github/workflows/blockifier_ci.yml

@@ -78,18 +78,28 @@ jobs:
             target/release/libnative_blockifier.so \
             target/release/native_blockifier.pypy39-pp73-x86_64-linux-gnu.so
 
+      # Check if the user has the required permission to upload the artifact.
+      - name: Get User Permission
+        id: checkAccess
+        uses: actions-cool/check-user-permission@v2
+        with:
+          require: write
+          username: ${{ github.triggering_actor }}
+
+      - name: Check User Permission
+        if: steps.checkAccess.outputs.require-result == 'false'
+        run: |
+          echo "${{ github.triggering_actor }} does not have permissions on this repo."
+          echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
+          echo "Job originally triggered by ${{ github.actor }}"
+          exit 1
+
       - name: Authenticate with GCS
-        # Fork PRs do not have access to secrets.
-        # Push events should trigger the upload regardless of the originating PR.
-        if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
         uses: "google-github-actions/auth@v2"
         with:
           credentials_json: ${{ secrets.SA_NATIVE_BLOCKIFIER_ARTIFACTS_BUCKET_WRITER_ACCESS_KEY }}
 
       - name: Upload binary to GCP
-        # Fork PRs do not have access to secrets (so no uploading).
-        # Push events should trigger the upload regardless of the originating PR.
-        if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
         id: upload_file
         uses: "google-github-actions/upload-cloud-storage@v2"
         with: