[actions] add release workflow

[xt0rted]

Based on the discussion in #3221 this adds a workflow that runs when tags are pushed and creates/updates a release of the same name.

After some testing it turns out GitHub detects force pushes of tags and automatically points an existing release to the new commit. This means the extra steps to check for an existing release, delete it if found, etc. aren't needed.

With this in place you should be able to:

• push a v2.0.0 tag
  • a release will be created automatically
  • the changelog contents will be copied to it
• make some changes to main
• move the tag up a few commits
• force push the v2.0.0 tag
  • GitHub will auto-update the release's tag/sha
  • this workflow will update the release notes with anything new

Fixes #3221.

[xt0rted]

This action will create the release if it doesn't exist, or update it if it does. So all that's needed is to pass the release body to it.

[ljharb]

Could we also incorporate the harden-runner? https://github.com/step-security/harden-runner

Here's an example: https://github.com/nvm-sh/nvm/blob/master/.github/workflows/lint.yml#L11-L16

[ljharb]

It occurs to me that in our changelog, we use markdown references - which means, if the extracted changelog section doesn't also include the relevant links (which are elsewhere in the document), they won't work. How can we verify this before an actual release?

[codecov-commenter]

Codecov Report

Merging #3223 (9ed0f4a) into master (625010a) will decrease coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3223      +/-   ##
==========================================
- Coverage   97.67%   97.66%   -0.01%     
==========================================
  Files         121      121              
  Lines        8507     8518      +11     
  Branches     3070     3074       +4     
==========================================
+ Hits         8309     8319      +10     
- Misses        198      199       +1     

Impacted Files	Coverage Δ
lib/rules/no-array-index-key.js	92.42% <0.00%> (-0.26%)	⬇️
lib/util/variable.js	96.42% <0.00%> (+0.27%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 625010a...9ed0f4a. Read the comment docs.

[xt0rted]

Just pushed a change that will grab the common links at the end of the file and append them to the release notes. It required adding an html comment to the changelog so they can be easily found. Hopefully that's not an issue. The results of a test run can be seen here https://github.com/xt0rted/eslint-plugin-react/releases/tag/v7.30.0

I'm not sure how best to handle links inside of the version section. The action is filtering them out for some reason. Maybe we could get a setting added that would skip the filter? Another option is to change how PRs are referenced. Instead of doing [#123][] you could do #123 and let github auto link them.

[xt0rted]

Issue about the link filter mindsers/changelog-reader-action#52

[ljharb]

That wouldn't cause them to be autolinked when viewing the markdown directly, which i presume is why that choice was originally made.

[ljharb]

k, let's merge this and give it a shot with v7.29.3 :-)

[ljharb]

Looks like it worked! https://github.com/yannickcr/eslint-plugin-react/releases/tag/v7.29.3 thank you!

[xt0rted]

Got a couple Dependabot PRs for the new version, everything looks good except for the release notes section. For some reason they're including every link at the end of the release notes even if they aren't referenced in the text of it. OctoLinker/OctoLinker#1510

[ljharb]

That sounds like a dependabot bug; I'd report it to github. (i don't personally use dependabot; i find renovate to be a much better tool)