Configure GitHub bot for automated releases and protected branches

[jwulf]

The workflow is like this:

All development work should be done via PRs against the alpha branch.

When a PR is merged to alpha, the tests are run, then semantic-release runs to determine if a new release is required. If it is, then an alpha package is published to NPM.

Production releases are accomplished by opening a PR from alpha to main.

When a PR is merged into main, semantic-release runs and if a new package release is required, a package is published to NPM.

[jwulf]

The challenge here is that branch protection rules that require a PR thwart semantic release, which needs to push tags, updated package.json and CHANGELOG.md directly to the branch.

A potential solution to this is detailed here: https://gonzalohirsch.com/blog/semantic-release-and-branch-protection-rules/

[jwulf]

This solution requires installing a GitHub App in the repository, which is a permissions issue.

GitHub Copilot suggests an alternative: turn off branch protection, and:

Developers create feature branches off the alpha branch and open pull requests to merge their changes back into alpha.

When the changes in alpha are ready to be released, the CI runs semantic-release on the alpha branch. semantic-release determines the next version number based on the commits, generates the release notes, updates the version number in package.json, creates a git tag, pushes the changes back to alpha, and publishes the package to the npm registry.

When alpha is ready to be merged into main, a pull request is opened to merge alpha into main.

The CI runs semantic-release on the main branch. semantic-release determines the next version number based on the commits, generates the release notes, updates the version number in package.json, creates a git tag, pushes the changes back to main, and publishes the package to the npm registry.

[jwulf]

This workflow is implemented now. This allows releases to take place, but does not enforce pull requests to the release branches (main and alpha). This means we need to have explicit knowledge and manual discipline to make sure that releases are not done inadvertently.

I've put in a request to have a GitHub App added to the repo to allow this one to be implemented later. That workflow will enforce PRs to be merged to create a release at the repo level.