ci: Make flank release more automatically

[piotradamczyk5]

Fixes #1346

Test Plan

How do we know the code works?

1. Create release notes job (this which generates documentation and changelog) will run each 1st day of the month
2. After merge Pr with changelog
3. Flank-release bot will push the tag with next version to repository
4. Then release job will run as usual

Checklist

• Documented
• At schedule to run release job at 1st day of the month
• Create job which will push release tag after merge PR

[github-actions]

Timestamp: 2020-11-27 06:18:30
Buildscan url for ubuntu-workflow run 386539063

[Sloox]

Can we test this somehow before we go ahead with it? Also #1354 should probably be a blocking issue for this.

[piotradamczyk5]

Can we test this somehow before we go ahead with it? Also #1354 should probably be a blocking issue for this.

Agreed #1354 block release job. However this task is for simplify release process.

I have tested it on my fork

[pawelpasterz]

This job can be triggered by any merged PR with a specific label (which can be added manually). (I can create PR compromised PR, add release label and merge it. If I understand the job description correctly -- it will start release)

If I am not wrong, release notes PR is created by a bot, I think we should consider adding an additional condition which verifies who is the creator or merged PR.

It's the first that came to my mind, if there is a better way to make it more secure I think it would be worth to implement it.

Of course, let me know, I might be wrong and this implementation is already secure 💪

[piotradamczyk5]

Yeah, you are 100% right that if someone uses release label it will generate new release,
I think that we could make additional check if issue is created by bot and/or check if title starts with chore: release notes for

[adamfilipow92]

Yaml looks good, I also check cron expression, and it's valid.

Action should run at

07:00 AM, on day 1 of the month