Add release workflows

[jtherrmann]

TODO:

• [x] How to add all the required labels (major, minor, patch, bumpless)?
• [x] Do we need a deploy workflow to call reusable-bump-version.yml?
• [x] Do we want static analysis? (I don't think so?)

[jhkennedy]

@jtherrmann for your todos/questions:

How to add all the required labels (major, minor, patch, bumpless)?

For new repositories, they will come with required labels as the default labels are set at the org-level here: https://github.com/organizations/ASFHyP3/settings/repository-defaults

For repos that already exist and don't have them, you'll need to add them manually -- easiest to copy paste values from the org defaults. For this repo, you add them here: https://github.com/ASFHyP3/hyp3-cookiecutter/labels

Do we need a deploy workflow to call reusable-bump-version.yml?

Yes, we need a tag-version.yml. The release workflow you've added is triggered on a new tag. To create the new tag from a merge to main, you need the reusable-bumb-version workflow.

We technically could not use a main branch and just manually push a tag for a release, but then we wouldn't need the labeled PR workflow and there would be no release review mechanism.

Do we want static analysis? (I don't think so?)

It's probably a good idea to have the secrets scanning on, but there isn't any linting or anything like that's needed.

[jhkennedy]

I went ahead and added the labels.

[jhkennedy]

Trufflehog failures should be good to ignore and will clean themselves up at release

[jtherrmann]

I've reviewed the trufflehog failures and confirmed that they can be safely ignored.