Plan for new release

[MelSumner]

A new release is requested by our security team, so I've volunteered to contribute. As such, I'd like to document some planned steps to get us to a new release. This plan might change as I collaborate with @benschwarz but feedback from others is also welcome of course.

As noted in the comment below, I will create new issues for each item in the summary list, that way individual issues can be worked on.

[benschwarz]

Hey @MelSumner, thanks for opening this (and the private comms beforehand), appreciate it. Apologies for the delay in getting back to you.

Generally speaking image-actions needs some reasonably big updates & improvements. It's probably worth splitting into new issues so they can be prioritised and knocked off over time.

A summary topics that immediately come to mind:

1. Remove mozjpeg (IMO mozjpeg doesn't offer "significant enough" improvements any longer, and its inclusion means that we have to bundle this action in docker (and build part from source, which is slow).
2. Update action to be JS based, rather than Docker.
3. Update release process so that it's as straightforward as creating a new tag, and having a GitHub action to automate releases.
4. Document the release process so it's simple and trivial for any contributor.
5. Consider rewriting library in Typescript (I've got a branch that started this work, but moved to other more critical work since). TS will allow us to have a build process against the GitHub Octokit API, which feels like a solid choice to maintain the integration.
6. Update all dependencies & ensure that dependbot will run on a reasonable and sustainable cycle, so patch updates can flow freely as required.
7. (Optional): Since I first wrote this library, GitHub released https://github.com/actions/toolkit (in particular, @actions/core). If we were to introduce @actions/core, we could probably remove a bunch of initial code for inputs, outputs & settings in general. A good opportunity there, should someone want to put the effort in to polish 🧁

Speaking to the points you've already raised @MelSumner, I had some notes:

• If you've seeing tests that pass on a PR branch, but fail locally on your Mac, it may be due to differing compression algorithm settings between platforms. It's a weird historic detail in the test suite and I don't 100% remember if it still occurs… but thought I should mention it.
• GitHub have deprecated the method used to output, that's probably the first port of call for deprecation fixes.

My take is if we're able to clear off points 1—4, we're in a good spot to cut a release and work on further improvements from there.

[MelSumner]

This is super helpful! I'll work on it more tomorrow.

[MelSumner]

Remove mozjpeg (IMO mozjpeg doesn't offer "significant enough" improvements any longer, and its inclusion means that we have to bundle this action in docker (and build part from source, which is slow).

I think this might be resolved with #285 but I am not entirely sure I removed it completely.