ci(release): defined a github workflow to release with semantic-release

[travi]

re-enables the release automation that was lost with the cleanup of the .travis.yml in https://github.com/commitizen/cz-cli/pull/880. the GITHUB_TOKEN is provided automatically by the action and should have access to perform all necessary actions needed for the release. the NPM_PUBLISH_TOKEN would need to be made available as a secret to this action by a project maintainer.

this does not replace the verification that happens on Azure Pipelines and only runs on the master branch. it is assumed that changes are only ever merged after passing verification in a PR, so this workflow should be safe to implement independently from the existing verification pipelines.

this should unblock #914 and #897 (possibly more)

[daiyam]

@jimthedev @AndersDJohnson @kentcdodds Hi, could you validate this PR so a new release of the cli can be generated? Thx

[rin]

@LinusU @dmwelch Can you help? Thanks!

[micalevisk]

this PR will close the Issue #914 as the fix is merged already but not released yet

[travi]

if adding me as a maintainer could help with details like this, i'd be willing to help out with basic maintenance tasks like this. i wouldnt be able to dedicate a lot of time due to other OSS project responsibilities (hopefully, my reputation on those projects helps build trust to consider me as a maintainer here), but would like to help unblock vulnerability issues like this.

[kdmcguire]

Adding another vote of support; @jimthedev, please consider @travi's offer! I'm sure plenty of repos (like mine) have got a Critical dependabot security alert because there hasn't been a release for commitizen despite the updates being merged in already.

[jimthedev]

Just got back home. Wife has covid but will take a look and see if I can help.

[jimthedev]

Secret added, going to merge this.

[github-actions[bot]]

:tada: This PR is included in version 4.2.5 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket:

[daiyam]

@jimthedev Thx

[jimthedev]

@daiyam thank all of you for your patience.

[kdmcguire]

Thank you and @travi for resolving this!

[travi]

thanks for the merge @jimthedev! feel free to let me know if you need more help. commitizen is super valuable in combination with semantic-release, so i'd be happy to pitch in a bit if i can help keep things going.