Adding release-it configuration with workspaces publishing support

[scalvert]

~Depends on #1~

Adds release-it and associated configuration for yarn workspaces via create-rwjblue-release-it-setup.

Note: we're using the release-it-yarn-workspaces plugin even though we use npm in this repository. That plugin works with npm, and will ultimately be renamed to the more generic release-it-workspaces to correctly signify generic workspaces support.

[scalvert]

cc/ @jeffersonking

[scalvert]

Converting this to a draft for now while @eddynaka investigates requirements for publishing.

[eddynaka]

Converting this to a draft for now while @eddynaka investigates requirements for publishing.

Quick update on this:

• started a pr with codeql
• integrated with LGTM

Internally people run eslint. Should we run as well?

[scalvert]

@eddynaka since our github actions run eslint code should not be able to be merged in a PR without that passing. We could additionally run lint checks before a release, but it does seem redundant. If we're concerned about folks pushing to main and circumventing this, we could make main a protected branch, which would require anyone committing anything to be forced down the PR/actions pipeline.

WDYT?

[eddynaka]

@eddynaka since our github actions run eslint code should not be able to be merged in a PR without that passing. We could additionally run lint checks before a release, but it does seem redundant. If we're concerned about folks pushing to main and circumventing this, we could make main a protected branch, which would require anyone committing anything to be forced down the PR/actions pipeline.

WDYT?

no worries. I wasn't sure if we were already running. thanks for answering :)

[eddynaka]

@scalvert , I checked internally and everything that we set-up so far is good enough (CodeQL, LGTM, and ESLint). We can continue this pr :)

[scalvert]

@eddynaka thanks for looking into it!