chore: add minimal Craft release tooling configuration (#101)

* chore: add minimal Craft release tooling configuration

- Add .craft.yml with minimal configuration for GitHub-only releases
- Add release workflow with required version input
- Uses no-op preReleaseCommand since no version tracking needed
- Enables automated release management via craft

* fix: add explicit permissions to release workflow

Adds 'permissions: contents: read' to limit GITHUB_TOKEN permissions
following security best practices. The workflow uses a GitHub App token
for privileged operations, so limiting the default token to read-only
is appropriate.

Author: vaind

.craft.yml

@@ -0,0 +1,5 @@
+minVersion: 0.23.1
+changelogPolicy: auto
+preReleaseCommand: pwsh -c ''
+targets:
+  - name: github

.github/workflows/release.yml

@@ -0,0 +1,39 @@
+name: Release
+
+permissions:
+  contents: read
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Version to release
+        required: true
+      force:
+        description: Force a release even when there are release-blockers (optional)
+        required: false
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    name: "Release a new version"
+    steps:
+      - name: Get auth token
+        id: token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        with:
+          app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
+          private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
+
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.token.outputs.token }}
+          fetch-depth: 0
+
+      - name: Prepare release
+        uses: getsentry/action-prepare-release@v1
+        env:
+          GITHUB_TOKEN: ${{ steps.token.outputs.token }}
+        with:
+          version: ${{ github.event.inputs.version }}
+          force: ${{ github.event.inputs.force }}