ci: switch to semantic-release

Author: scriptcoded

.github/workflows/release-please.yml

@@ -0,0 +1,52 @@
+name: Release
+on:
+  push:
+    branches:
+      - '*.x'
+      - master
+      - beta
+      - alpha
+
+permissions:
+  contents: read # for checkout
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Import scriptbot's GPG key for signing commits
+        id: import-gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.BOT_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
+          git_config_global: true
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "lts/*"
+      - name: Install dependencies
+        run: npm clean-install
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GIT_AUTHOR_NAME: ${{ vars.RELEASE_GIT_NAME }}
+          GIT_AUTHOR_EMAIL: ${{ secrets.RELEASE_GIT_EMAIL }}
+          GIT_COMMITTER_NAME: ${{ vars.RELEASE_GIT_NAME }}
+          GIT_COMMITTER_EMAIL: ${{ secrets.RELEASE_GIT_EMAIL }}
+        run: npx semantic-release