Bump the version using the #flags from the PR description

[ll-nick]

Closes #79

Instead of relying on a marketplace action, we now use bash script to compute a new version from the PR description. The new version is computed based on the existence of one of the following flags (proceeded by a #):

• major
• minor
• patch

#patch

[ll-nick]

I tested this using another branch where the workflow is triggered on any push, the version is computed from the commit description. The pipeline also stops after echoing the new version in the next job in order not to generate a bunch of useless releases and automated commits.

Check out the action for a test of each case (major, minor, patch, default)

[orzechow]

Thanks! That was a quick one 👌

Please make sure that this solution is not vulnerable to code injections. Is the PR body escaped or would a PR body starting with e.g. " break the job?

[ll-nick]

Ok, this is ready for re-review @orzechow

On top of the points in the discussions above, I tidied up the script and the workflow a little in 95bcfb3, e7934b9 and 228c042

For reference, I triggered the action using the test branch again, this time using a malicious commit message containing a ".
It failed at first, but after adding the sanitation in the workflow (20e87b8) it worked fine.

[orzechow]

Great! 😁

I guess the last nitpick:
We could think how to avoid the #tag from ending up in our release description.
Not super important though 🙈

[ll-nick]

Thanks for the review. About your point: I'd say the benefit is not worth the effort. It adds another potential point of failure to a workflow that's pretty complex already and I don't think it hurts having it there. So I'll just go ahead and merge as is :)