* Reduce dependence on third-party build scripts in release pipeline
This removes one third-party build script from the release
pipeline for the release tar.gz, though one is still used in the
now-separate netlify deploy.
* Reduce GITHUB_TOKEN perms in actions when using 3rd party scripts
This avoids allowing third parties to arbitrarily overwrite the
repository.
* Replace PGP signing action with the bash script from the same
The PGP signing action ultimately just calls gpg with arguments
set in
https://github.com/actionhippie/gpgsign/blob/v1/overlay/usr/local/bin/entrypoint
so its rather trivial to simply take the required arguments and
put them directly in CI.
This is substantially safer than the PGP signing action used as the
action currently downloads, unverified and un-pinned, a docker
image in order to access PGP.
* Fixes#434
* Fixes#433
* Prtially fixes#432
* Disable auto labelling of issues
* Use yaml instead of yml as recommended by yaml.org
* shortened the strings
* simplified option description
* Simplify production build actions
This merges both the netlify-prod and docker action and also automatically add tarball to releases.
* Delete docker.yaml
* Delete netlify-prod.yaml
* Cosmetic changes and add dockerhub check
* Cosmetic changes
* Fix check runs on Tuesdays only
