.github/workflows: add a new release workflow

This creates a new "release" workflow to execute the release of golang.go extension.
(release.yml). The nightly release workflow was moved to release-nightly.yml in
the previous commit.

The new release workflow is triggered when a new tag on the release branch is pushed.

Note: our canonical repository is in go.googlesource.com/vscode-go and tagging
will be done in the canonical repository, and mirrored to the github repository.
A typical workflow will be like

1. A human operator creates a CL to merge the main dev branch to the 'release' branch.
   CI (GCB builder) will test the CL.
2. The CL is reviewed and merged. This triggers the "Long test workflow" (test-long.yml).
3. The human operator verifies the "Long test workflow" is green.
   Otherwise, fix (fix, cherry-pick, review, commit) on the 'release' branch.
4. When the 'release' branch reaches to the state ready for the release,
   the human operator will tag the commig from the canonical repository.
   Stable versions should be in the format of 'vX.X.X' (e.g. v0.15.0)
   Release candidates should be in the format of 'vX.X.X-rc.X' (e.g. v0.15.0-rc.1)
5. The gopherbot will mirror the tag to the GitHub repo, and that push will trigger
   the 'Release (golang.go)' workflow specified in this file.
     - For stable version release (vX.X.X), check if the package.json has the matching version.
     - Packaging using 'vsce package'
     - Create a release in Github
     - Upload the vsix file as an asset of the release
     - For stable version release (vX.X.X), upload to the vscode market place
       (not implemented in this CL)

And also, prevent workflows from running in forks.

Change-Id: Idb62c63dac064cd1cca8f87eacdfe87c029a49bf
Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/239177
Reviewed-by: Rebecca Stambler <rstambler@golang.org>
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 79139db..96e2275 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -7,6 +7,7 @@
+    if: github.ref == 'refs/heads/master' && github.repository == 'golang/vscode-go'
     # CodeQL runs on ubuntu-latest and windows-latest
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index 1a8a449..a04eaae 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -1,4 +1,4 @@
-name: release
+name: Release (golang.go-nightly)
 # Daily release on 15:00 UTC, monday-thursday.
 # Or, force to release by triggering repository_dispatch events by using
@@ -11,6 +11,8 @@
+    if: github.ref == 'refs/heads/master' && github.repository == 'golang/vscode-go'
     name: Release Nightly
     runs-on: ubuntu-latest
     timeout-minutes: 20
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..74b17a3
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,100 @@
+name: Release (golang.go)
+# The new release workflow is triggered when a new tag on the release
+# branch is pushed.
+# Note: our canonical repository is in go.googlesource.com/vscode-go and tagging
+# will be done in the canonical repository, and mirrored to the github repository.
+# A typical workflow is:
+# 1. A human operator creates a CL to merge the main dev branch to the 'release' branch.
+#    CI (GCB builder) will test the CL.
+# 2. The CL is reviewed and merged. This triggers the "Long test workflow" (test-long.yml).
+# 3. The human operator verifies the "Long test workflow" is green.
+#    Otherwise, fix (fix, cherry-pick, review, commit) on the 'release' branch.
+# 4. When the 'release' branch reaches to the state ready for the release,
+#    the human operator will tag the commig from the canonical repository.
+#    (https://go-review.googlesource.com/admin/repos/vscode-go,tags)
+#    Stable versions should be in the format of 'vX.X.X' (e.g. v0.15.0)
+#    Release candidates should be in the format of 'vX.X.X-rc.X' (e.g. v0.15.0-rc.1)
+# 5. The gopherbot will mirror the tag to the GitHub repo, and that push will trigger
+#    the 'Release (golang.go)' workflow specified in this file.
+#      - For stable version release (vX.X.X), check if the package.json has the matching version.
+#      - Packaging using 'vsce package'
+#      - Create a release in Github
+#      - Upload the vsix file as an asset of the release
+#      - For stable version release (vX.X.X), upload to the vscode market place
+#        (not implemented in this CL)
+  push:
+    tags:
+      - v*
+  build:
+    name: create release
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout code
+        uses: actions/checkout@v2
+      - name: get release version
+        id: release_version
+        run: |
+          TAGGED_VERSION="${GITHUB_REF/refs\/tags\/v/}"
+          if [[ ! "${TAGGED_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
+            echo "Invalid version tag '${TAGGED_VERSION}'"
+            exit 1
+          fi
+          echo ::set-env name=EXT_VERSION::"${TAGGED_VERSION}"
+          WRITTEN_VERSION="$(cat package.json | jq '.version' -r)"
+          if [[ ${TAGGED_VERSION} == *"-"* ]]; then
+            echo ::set-env name=EXT_ISPREVIEW::1
+          else
+            if [[ "${TAGGED_VERSION}" != "${WRITTEN_VERSION}" ]]; then
+              echo "Release Tag and Version in package.json do not match: '${TAGGED_VERSION}' vs '${WRITTEN_VERSION}'"
+              exit 1
+            fi
+            echo ::set-env name=EXT_ISPREVIEW::0
+          fi
+      - name: stamp version
+        run: |
+          cat package.json | jq --arg VER "${{ env.EXT_VERSION }}" '.version=$VER' > /tmp/package.json 
+          cp /tmp/package.json ./package.json
+          npm ci
+          npm run vscode:prepublish
+      - name: package
+        uses: lannonbr/vsce-action@704da577da0f27de5cdb4ae018374c2f08b5f523
+        with:
+          args: "package"
+      - name: create release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ env.EXT_VERSION }}
+          draft: false
+          prerelease: ${{env.EXT_ISPREVIEW == 1}}
+      - name: upload release asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./go-${{ env.EXT_VERSION }}.vsix
+          asset_name: go-${{ env.EXT_VERSION }}.vsix
+          asset_content_type: application/zip
+# TODO: check if the commit is in green state. (test-long.yml results)
+# TODO: publish to the market if VERSION is for a stable version.
+# TODO: after publishing, create a gerrit CL to update 'latest' branch if VERSION is for a stable version.
diff --git a/.github/workflows/test-long.yml b/.github/workflows/test-long.yml
index 9cc67d4..2c8ab08 100644
--- a/.github/workflows/test-long.yml
+++ b/.github/workflows/test-long.yml
@@ -13,7 +13,7 @@
     # Not containing 'SKIP CI' in the commit message AND
     # (Either non-Windows OR triggered on 'push' (if triggered by 'pull_request', github.base_ref is not empty)
-    if: "!contains(github.event.head_commit.message, 'SKIP CI')"
+    if: "github.ref == 'refs/heads/master' && github.repository == 'golang/vscode-go' && !contains(github.event.head_commit.message, 'SKIP CI')"
     timeout-minutes: 20
       fail-fast: false