This gets rid of our "release" environment with high-profile secrets,
and the cockpituous/release infra.
The upstream release uses our shared
https://github.com/cockpit-project/action-release/ action.
This partitions secrets and limits their potential exposure/leakage.
This environment can be created with github-upload-action-secrets in [1].
[1] https://github.com/cockpit-project/bots/pull/2164
With [1] the release container moved from dockerhub to GitHub's
container registry, as we both build and use it from GitHub. This avoids
running into docker.io pull limits.
[1] https://github.com/cockpit-project/cockpituous/pull/353Closes#398
Enter the new world of GitHub actions [1]/GitLab pipelines [2]. This
simplifies our end of the infrastructure considerably:
* No need any more to set up webhooks, all the relevant configuration
is right in the workflow file.
* Does not need any infrastructure on our side any more, and thus works
for third-party projects. They just need to set up their own secrets.
* GitHub automatically provides a temporary `GITHUB_TOKEN` with
sufficient write access to the project to publish a release, so we
don't need to carry around that secret. Thus if your project only
releases to GitHub, there is zero secrets management.
Also adjust cockpituous-release a bit (update Fedora version, fix
project name copy-pasta), point to the action workflow and necessary
secrets.
Closes#380
