Currently our release process is kicked off whenever a PR is merged and there are no changesets within the `.changeset` directory. Typically this happens when we intend to publish a release, just after we merge a "Version Packages" PR which removes the changesets and adds the entries to our changelog.
However, this also means that merging any PR without user-facing changes during the period after we've made a release will trigger another release (which luckily fails because the created tag already exists on the remote. See #184).
This change avoids that scenario by fetching tags when checking out the repo. Now when `npx changeset tag` runs, it will see that the tag already exists and skip creating it (`🦋 Skipping tag (already exists): v3.3.2`). The `git push --tags` step will no longer throw an error ("Everything up-to-date"). And lastly, the publish step won't get triggered because the output from `npx changeset tag` doesn't contain the string `"New tag:"`. The action should just finish successfully with nothing to left do.
Fixes#184
If the token isn't specified, wrangler throws this error, indicating the CLOUDFLARE_API_TOKEN should be set, so it's worth being consistent so folks can copy/paste the examples and have it work out of the box:
```
In a non-interactive environment, it's necessary to set a CLOUDFLARE_API_TOKEN environment variable for wrangler to work.
```
Instead of using a mix of `child_process.exec`, `child_process.execSync` and a promisified version of `child_process.exec`, we now (mostly) just use `@actions/exec`. That runs `child_process.spawn` under the hood and handles a lot of character escaping for us. We can also now pass Buffers directly into the subprocess as stdin instead of relying on shell piping.
This ends up fixing a few problems we had where secrets and env var values containing shell metacharacters were being misinterpreted.
Unfortunately, `@actions/exec` doesn't support running with a shell. That means we still have to roll our own wrapper around `child_process.exec` to avoid a breaking change to `preCommands` and `postCommands`, since users might be expecting these to run within a shell.
Also worth noting that we're no longer hiding stdout and stderr from the secret uploading step. We were previously doing this out of an abundance of caution, but it made debugging issues very difficult if secret upload failed for some reason. I feel ok doing this since we're no longer echoing & piping the secret values, wrangler doesn't ever output secret values, and as a last line of defense GitHub masks any secret values that accidentally get logged.
We need to distinguish between when the value is and isn't set in order to perform inference based on lockfile and only fallback to the default of npm if inference fails.
