This change uses Cardinal's PAT for GitHub Actions CI. The way this
works is very convoluted, but it makes sense in theory.
1. Cardinal is a member of the Pryaxis org, in a group called "untrusted
robots." She has write access to Pryaxis/TShock, so she can create
status messages. This is because GitHub only allows status messages to
be created if a user has write access.
2. Cardinal has a PAT, and that PAT only has access to creating
repository status messages.
3. Danger requires permission to post comments and update CI status.
4. Cardinal's PAT is only authorized to create repo status messages, and
cannot privilege escalate.
5. GitHub implicitly gives everyone the ability to post comments on
public repositories.
Thus, this really interesting and weird flow should mean that Cardinal
can post comments and update status messages, by having write access but
functionally being unable to use it.
At least, that's the theory.
This commit adds Danger via GitHub Actions. Dangerfiles are ruby files
that have a DSL for interacting with GitHub. They can do arbitrary
things. See: https://danger.systems/reference.html
The point of this commit is to automate the process of asking people to
update the changelog. This is a really really annoying thing that we
have to do too often. Editing a pull request will automatically re-run
the check.
Truly trivial commits can be marked as trivial easily by using the
hashtag trivial in the PR body. This is really just useful for actually
trivial things. Most commits actually do need to have associated
changelog entries.
This changeset fixes several problems with the github actions build. It
removes the dependency on a repo script to install msbuild + VS. It
switches the shell back to cmd.exe, so that the scripts in build.yml
continue to run. It installs nuget via chocolatey, since that's not on
the path by default. Finally, it also uses built in MSBUILD to satisfy
the first statement.
