I've found it hard to figure out which actions need which
permissions. GitHub doesn't seem to even document what the permissions
mean. So let's just give Clippy full access.
The new code scanner is complaining that actions have permissions to
do too much. It wasn't obvious to me what permissions the jobs need,
but let's see how this works.
My attempt at using rust-build/rust-build.action for release builds
(from bf21e65c5d) initially seemed promising. However, the produced
musl binary build segfaulted on my Debian machine. I don't know about
the Mac and Windows binaries. I then tried switching to building with
a vendored OpenSSL (cac93e2793), but then the build started failing
(https://github.com/martinvonz/jj/actions/runs/1978730621). I couldn't
figure out why it failed, so I decided to do the build in a more
manual way (without rust-build/rust-build.action), based on
https://github.com/gitext-rs/git-stack/blob/main/.github/workflows/post-release.yml
(thanks to @epage for the example and to @arxanas for the link). I
could simplify it a bit because I'm currently doing the releases via
the GitHub UI (epage's original triggers the release when a tag has
been pushed, IIUC). Let's hope that it works this time.
We should only need the `minimal` profile. Also, we already have
configured the action to use the `clippy` component, so I don't think
we need to explicitly add it with a separate `run` action.
I think I got the current template from Google's open-sourcing
process, but I don't care about most of it (GitHub actions already
check that tests pass, for example). Let's instead tell contributors
that they don't need to write anything at all there and that they
should describe the changes in the commit message(s) instead.
I agree with @unrelentingtech's comment in #54 that the steps to
reproduce should come before the expected and actual behavior. I don't
know where I got the current template from. I think it was from
Google's process for open-sourcing the project.
I also removed the version field from the template for now since I
haven't started updating it regularly yet. I should start doing that.