Add WinGet release step

[mimoguz]

This pull request was created following this discussion.

The PR adds another step to the CI process that updates the WinGet release using WinGet Releaser action.

Requirements

WinGet Releaser has following requirements, which were better explained in its readme:

• At least one version of the package to be released in the Windows Package Manager Community Repository.
• A classic Personel Access Token.
• An up-to-date fork of winget-pkgs under the same account as this repository. WinGet Releaser can automatically update the fork if the Personel Access Token has workflow permission.
• The action will only work when the release is published (not a draft).

[lwronski]

Will it be sufficient if Personel Access Token is only allowed to public_repo? as described in winget-create Readme.md

[mimoguz]

Will it be sufficient if Personel Access Token is only allowed to public_repo? as described in winget-create Readme.md

public_repo plus optionally workflow (required to update the fork).

[lwronski]

Can we now test with only the public_repo privilege? Personal Access Token with these privileges is available under the STEWARD_WINGET_TOKEN secret.

[mimoguz]

Sure. But you will need to make sure your fork of winget-pkgs is up-to-date before creating a release.

Should I update the PR to use STEWARD_WINGET_TOKEN?

[tgodzik]

Sure. But you will need to make sure your fork of winget-pkgs is up-to-date before creating a release.

Should I update the PR to use STEWARD_WINGET_TOKEN?

Why would we need it up to date? If we only update the single value file/value we shouldn't get any problematic conflicts

[mimoguz]

Three files. Personally I also think we shoudn't need most up-to-date version, as long as some previous versions of the files we need are in the main brach. The action will should create new files using the existing ones as templates and then put them in ScalaCLI/<version> directory. I was just parroting WinGet Releaser's readme, sorry.

[lwronski]

In the WinGet Releaser, it states that only classic tokens are supported and refers to an issue in the cli repository where repo-second tokens aren't available to run GraphQL requests.

However, I have checked the linked issue and it seems that the issue was resolved in the cli repository. GitHub now supports the GraphQL API for repo-scoped tokens, as mentioned in this blog post: https://github.blog/changelog/2023-04-27-graphql-improvements-for-fine-grained-pats-and-github-apps/.

@tgodzik, I think we can generate a token that only has access to the fork of the winget-pkgs repository and test if it works.

[lwronski]

Hi @mimoguz, sorry for the delayed response. We've updated the STEWARD_WINGET_TOKEN to include workflow permissions. Once the secret used in the CI is renamed to STEWARD_WINGET_TOKEN, we should be ready to merge.

[lwronski]

@mimoguz, Thank you for your contribution! We'll verify its during the next Scala CLI release.