Maintenance: Split changelog generation in a separate workflow

[heitorlessa]

Summary

We should create a new reusable workflow to generate changelog based on merge and upon releases.

Why is this needed?

Recent release failed to push newly generated CHANGELOG due to the new lockdown permissions. GitHub doesn't seem to have all permissions fully documented to know which property we must change. Moving to a separate workflow allows us to resolve two problems: 1/ decouple restricted release permissions with changelog update, and 2/ always generate a new changelog upon a merge

remote: Permission to awslabs/aws-lambda-powertools-python.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/awslabs/aws-lambda-powertools-python/': The requested URL returned error: 403
Error: Process completed with exit code 128.

Which area does this relate to?

Automation, Governance

Solution

No response

Acknowledgment

• This request meets Lambda Powertools Tenets
• Should this be considered in other Lambda Powertools languages? i.e. Java, TypeScript

[heitorlessa]

When fully automated with docs being a separate workflow (changelog included), it should look like

• On new successful merge -> call docs workflow -> rebuild latest changelog (UNRELEASED)
• On successful release -> call docs workflow -> publish new docs version, rebuild latest changelog (new version)
• On successful layer -> call docs workflow -> update Layer Version

[github-actions]

This is now released under 1.27.0 version!