Update hardcoded versions, properly fill release notes

[nwiltsie]

Description

Apologies again for the sprawl - this was supposed to stop at 6abcb41, but then I caught an unrelated bug that needed fixing.

The big change in this PR is the addition of an optional new version_files input to the release preparation workflow. That input (a string of comma-separated relative paths) is used to update hard-coded version strings throughout the repository while prepping the release. That means that we can now use this tool for pipelines, point that argument at nextflow.config, and then never manually adjust a version number again. It should also work for R DESCRIPTION files, python version.py files, etc.

You can see this in action with https://github.com/uclahs-cds/docker-internal-tests/pull/27 (and all of the other recent releases from that repository):

The way I'm updating those files is intentionally pretty brittle - I've got a big regex that looks for lines of the form version = xxx (handling quotes, spaces, commas, comments, capitalization, etc.). If any of the input files have 0 or 2+ matches the action fails. That should hopefully encourage users to keep the version strings distinct and avoid a regex arms-race.

---

The rest of the changes in this PR come from a consequence of #13 - GitHub's default behavior when creating release notes is to use the most recent tag... and since the dynamic v2 alias tag is explicitly updated after the stable release tag, it ended up getting chosen. See https://github.com/uclahs-cds/docker-internal-tests/releases/tag/v2.1.1 for an example.

Fixing that requires parsing the tags and semantic version numbers of prior releases, so I moved the release finalization logic out of JavaScript and into python. You can see the correct link to the prior tag in https://github.com/uclahs-cds/docker-internal-tests/releases/tag/v2.2.0 .

---

I added a bunch of unit tests for the version file updating and the prior release tag discovery as well:

tool-create-release/tests/test_versionfiles.py

Lines 8 to 77 in a4d5696

	# A list of tuples. The first element represents the existing version string in
	# a file, and the second represents the expected text once the version has been
	# updated to `2.3.4`.
	version_strings = [
	(
	# Python-style, double-quoted
	'''__version__ = "1.1.0"''',
	'''__version__ = "2.3.4"''',
	),
	(
	# Python-style, single quotes
	"""__version__ = '1.1.0'""",
	"""__version__ = '2.3.4'""",
	),
	(
	# Python-style, no quotes
	"""__version__ = 1.1.0""",
	"""__version__ = 2.3.4""",
	),
	(
	# Plain string version
	'''version = "1.1.0"''',
	'''version = "2.3.4"''',
	),
	(
	# Version key double quoted
	'''"version" = "1.1.0"''',
	'''"version" = "2.3.4"''',
	),
	(
	# Version key single quoted
	"""'version' = '1.1.0'""",
	"""'version' = '2.3.4'""",
	),
	(
	# Trailing comma
	"""version = "1.1.0",""",
	"""version = "2.3.4",""",
	),
	(
	# Extra spaces
	""" version = "1.1.0" """,
	""" version = "2.3.4" """,
	),
	(
	# No spaces
	'''version="1.1.0"''',
	'''version="2.3.4"''',
	),
	(
	# Capitalization
	"""Version=1.2.3""",
	"""Version=2.3.4""",
	),
	(
	# Comments
	"""VERSION=foo # comments""",
	"""VERSION=2.3.4 # comments""",
	),
	(
	# Colon separator
	"""version: 1.2.3""",
	"""version: 2.3.4""",
	),
	(
	# Space separator
	"""version 90304""",
	"""version 2.3.4""",
	),
	]

Closes #10

Checklist

• This PR does NOT contain Protected Health Information (PHI). A repo may need to be deleted if such data is uploaded.
  Disclosing PHI is a major problem¹ - Even a small leak can be costly².

• This PR does NOT contain germline genetic data³, RNA-Seq, DNA methylation, microbiome or other molecular data⁴.

• This PR does NOT contain other non-plain text files, such as: compressed files, images (e.g. .png, .jpeg), .pdf, .RData, .xlsx, .doc, .ppt, or other output files.

  To automatically exclude such files using a .gitignore file, see here for example.

• I have read the code review guidelines and the code review best practice on GitHub check-list.

• I have set up or verified the main branch protection rule following the github standards before opening this pull request.

• The name of the branch is meaningful and well formatted following the standards, using [AD_username (or 5 letters of AD if AD is too long)]-[brief_description_of_branch].

• I have added the major changes included in this pull request to the CHANGELOG.md under the next release version or unreleased, and updated the date.

Footnotes

1. UCLA Health reaches $7.5m settlement over 2015 breach of 4.5m patient records ↩

2. The average healthcare data breach costs $2.2 million, despite the majority of breaches releasing fewer than 500 records. ↩

3. Genetic information is considered PHI.
   Forensic assays can identify patients with as few as 21 SNPs ↩

4. RNA-Seq, DNA methylation, microbiome, or other molecular data can be used to predict genotypes (PHI) and reveal a patient's identity. ↩

[yashpatel6]

No more manual version PRs 🎉