chore(actions): Add release stack and extra validation test on Release (tag event)

[ViacheslavKudinov]

Resolves #2856

---

Before the change?

• ❌ validation doesn't run on exactly release/tag commit at this moment

After the change?

• ✅ add extra job on "Release" workflow to run validation (own Terraform stack) before release happens
• ⚙️ add separate Terraform stack (for now only provider) which makes sense to run on "Release"
• ✔️ result of the run of new version of workflow can be seen there

Pull request checklist

• Schema migrations have been created if needed (example)
• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

• Yes
• No

---

⚠️ PAY ATTENTION: If validation on release workflow fails it means "tag" most likely has to be deleted or moved to the fixed commit as provider is "broken" ! ⚠️

[ViacheslavKudinov]

@nick Please, feel free to suggest any improvements or other way how we can catch issues on actual release artifact.

[ViacheslavKudinov]

Hi @nickfloyd
Our CI without this extra validation will not catch broken provider if a new tag is not based on main branch, like the last release.
It may help (at least my hope) to detect provider doesn't pass validation before new release will be done.

[nickfloyd]

Hi @nickfloyd Our CI without this extra validation will not catch broken provider if a new tag is not based on main branch, like the last release. It may help (at least my hope) to detect provider doesn't pass validation before new release will be done.

Yeah (thank you for making this change), catching it before attempting releasing is the ideal - but with patches it has made things messy.

[ViacheslavKudinov]

You are welcome and I really hope it may help to prevent to happen releases when this type of validation didn't pass.

We are as organization rely on this provider and I am interested to make my best to make it more stable.

I appreciate your work and happy to see that development is happening again.
There are some gaps and we are behind in such things like the latest go github client, Terraform framework and other aspects.

[ViacheslavKudinov]

I see its actually even more tricky.
Our workflows are run from these patch branches and if new versions of workflows aren't merged it will run in context of this branch.

There is a need to get new release workflow in patch branch or make it to use reusable workflow from @main branch.
I'm afraid it will complicate CI if we start to introduce reusable workflows, but it may help for some use cases when patch branch is behind main. But still at least it should use reusable workflows to fetch new code of workflow from main.

[ViacheslavKudinov]

@nickfloyd Maybe we need to add something to run tests on release event to do some regression when release has happened and it wasn't yet synced from hashicorp registry site.