Reimplement Danger on pull_request_target

[dblock]

Danger uses a hardcoded token, which gets revoked by GitHub.

We need to split Danger work into a part that runs on pull_request to analyze the PR, and the part that comments on the pull request that uses a secret token.

https://code.dblock.org/2024/04/19/commenting-on-pull-requests-in-github-actions.html

[numbata]

Something like this https://github.com/ruby-grape/grape/pull/2632/files ?

[dblock]

Yes, if you can make it work @numbata !

[numbata]

I’ve added some changes to danger-changelog#65, which means we won’t need to reimplement the changelog plugin in our Dangerfile as I did in my draft PR.

Once that is merged, we can move forward with merging this PR: ruby-grape/danger#14, …and then bump the ruby-grape-danger version.

[numbata]

For transparency, my plan is:

• Remove the requirement for github_token from danger-changelog
  Add support for running changelog checks without GitHub API token dblock/danger-changelog#65
• Release a new version of danger-changelog
• Remove the toc! check (which also requires github_token) from the Dangerfile
  remove TOC check for README danger#14
• Bump the minimum danger-changelog version for ruby-grape-danger
• Release ruby-grape-danger
• Simplify the GitHub workflow based on these changes here:
  Remove API token requirement from Danger workflow #2632
• Roll out the updated workflow across the grape-* gems

[dblock]

Sounds great @numbata, I merged dblock/danger-changelog#65