ci: use release champion

[shavonn]

No description provided.

[Copilot]

Pull request overview

Replaces the existing release automation workflow with a new “Release” workflow based on offload-project/release-champion.

Changes:

• Adds a new .github/workflows/release.yml workflow that runs on merged PRs and invokes offload-project/release-champion@v1.
• Removes the prior release-please workflow (.github/workflows/release-please.yml).
• Removes the Dependabot auto-merge workflow and updates .gitattributes to exclude additional tooling configs from exports.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/release.yml	New release workflow triggered on merged PRs, runs release-champion
.github/workflows/release-please.yml	Removed prior Release Please automation (push-to-main based)
.github/workflows/dependabot-auto-merge.yml	Removed Dependabot PR auto-merge automation
.gitattributes	Excludes phpstan/captainhook/pint config files from package exports

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The workflow triggers on any merged PR regardless of target branch. Previously releases were only initiated from main (via push), so this could create releases when PRs are merged into non-release branches. Consider restricting the trigger to pull_request.branches: [main] and/or adding an explicit if condition on github.event.pull_request.base.ref.

Suggested change

	types: [ closed ]
	types: [ closed ]
	branches: [ main ]

[Copilot]

The previous release process waited for required checks to complete before creating a release PR. This new workflow runs immediately on PR merge and doesn’t wait for CI, which can publish releases before the build/test workflow finishes (or even if branch protection doesn’t require it). Consider adding an explicit wait-for-checks step, or switching to on: workflow_run after the test workflow completes successfully.

Suggested change

	fetch-depth: 0
	fetch-depth: 0
	- name: Wait for required checks to complete
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: |
	const { owner, repo } = context.repo;
	const pr = context.payload.pull_request;
	const sha = pr.merge_commit_sha || pr.head.sha;
	const timeoutMinutes = 30;
	const intervalSeconds = 15;
	const deadline = Date.now() + timeoutMinutes * 60 * 1000;
	core.info(`Waiting for checks on ${sha} in ${owner}/${repo}`);
	async function allChecksCompletedSuccessfully() {
	const checks = await github.rest.checks.listForRef({
	owner,
	repo,
	ref: sha,
	});
	const runs = checks.data.check_runs;
	if (runs.length === 0) {
	core.info('No check runs found for this ref; proceeding.');
	return true;
	}
	let allCompleted = true;
	for (const run of runs) {
	core.info(`Check "${run.name}" status=${run.status} conclusion=${run.conclusion}`);
	if (run.status !== 'completed') {
	allCompleted = false;
	}
	if (run.conclusion && !['success', 'skipped', 'neutral'].includes(run.conclusion)) {
	throw new Error(`Check run "${run.name}" concluded with ${run.conclusion}`);
	}
	}
	return allCompleted;
	}
	while (Date.now() < deadline) {
	if (await allChecksCompletedSuccessfully()) {
	core.info('All required checks have completed successfully.');
	return;
	}
	core.info(`Checks not complete yet; waiting ${intervalSeconds}s...`);
	await new Promise(r => setTimeout(r, intervalSeconds * 1000));
	}
	throw new Error(`Timed out waiting for required checks after ${timeoutMinutes} minutes.`);

[Copilot]

PR title suggests switching the release mechanism, but this change set also removes the Dependabot auto-merge workflow. If that removal is intentional, it would be good to reflect it in the PR title/description; otherwise, consider keeping that workflow or moving the removal to a separate PR.