Dependabot is always getting flagged as a new author even tho it uses
a consistent author of:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
But this doesn't work with plain grep. Fix by telling grep to treat
the value as a fixed string instead of a regular expression.
Multiple uploads can no longer use the same name, so give the cbindgen
artifact its own name of "cbindgen". Requires an additional download
for each build depending on this cbindgen artifact.
On pull request, get a list of commit authors for the pull request and
compare to the list of authors in git master. If any differ, save to
new-authors.txt and upload this as an artifact.
As a workflow-run, download this artifact and if non-empty, add a
comment to the pull-request that new authors may be part of the pull
request.
This 2 step approach is because GitHub actions running in pull-request
context are not allowed to comment on the pull request, instead a
post-workflow workflow has been added that runs in the context of the
repo which can then comment on the pull request.