chore(GHA): add semantic release manual gha

.github/workflows/sem_ver.yml

@@ -0,0 +1,55 @@
+# This workflow tests the installation of semantic release
+name: Semantic Release Test Installation
+
+on:
+  pull_request:
+
+jobs:
+  semantic-release:
+    runs-on: macos-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Support longpaths on Git checkout
+        run: |
+          git config --global core.longpaths true
+      - uses: actions/checkout@v3
+      # We only pull in the submodules we need to build the library
+      - run: git submodule update --init libraries
+
+      # We need access to the role that is able to get CI Bot Creds
+      - name: Configure AWS Credentials for Release
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2
+          role-session-name: CI_Bot_Release
+
+      - name: Upgrade Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      # Use AWS Secrets Manger GHA to retrieve CI Bot Creds
+      - name: Get CI Bot Creds Secret
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: Github/aws-crypto-tools-ci-bot
+          parse-json-secrets: true
+
+      # Log in as the CI Bot
+      - name: Log in as CI Bot
+        run: |
+          echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN}} > token.txt
+          gh auth login --with-token < token.txt
+          rm token.txt
+          gh auth status
+
+      # Test to see if we can setup semantic release
+      - name: Test Semantic Release Installation
+        uses: actions/checkout@v4
+        with:
+          ref: main
+      - run: |
+          make setup_semantic_release

.github/workflows/semantic_release.yml

@@ -0,0 +1,73 @@
+# This workflow runs semantic release, bumps, generates changelog, and tags the project
+name: Semantic Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry-run:
+        description: "Are you releasing a new version? (y/n)"
+        required: true
+        type: string
+
+jobs:
+  semantic-release:
+    # there is no easy way in gha to check if the actor is part of the team, running semantic release is a more
+    # privileged operation, so we must make sure this list of users is a subset of the users labeled as maintainers of
+    # https://github.com/orgs/aws/teams/aws-crypto-tools
+    if: contains('["seebees","texastony","ShubhamChaturvedi7","lucasmcdonald3","josecorella","imabhichow","rishav-karanjit","antonf-amzn","justplaz","ajewellamz"]', github.actor)
+    runs-on: macos-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Support longpaths on Git checkout
+        run: |
+          git config --global core.longpaths true
+      - uses: actions/checkout@v3
+      # We only pull in the submodules we need to build the library
+      - run: git submodule update --init libraries
+
+      # We need access to the role that is able to get CI Bot Creds
+      - name: Configure AWS Credentials for Release
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2
+          role-session-name: CI_Bot_Release
+
+      - name: Upgrade Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      # Use AWS Secrets Manger GHA to retrieve CI Bot Creds
+      - name: Get CI Bot Creds Secret
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          secret-ids: Github/aws-crypto-tools-ci-bot
+          parse-json-secrets: true
+
+      # Log in as the CI Bot
+      - name: Log in as CI Bot
+        run: |
+          echo ${{env.GITHUB_AWS_CRYPTO_TOOLS_CI_BOT_ESDK_RELEASE_TOKEN}} > token.txt
+          gh auth login --with-token < token.txt
+          rm token.txt
+          gh auth status
+
+      # Set up semantic release
+      - name: Setup Semantic Release
+        run: |
+          make setup_semantic_release
+
+      # Run semantic release in dry run mode if input matches
+      - name: Run Semantic Release in dry run mode
+        if: ${{inputs.dry-run == 'n'}}
+        run: |
+          make dry_run_semantic_release
+
+      # Run semantic release if input matches
+      - name: Run Semantic Release
+        if: ${{inputs.dry-run == 'y'}}
+        run: |
+          make run_semantic_release

.releaserc.cjs

@@ -53,7 +53,7 @@ const Runtimes = {
  * @type {import('semantic-release').GlobalConfig}
  */
 module.exports = {
-  //branches: ["main"],
+  branches: ["main"],
   repositoryUrl:
     "[email protected]:aws/aws-cryptographic-material-providers-library.git",
   plugins: [