Remove API token requirement from Danger workflow

[numbata]

Switch to tokenless execution using with GitHub Actions annotations for inline feedback. This eliminates the need for the grape-bot token while still providing PR feedback via workflow annotations.

Changes:

• Use commit SHAs instead of branch refs for reliable diff calculation
• Output violations as GitHub Actions annotations (errors, warnings, notices)
• Update to actions/checkout@v6 with full history fetch

[numbata]

Dependent on dblock/danger-changelog#66 now

[dblock]

Is this needed here?

[numbata]

yes, to have .github/scripts/post-danger-comment.js on "Post or Update PR Comment" step, but maybe I'll just move back to have it inline in here.

[dblock]

That's checking out the code from upstream, right? Otherwise you can inject things here. All good with me.

If possible to package it that'd be best, but can be taken care of later.

[dblock]

Any way we can package and release this as part of grape-danger?

[dblock]

I'm good with this!

Can we move some/most/all of these things into https://github.com/ruby-grape/danger? Otherwise let's work on archiving that repo.

[numbata]

@dblock We can't move workflows totally to ruby-grape-danger. Something will stay here. But we can try to reuse workflows from danger by something like:

# .github/workflows/danger.yml
name: Danger
on:
  pull_request:
    types: [opened, reopened, edited, synchronize]
jobs:
  danger:
    uses: uses: ruby-grape/danger/.github/workflows/danger-run.yml@main
    secrets: inherit

and

# .github/workflows/danger-comment.yml
name: Danger Comment
on:
  workflow_run:
    workflows: [Danger]
    types: [completed]
permissions:
  actions: read
  contents: read
  issues: write
  pull-requests: write
jobs:
  comment:
    if: github.event.workflow_run.event == 'pull_request'
    uses: uses: ruby-grape/danger/.github/workflows/danger-comment.yml@main
    with:
      run-id: ${{ github.event.workflow_run.id }}
    secrets: inherit

[dblock]

@numbata cool, up to you when you want to refactor