Deploy to staging manually using a script (#19769)

* Add 'script/deploy' to enable manual deploys to Heroku

* Pass API tokens into 'deploy-to-staging' module usage

* Construct Octokit instance to pass in

* Get PR branch name and verify state

* Reorganize

* Rename option to 'octokit'

* Add missing option

* Actually use the convenience methods for convenience

* Simplify top-level script

* Top-level script revisions

* Add parse-pr-url module

* Add create-staging-app-name module

* Remove misplaced comment

* Pass in owner

* Use owner param

* More variables

* Pass owner along more

* Correct prNumber param reference

* Add WIP deploy-to-staging module

* Prevent 'scripts/' and '.github/actions-scripts/' files from being modified in open source repo

* Extract PR author earlier

* Add note about optionally supplying DOCUBOT_REPO_PAT env var

* Override Heroku env var during AppSetup creation instead of later to avoid triggering a second deploy

* Updates to deploy-to-staging module

* Lots of updates

* Add dyno start-up monitoring and warmup requests

* Ignore 'script/deploy' in the repository-references test

* Correct path to Octokit helper

* Temporarily add a 'gha-' prefix to environment names

* Log whole error if terminal. Good for Octokit errors!

* Correct Octokit preview configuration

* Add more logging around Heroku build and release

* Added more timings to log messages

* Monitor dyno states specifically from the dyno list view to avoid 404 oddities when Free dynos are dropped and non-Free dynos are added

* Don't wait for AppSetup status as it includes the Build time

* Updating logging since we don't see DeploymentStatus update messages in the UI =(

* Remove commented out code

* Refactor to extract more properties from the PR object

* Fix reference to pull request number

* Increase Heroku polling intervals from 2.5 seconds to 5 seconds

* Remove unhelpful createDeploymentStatus API calls

* Workaround Heroku's secondary release upon app creation

.github/workflows/triage-unallowed-contributions.yml

@@ -7,15 +7,17 @@ name: Check unallowed file changes
 on:
   pull_request_target:
     paths:
+      - '.github/actions-scripts/**'
       - '.github/workflows/**'
       - '.github/CODEOWNERS'
-      - 'translations/**'
       - 'assets/fonts/**'
       - 'data/graphql/**'
       - 'lib/graphql/**'
       - 'lib/redirects/**'
       - 'lib/rest/**'
       - 'lib/webhooks/**'
+      - 'scripts/**'
+      - 'translations/**'
 
 jobs:
   triage:
@@ -63,15 +65,17 @@ jobs:
             openapi:
               - 'lib/rest/static/**'
             notAllowed:
+              - '.github/actions-scripts/**'
               - '.github/workflows/**'
               - '.github/CODEOWNERS'
-              - 'translations/**'
               - 'assets/fonts/**'
               - 'data/graphql/**'
               - 'lib/graphql/**'
               - 'lib/redirects/**'
               - 'lib/rest/**'
               - 'lib/webhooks/**'
+              - 'scripts/**'
+              - 'translations/**'
 
       # When there are changes to files we can't accept
       # and no review exists,leave a REQUEST_CHANGES review
@@ -83,17 +87,17 @@ jobs:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
             const badFilesArr = [
-              'translations/**',
-              'lib/rest/static/**',
+              '.github/actions-scripts/**',
               '.github/workflows/**',
               '.github/CODEOWNERS',
-              'translations/**',
               'assets/fonts/**',
               'data/graphql/**',
               'lib/graphql/**',
               'lib/redirects/**',
               'lib/rest/**',
-              'lib/webhooks/**'
+              'lib/webhooks/**',
+              'scripts/**',
+              'translations/**'
             ]
 
             const badFiles = badFilesArr.join('\n')