Reusable Changelog Check is not fork-safe

[jhkennedy]

Jira: https://asfdaac.atlassian.net/browse/TOOL-2863

Note: The above link is accessible only to members of ASF.

---

The Reusable Changelog Check action uses Zomzog/changelog-checker under the hood with the default checkNotification: Detailed:

The checkNotification allows switching between Simple and Detailed checks. The simple check is based on the default check of the action. The detailed check will create a second check with a more precise message, but it required write access so it does not work with forks.

Detailed check fallback to simple for forks.

Even though it says it falls back to the simple check for forks, it still tries to create a secondary check and fails with HTTP 403. We see this most often with dependabot PRs (effectively fork PRs), which shouldn't run the detailed check as they are labeled bumpless but still fail with HTTP 403 errors when trying to create the secondary check:

• https://github.com/ASFHyP3/hyp3/actions/runs/9472867493/job/26106462418?pr=2321

It does seem to still work for non-forks, e.g.:

• https://github.com/ASFHyP3/its-live-monitoring/actions/runs/9323375656

However, Zomzog/changelog-checker is a Node.js 12 action, which is being forced to run on Node.js 16, which is also deprecated and should be running on Node.js 20 now. The last release was in Sept. 2022, and it hasn't seen a commit on the default branch since Jul. 2023, so we should find an alternative for this action.

tarides/changelog-check-action looks like a potential alternative, but it doesn't allow you to customize the no changelog label, so we'd need to contribute that upstream. Notably, tarides/changelog-check-action is just a really simple shell script:
https://github.com/tarides/changelog-check-action/blob/main/check.sh
so we could also implement something similar ourselves.