add github-environment input for deploy jobs

[oraNod]

This change adds a github-environment input so that scheduled jobs that deploy doc builds use an environment without approval protection while jobs triggered manually require approval.

Reason for this change: scheduled builds for devel and latest result in multiple deployment reviews. We should require approval for manually triggered builds only.

@samccann has suggested simply removing the approval as a deployment protection step from the existing environment.

Alternatively, this change lets us keep the approvals but results in another environment that contains the private part of the deploy key.

We could potentially create a custom deployment protection rule but that requires a GitHub App and is a bit more complex.

[samccann]

alas not qualified to review but can you explain the end result here? We will still need to approve all automated builds or just the build to latest?

[oraNod]

alas not qualified to review but can you explain the end result here? We will still need to approve all automated builds or just the build to latest?

@samccann This allows scheduled builds to deploy without approval. When someone manually kicks off a build, approval is still needed to deploy to test or prod (RTD).

As you mentioned in DaWGs this week, we can just remove the protection rule that requires approval for deployment. That seems like a good alternative to me but I'd like to hear what other folks think.

[oraNod]

@samccann I think we should just close this and remove the deployment protection rule as we discussed. It's probably overkill to duplicate the environments.

You also need to be a maintainer to trigger the workflow so it's not like some arbitrary person is going to kick off a build. And it's all in source control anyway so if something goes wrong, we can revert changes or just do a new build.