chore(ci): package-lock is updated from separate job (#28697)

After each release, we need to update the local `package-lock.json`
dependencies. We do this via a `npm install --package-lock-only`
command. However, this command can fail for reasons such as a connection
timeout. When this happens, the package-lock files do not get updated.

The problem is this action is also done in the same job as generating
the changelog and creating the GitHub release. This operations cannot be
re-done. As a result, we cannot simply re-run this job and try updating
the package-lock files again.

This PR changes the workflow to split the package-lock update out to its
own job. In the event that this job fails, we can re-run only this job
and leave the other jobs untouched.

Author: liamdebeasi

.github/workflows/release.yml

@@ -69,16 +69,25 @@ jobs:
       env:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       shell: bash
-    # Lerna does not automatically bump versions
-    # of Ionic dependencies that have changed,
-    # so we do that here.
-    - name: Bump Package Lock
-      run: |
-        lerna exec "npm install --package-lock-only"
-        git add .
-        git commit -m "chore(): update package lock files"
-        git push
-      shell: bash
+
+  update-package-lock:
+    # This needs to run after finalize-release
+    # because we also push to the repo in that
+    # job. If these jobs ran in parallel then it is
+    # possible for them to push at the same time.
+    needs: [finalize-release]
+    runs-on: ubuntu-latest
+    steps:
+      # Lerna does not automatically bump versions
+      # of Ionic dependencies that have changed,
+      # so we do that here.
+      - name: Bump Package Lock
+        run: |
+          lerna exec "npm install --package-lock-only"
+          git add .
+          git commit -m "chore(): update package lock files"
+          git push
+        shell: bash
 
   purge-cdn-cache:
     needs: [release-ionic]