feat: add gh actions to publish canary versions [gh-0]

[nahuelon]

I hereby confirm that I followed the code guidelines found at engineering guidelines

Affected Components

• CLI
• Create CLI
• Test
• Docs
• Examples
• Other

Notes for the Reviewer

• add new Github Actions workflow to publish canary version to NPM registry only the build label is added to the PR
• the new package is published as version <packageVersion>.-canary-<prNumber>.<shortSha> and tag
  canary-<prNumber>
• a PR comment is created after the new version is published.

Note: if you want to re-publish after a new commit you have to remove the build label and add it again. This will generate a new version using the short commit SHA as suffix

You can check the last version published for this PR here

• TODO: increase version when new commits are added in the PR (publish fails if version already exists). Using the --git-tag-version doesn't work if the package is inside a subdir. (npm bug here)

New Dependency Submission

New oclif packages is added into the NPM dev dependencies. This is required because we the npx oclif manifest fails using --tag ... because npx uses the specified tag to try install the oclif packages. When it is present as a package it works.

[ndom91]

The verison of this I have experience with also appends the commit hash on the end, so yuo end up wtih version's like next-auth@0.0.0-pr.7056.ced446b7. This would handle the TODO issue you have above ^^. See the second link below for the custom GH Action that does this.

Check out:

• https://github.com/nextauthjs/next-auth/blob/main/.github/workflows/release.yml#L85
• https://github.com/nextauthjs/next-auth/blob/main/.github/version-pr/index.js

Also I would definitely recommend including the exact package name in the slack message that's posted / potentially also comment on the PR (See: https://github.com/nextauthjs/next-auth/blob/main/.github/workflows/release.yml#L114)

[ndom91]

Some formatting and version number comments, but looks really good so far!

[ndom91]

Also, just somethign to think about - Instead of running it on a pull_request: labeled event, at next-auth we use Github's environment's and branch protection rules to be able to run that Publish PR job any time, but require maintainer approval to do so. So you just have to click into the Action and hit "Review deployments" -> "Approve" to kick it off.

See: https://github.com/nextauthjs/next-auth/blob/main/.github/workflows/release.yml#L90

Source: https://github.com/nextauthjs/next-auth/actions/runs/4743012111

[github-actions]

🎉 Experimental release successfully published on npm

npm install @checkly/cli@0.0.0-pr.629.8b49369

[ndom91]

LGTM 👍 🥳

I can't see the package-lock.json changes in the Github UI, too big 😅. However, its a bit fishy to me that it's that many changes.. You only added oclif as a dev dependency, right? Hmm..

Is the package-lock.json format maybe updated from v1 to v2 here by accident?