feat: setup canary releases using changesets

[saihaj]

Need to setup GitHub secret for NPM token NODE_AUTH_TOKEN and Bot token to comment GH_API_TOKEN

closes #3383

[dotansimha]

you can use ${{ secrets.GITHUB_TOKEN }} here, check the setup in graphiql repo

[dotansimha]

i think you can use github-actions

[dotansimha]

I guess we need the 2nd workflow for release? this way we can release using changeset as well. What do you think @IvanGoncharov ?
(Changesets collects all changeset files and keep an updated Release PR, so when it's merged, you get the actual version bump and NPM release)

[IvanGoncharov]

We discuss canary release so let's address that and see how it goes.

[dotansimha]

This is optional, we are using that to do custom pre-release and not use the default way of doing that with changesets...

[IvanGoncharov]

This custom guild stuff, right?
I think idea was that we use some popular tool for doing canary releases?
Those look like there are guild internal scripts?
I'm ok with automation but it should be something popular and widespread.

[kamilkisiela]

I can make it facebook/pr-comment, does it change anything?

[kamilkisiela]

how it's different from https://github.com/graphql/graphql-js/blob/main/resources/build-deno.js vs esbuild / tsc whatever tool?

[IvanGoncharov]

I'm not ok with putting NPM token on FS, it means all subsequent scripts have access to it.
Also, I'm not ok passing NPM token to anything that is not official NPM or GitHub tool/lib/etc.