Skip to content

chore: standardize repository tooling#785

Closed
QDyanbing wants to merge 3 commits into
react-component:masterfrom
QDyanbing:standardize-rc-util
Closed

chore: standardize repository tooling#785
QDyanbing wants to merge 3 commits into
react-component:masterfrom
QDyanbing:standardize-rc-util

Conversation

@QDyanbing

@QDyanbing QDyanbing commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

变更

  • Track rc component repository standardization ant-design/ant-design#58514 的统一标准重写 README,切换到 @rc-component/util 标题、scoped npm 徽章、Ant Design 生态说明、Highlights、Install、Usage、Examples、API、Development、Release 和 License 结构。
  • 补充 rc-util 当前导出的 hooks、ref、DOM、React/data/test helper API 摘要,移除 README 中已经不符合当前源码的旧 rc-util API 文档。
  • 标准化脚本:新增 tscprettier,修正 lint 为单条 eslint 命令,更新 lint-staged 的 Prettier 写法。
  • 将主测试 workflow 切换到 react-component/rc-test/.github/workflows/test-utoo.yml@main
  • 新增 React Doctor、Surge Preview、可选 Cloudflare Pages Preview、Vercel 配置和 Funding 配置。
  • 更新 CodeQL、checkout、setup-node、gh-pages 等 action 到已 pin 的 SHA,并禁用 checkout 的 persisted credentials。
  • 补充 tsconfig include 和 @rc-component/util path,更新 docs 首页标题。

兼容性

  • 无运行时代码变更。
  • 不引入 breaking change。
  • 预览和发布构建继续使用现有 dumi 输出目录 .doc

验证

  • npx prettier --write --ignore-unknown README.md package.json tsconfig.json docs/index.md vercel.json .github/FUNDING.yml .github/workflows/*.yml
  • npm run tsc
  • npm run lint
  • npm test -- --runInBand
  • npm run compile
  • npm run build
  • git diff --check

说明:npm run lintnpm run compile 仍有两个既有 warning(findDOMNode.ts 的 type import、Portal.tsx{} 类型),没有新增 error。

Summary by CodeRabbit

  • New Features

    • 新增 PR 预览部署支持,可自动生成在线预览。
    • 增加站点托管与预览配置,便于更快查看变更效果。
  • Documentation

    • 重写首页与 README 内容,更新品牌、简介、安装与用法说明。
    • 同步更新多个示例页面的引用与展示内容。
  • Chores

    • 更新 CI/安全检查流程与依赖版本锁定,提升构建稳定性。
    • 调整项目别名与脚本配置,保持开发与发布流程一致。

@vercel

vercel Bot commented Jun 26, 2026

Copy link
Copy Markdown

@QDyanbing is attempting to deploy a commit to the React Component Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

此 PR 将包名与示例导入统一切换到 @rc-component/util,同步重写 README 和站点文案,并更新脚本、GitHub Actions、Vercel 与预览部署配置。

Changes

包名与站点迁移

Layer / File(s) Summary
别名与路径映射
.dumirc.ts, tsconfig.json
aliaspaths 的解析目标改为新的源码入口和临时目录映射。
示例导入迁移
docs/examples/dynamicCSS.tsx, docs/examples/focus.tsx, docs/examples/getScrollBarSize.tsx, docs/examples/portal.tsx, docs/examples/styleChecker.tsx
多个示例文件的导入路径从 rc-util 或相对路径切换为 @rc-component/util 包内路径。
toArray 示例更新
docs/examples/toArray.tsx
toArray 示例更新了导入路径、类型标注、子节点用例和 JSX 排版。
README 与站点文案
README.md, docs/index.md, .github/FUNDING.yml
README 结构、API 汇总、开发信息,以及主页和资助信息都改为新的包名表述。
构建脚本与部署配置
package.json, vercel.json
lintprettiertsclint-staged 脚本调整,vercel.json 新增框架、安装、构建和输出目录配置。
工作流更新
.github/workflows/codeql.yml, .github/workflows/react-component-ci.yml, .github/workflows/site-deploy.yml
CodeQL、可复用测试工作流和 GitHub Pages 部署工作流改为固定引用或新的工作流入口。
React Doctor 工作流
.github/workflows/react-doctor.yml
新增的 React Doctor 工作流定义了 PR/push 触发、权限、并发和 Action 执行步骤。
预览部署工作流
.github/workflows/cloudflare-pages-preview.yml, .github/workflows/surge-preview.yml
Cloudflare Pages 与 Surge 预览工作流新增了 PR 触发、条件跳过、构建和部署步骤。

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

Suggested reviewers

  • zombieJ

Poem

🐰 旧名换新名,草叶轻轻摇,
文档翻一页,徽标闪闪跳。
预览和构建,咔哒一起跑,
兔耳一抖,路径都找对了。
啃口胡萝卜,继续向前跳。

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed 标题与本次对仓库工具链、工作流和文档结构的标准化改动相关,虽未覆盖 README 更新但仍指向主要变更。
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

.dumirc.ts

ESLint skipped: missing config or dependency (missing-dependency). The ESLint configuration references a package that is not available in the sandbox.

docs/examples/dynaymicCSS.tsx

ESLint skipped: the ESLint configuration for this file references a package that is not available in the sandbox.

docs/examples/focus.tsx

ESLint skipped: the ESLint configuration for this file references a package that is not available in the sandbox.

  • 4 others

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request migrates the repository to the scoped package @rc-component/util, updating the README, documentation, and configuration files accordingly. It also refactors package scripts, updates TypeScript paths, and adds a Vercel configuration. Feedback is provided regarding a mismatch in the README where useMobile is documented as an exported hook but is not exported in src/index.ts.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread README.md Outdated
@codecov

codecov Bot commented Jun 26, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.42%. Comparing base (b7731c3) to head (6058d06).

Additional details and impacted files
@@           Coverage Diff           @@
##           master     #785   +/-   ##
=======================================
  Coverage   86.42%   86.42%           
=======================================
  Files          39       39           
  Lines        1068     1068           
  Branches      388      373   -15     
=======================================
  Hits          923      923           
  Misses        143      143           
  Partials        2        2           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@QDyanbing QDyanbing marked this pull request as ready for review June 26, 2026 06:45

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
.github/workflows/cloudflare-pages-preview.yml (1)

31-31: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

预览构建建议使用 npm ci 以保证可复现性。

预览部署使用 npm install 会按 package.json 解析最新满足范围的版本,构建结果不可复现。若仓库存在 package-lock.json,建议改用 npm ci

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/cloudflare-pages-preview.yml at line 31, The Cloudflare
Pages preview workflow is using npm install, which can produce non-reproducible
builds. Update the workflow step in cloudflare-pages-preview to use npm ci
instead, keeping the install behavior locked to package-lock.json for consistent
preview deployments.
package.json (1)

28-34: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

docs 和根级 TS 配置也纳入 lint

这次迁移同时改了 docs/examples/*.tsx,而 tsconfig.json 也把 docs.dumirc.ts.fatherrc.ts 视为受支持的 TS 输入;现在的 lint 只扫 src/tests/,这些文件里的导入或 JSX/TS 语法问题会直接失去 ESLint 覆盖。

建议改法
-    "lint": "eslint src/ tests/ --ext .tsx,.ts",
+    "lint": "eslint src/ tests/ docs/ .dumirc.ts .fatherrc.ts --ext .tsx,.ts",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 28 - 34, Update the package.json lint script so
ESLint also checks the docs directory and the root TypeScript config files that
are part of the supported TS inputs. The current lint command only covers src/
and tests/, so adjust the lint target list in the package.json scripts entry to
include docs, .dumirc.ts, and .fatherrc.ts alongside the existing paths. Use the
lint script as the place to make this change so docs/examples/*.tsx and root TS
files continue to receive ESLint coverage.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/cloudflare-pages-preview.yml:
- Line 41: The Cloudflare Pages deploy command is directly interpolating
github.head_ref into wrangler-action’s command string, which creates a
shell-injection risk from user-controlled branch names. Update the workflow to
stop concatenating the branch name in the command and instead pass it through an
environment variable or equivalent safe input, then reference that variable from
the deploy step so the branch value is not parsed as shell syntax. Use the
existing deploy step in cloudflare-pages-preview and the command field as the
location to apply the fix.

In @.github/workflows/react-component-ci.yml:
- Line 5: The reusable workflow reference in react-component-ci.yml is too
loosely pinned and the current secret forwarding is broader than necessary.
Update the workflow invocation that uses test-utoo.yml to reference a specific
commit SHA instead of `@main`, and replace secrets: inherit with an explicit
CODECOV_TOKEN mapping so only the required secret is passed through.

---

Nitpick comments:
In @.github/workflows/cloudflare-pages-preview.yml:
- Line 31: The Cloudflare Pages preview workflow is using npm install, which can
produce non-reproducible builds. Update the workflow step in
cloudflare-pages-preview to use npm ci instead, keeping the install behavior
locked to package-lock.json for consistent preview deployments.

In `@package.json`:
- Around line 28-34: Update the package.json lint script so ESLint also checks
the docs directory and the root TypeScript config files that are part of the
supported TS inputs. The current lint command only covers src/ and tests/, so
adjust the lint target list in the package.json scripts entry to include docs,
.dumirc.ts, and .fatherrc.ts alongside the existing paths. Use the lint script
as the place to make this change so docs/examples/*.tsx and root TS files
continue to receive ESLint coverage.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b2658724-fa8c-4104-b238-dc60346f9716

📥 Commits

Reviewing files that changed from the base of the PR and between b7731c3 and 6058d06.

📒 Files selected for processing (19)
  • .dumirc.ts
  • .github/FUNDING.yml
  • .github/workflows/cloudflare-pages-preview.yml
  • .github/workflows/codeql.yml
  • .github/workflows/react-component-ci.yml
  • .github/workflows/react-doctor.yml
  • .github/workflows/site-deploy.yml
  • .github/workflows/surge-preview.yml
  • README.md
  • docs/examples/dynaymicCSS.tsx
  • docs/examples/focus.tsx
  • docs/examples/getScrollBarSize.tsx
  • docs/examples/portal.tsx
  • docs/examples/styleChecker.tsx
  • docs/examples/toArray.tsx
  • docs/index.md
  • package.json
  • tsconfig.json
  • vercel.json

with:
apiToken: ${{ env.CLOUDFLARE_API_TOKEN }}
accountId: ${{ env.CLOUDFLARE_ACCOUNT_ID }}
command: pages deploy .doc --project-name=${{ env.CLOUDFLARE_PAGES_PROJECT }} --branch=${{ github.head_ref }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win

避免将 github.head_ref 直接插值到 command 中(模板注入隐患)。

command 会被 wrangler-action 作为 shell 命令执行,而 github.head_ref 是用户可控的分支名。Git 引用名允许包含 $、反引号、; 等 shell 元字符,攻击者可构造特制分支名注入命令。虽然此处密钥仅对同仓库 PR 可用(fork PR 因密钥为空被跳过)从而限制了暴露面,但仍建议通过环境变量间接引用,避免在表达式中直接拼接。

🛡️ 建议改为通过 env 传递分支名
       - name: Deploy preview
         if: ${{ env.CLOUDFLARE_API_TOKEN != '' && env.CLOUDFLARE_ACCOUNT_ID != '' && env.CLOUDFLARE_PAGES_PROJECT != '' }}
         uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0
+        env:
+          HEAD_REF: ${{ github.head_ref }}
         with:
           apiToken: ${{ env.CLOUDFLARE_API_TOKEN }}
           accountId: ${{ env.CLOUDFLARE_ACCOUNT_ID }}
-          command: pages deploy .doc --project-name=${{ env.CLOUDFLARE_PAGES_PROJECT }} --branch=${{ github.head_ref }}
+          command: pages deploy .doc --project-name=${{ env.CLOUDFLARE_PAGES_PROJECT }} --branch="$HEAD_REF"
           gitHubToken: ${{ secrets.GITHUB_TOKEN }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
command: pages deploy .doc --project-name=${{ env.CLOUDFLARE_PAGES_PROJECT }} --branch=${{ github.head_ref }}
- name: Deploy preview
if: ${{ env.CLOUDFLARE_API_TOKEN != '' && env.CLOUDFLARE_ACCOUNT_ID != '' && env.CLOUDFLARE_PAGES_PROJECT != '' }}
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0
env:
HEAD_REF: ${{ github.head_ref }}
with:
apiToken: ${{ env.CLOUDFLARE_API_TOKEN }}
accountId: ${{ env.CLOUDFLARE_ACCOUNT_ID }}
command: pages deploy .doc --project-name=${{ env.CLOUDFLARE_PAGES_PROJECT }} --branch="$HEAD_REF"
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/cloudflare-pages-preview.yml at line 41, The Cloudflare
Pages deploy command is directly interpolating github.head_ref into
wrangler-action’s command string, which creates a shell-injection risk from
user-controlled branch names. Update the workflow to stop concatenating the
branch name in the command and instead pass it through an environment variable
or equivalent safe input, then reference that variable from the deploy step so
the branch value is not parsed as shell syntax. Use the existing deploy step in
cloudflare-pages-preview and the command field as the location to apply the fix.

jobs:
test:
uses: react-component/rc-test/.github/workflows/test-npm.yml@main
uses: react-component/rc-test/.github/workflows/test-utoo.yml@main

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# 验证目标可复用工作流是否存在及其声明的 inputs/secrets
gh api repos/react-component/rc-test/contents/.github/workflows/test-utoo.yml \
  --jq '.content' 2>/dev/null | base64 -d || \
  echo "未能获取 test-utoo.yml,请确认该工作流在 react-component/rc-test 的 main 分支存在"

Repository: react-component/util

Length of output: 690


确认 test-utoo.yml 存在,建议固定引用版本以增强安全性。

已验证 react-component/rc-test 仓库的 main 分支包含 test-utoo.yml 工作流,其通过 workflow_call 触发且无需自定义输入,依赖 secrets.CODECOV_TOKEN。当前 secrets: inherit 的配置在逻辑上合规,但存在以下风险:

  1. 未锁定版本:引用 @main 使 CI 易受上游非预期变更影响。建议固定为具体 Commit SHA。
  2. 密钥传递secrets: inherit 会无条件传递所有继承密钥。若上游仓库不完全可信,建议仅显式传递 CODECOV_TOKEN
# 建议修改示例
uses: react-component/rc-test/.github/workflows/test-utoo.yml@<commit-sha>
secrets:
  CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
🧰 Tools
🪛 zizmor (1.26.1)

[error] 5-5: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)


[warning] 5-5: secrets unconditionally inherited by called workflow (secrets-inherit): this reusable workflow

(secrets-inherit)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/react-component-ci.yml at line 5, The reusable workflow
reference in react-component-ci.yml is too loosely pinned and the current secret
forwarding is broader than necessary. Update the workflow invocation that uses
test-utoo.yml to reference a specific commit SHA instead of `@main`, and replace
secrets: inherit with an explicit CODECOV_TOKEN mapping so only the required
secret is passed through.

Source: Linters/SAST tools

@QDyanbing QDyanbing closed this Jun 26, 2026
@afc163

afc163 commented Jun 27, 2026

Copy link
Copy Markdown
Member

直接 codex 里一个 /goal 平推了~~

@QDyanbing

Copy link
Copy Markdown
Contributor Author

直接 codex 里一个 /goal 平推了~~

哈哈发现就close了,这种就很适合直接平推;互相参考几乎不会出问题;

@QDyanbing QDyanbing deleted the standardize-rc-util branch June 27, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants