Skip to content

chore: standardize repository maintenance#19

Merged
afc163 merged 8 commits into
mainfrom
codex/standardize-rc-infra
Jul 3, 2026
Merged

chore: standardize repository maintenance#19
afc163 merged 8 commits into
mainfrom
codex/standardize-rc-infra

Conversation

@afc163

@afc163 afc163 commented Jul 1, 2026

Copy link
Copy Markdown
Member

Summary

  • Refresh README and README.zh-CN with centered heading, badges, Ant Design ecosystem branding, install, usage, development, release, and license sections.
  • Align Funding, grouped Dependabot updates, CodeQL, and CI workflow configuration.
  • Align release documentation and scripts with @rc-component/np where applicable.

Refs ant-design/ant-design#58514

Test

  • npm run lint\n- npm run build\n- git diff --check
  • JSON parse check for package/config files
  • README consistency scan

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@afc163, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 59 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f5a5be2d-1472-4e3b-96c3-cbecd935e87b

📥 Commits

Reviewing files that changed from the base of the PR and between ea72d8f and 5d92aaa.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (11)
  • .eslintrc.js
  • .github/FUNDING.yml
  • .github/dependabot.yml
  • .github/workflows/codeql.yml
  • .github/workflows/test.yml
  • .husky/commit-msg
  • README.md
  • README.zh-CN.md
  • eslint.config.mjs
  • package.json
  • tsconfig.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/standardize-rc-infra

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@socket-security

socket-security Bot commented Jul 1, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm commander is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/father@4.6.25npm/commander@10.0.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/commander@10.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm es-abstract is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/father@4.6.25npm/eslint-plugin-react@7.37.5npm/es-abstract@1.24.2

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm eslint-plugin-react is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/eslint-plugin-react@7.37.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-react@7.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm validator is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/father@4.6.25npm/validator@13.15.35

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/validator@13.15.35. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm webpack is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/father@4.6.25npm/webpack@5.108.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.108.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm yargs is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/eslint-plugin-jest@29.15.4npm/@commitlint/cli@17.8.1npm/@rc-component/np@1.0.4npm/yargs@17.7.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/yargs@17.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces several updates to the repository, including adding GitHub funding and dependabot configurations, improving the English README, and adding a Chinese translation. In package.json, the release flow is updated with @rc-component/np, and devDependencies like Husky, lint-staged, and Prettier are upgraded. Feedback was provided regarding the Prettier v3 upgrade, which requires explicit plugin configuration in package.json to ensure that prettier-plugin-organize-imports and prettier-plugin-packagejson continue to work.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread package.json Outdated
Copilot AI review requested due to automatic review settings July 2, 2026 03:54

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR standardizes repository “maintenance” aspects (docs, linting, and GitHub automation) to align with broader rc-component / Ant Design ecosystem conventions.

Changes:

  • Refreshes README/README.zh-CN with centered branding, badges, and standardized install/dev/release guidance.
  • Migrates ESLint to a flat config (eslint.config.mjs) and updates tooling dependencies accordingly.
  • Adds GitHub maintenance automation (CI test workflow, CodeQL, Dependabot groups, and FUNDING).

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
tsconfig.json Adds ignoreDeprecations to reduce TS deprecation noise during builds.
README.zh-CN.md Adds a new Simplified Chinese README with standardized sections and badges.
README.md Replaces the old README with a standardized, branded version and updated commands.
package.json Updates scripts and devDependencies (ESLint 9 + plugins, husky 9, prettier 3, @rc-component/np) and bumps father peer requirement.
eslint.config.mjs Introduces ESLint flat config with React/TS/Jest/Prettier integration.
.github/workflows/test.yml Adds a GitHub Actions CI workflow to lint and build on Node 22.
.github/workflows/codeql.yml Adds CodeQL scanning workflow for JS/TS.
.github/FUNDING.yml Adds GitHub Sponsors/OpenCollective metadata.
.github/dependabot.yml Adds grouped Dependabot updates for npm and GitHub Actions.
.eslintrc.js Removes legacy ESLint config now replaced by flat config.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json Outdated
Comment thread package.json
Comment thread README.md
Comment thread .github/workflows/test.yml
Comment thread eslint.config.mjs
Comment thread package.json
@afc163 afc163 merged commit c509d37 into main Jul 3, 2026
6 checks passed
@afc163 afc163 deleted the codex/standardize-rc-infra branch July 3, 2026 12:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants