test: Chore publish beta #2994
test: Chore publish beta #2994
Conversation
|
Warning Rate limit exceeded@oasis-cloud has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 3 minutes and 16 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (2)
Walkthrough此次 PR 修改了发布流程和构建脚本。GitHub 工作流触发条件由 Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as 开发者
participant GH as GitHub Actions
participant WF as 发布工作流
Dev->>GH: 提交针对 feat_v3.x 的 Pull Request
GH->>WF: 触发 release-beta 工作流
WF->>WF: 跳过提交信息校验、依赖安装与部分构建步骤
WF->>WF: 执行更新后的发布脚本(pnpm 发布)
WF-->>GH: 返回发布状态更新
Possibly related PRs
Suggested reviewers
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
github-actions
bot
added
3.x
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
.github/workflows/release-beta.yml(1 hunks)package.json(1 hunks)scripts/build-taro.mjs(1 hunks)scripts/build.mjs(1 hunks)src/packages/configprovider/types.ts(0 hunks)
💤 Files with no reviewable changes (1)
- src/packages/configprovider/types.ts
✅ Files skipped from review due to trivial changes (1)
- package.json
⏰ Context from checks skipped due to timeout of 90000ms (1)
- GitHub Check: test
🔇 Additional comments (3)
scripts/build.mjs (1)
363-366: 新增的发布脚本配置正确!新增的
publish:beta和publish:latest脚本遵循了 npm 最佳实践:
- 使用
--tag正确区分 beta 和 latest 版本- 设置了
--access public确保包可以被公开访问- 添加了
--no-git-checks以简化发布流程scripts/build-taro.mjs (1)
424-427: 保持了与 H5 构建脚本的一致性!Taro 版本的发布脚本配置与 H5 版本保持一致,这是一个很好的实践:
- 统一的发布命令格式
- 相同的访问权限设置
- 一致的标签管理策略
.github/workflows/release-beta.yml (1)
3-7: 工作流触发条件的变更需要仔细评估将触发条件从
push改为pull_request可能会影响发布流程:
- PR 可能包含未完全审查的代码
- 需要确保只有经过充分测试的代码才能触发发布
建议:
- 添加必要的 PR 检查条件
- 考虑添加必要的审查要求
.github/workflows/release-beta.yml
Outdated
| # - name: Get commit message | ||
| # run: | | ||
| # COMMIT_MESSAGE=$(git log --format=%s -n 1) | ||
| # FILTERED_MESSAGE="${COMMIT_MESSAGE//[^a-zA-Z0-9.()_:, -]/}" | ||
| # echo "COMMIT_MESSAGE=${FILTERED_MESSAGE}" >> $GITHUB_ENV | ||
| # - name: Show commit message | ||
| # run: echo "$COMMIT_MESSAGE" | ||
| # | ||
| # - name: Commit message compliance verification | ||
| # if: | | ||
| # !startsWith( env.COMMIT_MESSAGE , 'chore(release):' ) || | ||
| # !contains( env.COMMIT_MESSAGE , '-beta' ) | ||
| # run: echo "ABORT=true" >> $GITHUB_ENV | ||
| # | ||
| # - name: Get Tag message | ||
| # if: contains( env.COMMIT_MESSAGE , '-beta') | ||
| # run: echo "RELEASE_TAG=beta" >> $GITHUB_ENV | ||
| # |
There was a problem hiding this comment.
移除提交消息验证可能带来风险
注释掉的提交消息验证逻辑会影响版本控制的质量:
- 无法确保版本号格式的正确性
- 失去了对 beta 版本标记的验证
建议:
- 保留提交消息验证
- 如果要简化流程,至少保留基本的版本号格式检查
.github/workflows/release-beta.yml
Outdated
| # - name: Install dependencies | ||
| # if: env.ABORT != 'true' | ||
| # run: pnpm install --frozen-lockfile | ||
| # | ||
| # - name: Run Build | ||
| # if: env.ABORT != 'true' | ||
| # run: | | ||
| # if ! pnpm build; then | ||
| # echo "构建 nutui-react 失败" | ||
| # exit 1 | ||
| # fi | ||
| # if ! pnpm build:taro; then | ||
| # echo "构建 nutui-react-taro 失败" | ||
| # exit 1 | ||
| # fi |
There was a problem hiding this comment.
构建步骤被注释可能导致发布未构建的包
注释掉构建步骤存在严重风险:
- 可能发布未经构建的包
- 跳过了构建失败检查
建议:
- 恢复构建步骤
- 保留构建失败的错误处理
.github/workflows/release-beta.yml
Outdated
| - name: Run Release @nutui/nutui-react | ||
| if: env.ABORT != 'true' | ||
| run: | | ||
| cd ./release/h5 || exit 1 | ||
| if ! npm publish --tag ${{ env.RELEASE_TAG }}; then | ||
| echo "发布 @nutui/nutui-react 失败" | ||
| exit 1 | ||
| fi | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| # run: pnpm --dir ./release/h5 publish:beta | ||
| run: echo "${{ secrets.NPM_TOKEN }}" |
There was a problem hiding this comment.
避免在日志中暴露敏感令牌
使用 echo 输出 NPM_TOKEN 可能会在日志中暴露敏感信息。
建议修改为:
- run: echo "${{ secrets.NPM_TOKEN }}"
+ run: pnpm --dir ./release/h5 publish:beta📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Run Release @nutui/nutui-react | |
| if: env.ABORT != 'true' | |
| run: | | |
| cd ./release/h5 || exit 1 | |
| if ! npm publish --tag ${{ env.RELEASE_TAG }}; then | |
| echo "发布 @nutui/nutui-react 失败" | |
| exit 1 | |
| fi | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # run: pnpm --dir ./release/h5 publish:beta | |
| run: echo "${{ secrets.NPM_TOKEN }}" | |
| - name: Run Release @nutui/nutui-react | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # run: pnpm --dir ./release/h5 publish:beta | |
| run: pnpm --dir ./release/h5 publish:beta |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## feat_v3.x #2994 +/- ##
==========================================
Coverage 85.79% 85.79%
==========================================
Files 281 281
Lines 18527 18527
Branches 2810 2810
==========================================
Hits 15896 15896
Misses 2626 2626
Partials 5 5 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
.github/workflows/release-beta.yml (1)
40-40: 清理多余注释此处的单独
#注释行似乎没有实际用途,建议移除以保持 YAML 文件的整洁。
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/release-beta.yml(3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (1)
- GitHub Check: test
🔇 Additional comments (6)
.github/workflows/release-beta.yml (6)
4-5: 触发器事件更新说明将原先的
push触发修改为pull_request触发,确保工作流在 PR 阶段启动发布流程。请确认这一调整与预期的发布策略保持一致。
13-15: 新增权限配置在 job 级别中新增了
permissions配置,授予了contents和id-token的写权限。建议核查这些权限是否符合最小授权原则,确保既满足需求又不会授权过度。
21-21: 确保检出最新提交通过设置
ref: ${{ github.event.pull_request.head.sha }},保证 checkout 步骤能拉取 PR 中最新的提交。此配置有助于确保发布时的代码状态正确。
46-46: 注册表地址配置确认新增的
registry-url: 'https://registry.npmjs.org'明确指定了使用官方 npm 源,有助于确保依赖安装和发布过程的稳定性。
67-70: 发布命令更新:使用 pnpm将用于发布
@nutui/nutui-react的命令更新为pnpm --dir ./release/h5 publish:beta,并通过环境变量传递NODE_AUTH_TOKEN。请确认发布目录和命令参数符合实际需求。
72-76: 发布命令更新:针对 taro 版本更新了
@nutui/nutui-react-taro的发布命令,使用 pnpm 并指定了对应的发布目录 (./release/taro) 以及环境变量配置。请验证该配置是否正确。
Summary by CodeRabbit
Chores
New Features
Refactor