chore: standardize repository config

[afc163]

Summary

Standardize this rc-component repository as part of the Ant Design rc-component maintenance sweep.

Tracking issue: ant-design/ant-design#58514

Scope

• Redesign README.md and README.zh-CN.md with centered title, Ant Design ecosystem branding, aligned badges, scoped Bundlephobia badge, install command, Usage, Development, Release, and License sections.
• Standardize package metadata, GitHub repo metadata, npm package name, package entry fields, types: "./es/index.d.ts", publishConfig, and release flow through @rc-component/np.
• Align shared dependencies and scripts for React, testing-library, Jest/Vitest where existing, TypeScript, ESLint, Prettier, Less, dumi, father, Husky, lint-staged, and Dependabot.
• Use the shared react-component/rc-test/.github/workflows/test-utoo.yml@main workflow, React Doctor, Codecov, CodeQL, updated GitHub Actions versions, and guarded Surge preview fallback.
• Keep Vercel preview configuration compatible with docs-dist output and remove legacy now-build / Cloudflare Pages residue.
• Keep API docs, demos, tests, TypeScript checks, funding metadata, and npm package files aligned with the repository standardization matrix.

Notes

• No breaking runtime behavior is intended.
• React peer dependency ranges are preserved when narrowing them would be a breaking change.
• secrets: inherit is kept until react-component/rc-test#176 is merged, then it can be narrowed to explicit CODECOV_TOKEN forwarding.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
progress	Ready	Preview, Comment	Jun 29, 2026 6:33am

[github-actions]

✅ Preview is ready!

	✅ Ready
	🔗 Preview https://react-component-progress-preview-pr-310.surge.sh
	📝 Commit	0431c52
	⏱️ Build time	21.399s
	📦 Size	1.6 MB (no change) · 48 files
	🪵 Logs	View logs
	📱 Mobile

_{↩️ Previous: ⚡️ 0431c52 · react-component-progress-preview-pr-310.surge.sh (open ↗) · 2026-06-29 06:32:06 UTC}

_{🤖 Powered by surge-preview}

[gemini-code-assist]

Code Review

This pull request updates the documentation configuration, modernizes the README, and configures deployment settings for Vercel and GitHub Pages. Key changes include updating .dumirc.ts to handle paths dynamically, adding a vercel.json configuration, and updating package.json scripts. The review feedback suggests using cross-env in the gh-pages script to ensure cross-platform compatibility when setting environment variables, along with adding it as a development dependency.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.38%. Comparing base (0752d54) to head (0431c52).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #310   +/-   ##
=======================================
  Coverage   99.38%   99.38%           
=======================================
  Files           7        7           
  Lines         162      162           
  Branches       50       51    +1     
=======================================
  Hits          161      161           
  Misses          1        1           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

更新了构建与部署、CI 和预览工作流，以及中英文 README 和仓库配置；同时切换了 GH_PAGES 下的站点路径，并补充了 Vercel、TypeScript 和忽略规则。

Changes

仓库发布与自动化更新

Layer / File(s)	Summary
构建与发布配置 package.json, .dumirc.ts, tsconfig.json, vercel.json, .gitignore	构建脚本和 gh-pages 依赖改为文档构建/部署链路，GH_PAGES 切换站点路径，TypeScript 作用范围、Vercel 输出和忽略规则同步更新。
CI 与安全工作流 .github/workflows/codeql.yml, .github/workflows/react-component-ci.yml	新增 CodeQL 扫描，并把现有组件 CI 的权限和复用测试工作流引用改到新配置。
预览与诊断工作流 .github/workflows/react-doctor.yml, .github/workflows/surge-preview.yml	新增 PR 诊断与 Surge 预览工作流，包含并发控制、最小权限和条件构建/回写步骤。
README 与仓库元数据 README.md, README.zh-CN.md, .github/FUNDING.yml, .github/dependabot.yml	README 与中文文档重写为新的安装、用法、API 和发布结构，同时精简资助与 Dependabot 配置。

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

兔子蹦进文档园，
CI 亮灯路更宽。
预览、构建齐开跑，
胡萝卜香满屏间 🐰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	标题准确概括了本次对仓库文档与配置的统一整理。
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/standardize-rc-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/react-component-ci.yml:
- Around line 8-9: The reusable workflow reference is currently pinned to a
mutable branch and inherits all secrets, which creates supply-chain and
secret-exposure risk. Update the workflow definition that uses
react-component/rc-test/.github/workflows/test-utoo.yml to reference a specific
commit SHA instead of main, and replace secrets: inherit with an explicit
minimal secrets mapping so only the required secret(s) are passed through.
Ensure the change is applied in the workflow job that invokes the external
reusable workflow.

In `@README.md`:
- Around line 77-100: Update the README API table so the documented defaults
match the actual props in src/common.ts/defaultProps: change gapPosition from
top to bottom and railWidth from strokeWidth to 1. Keep the rest of the listed
defaults as-is, and use the existing prop names (gapPosition, railWidth,
defaultProps) to locate the affected documentation entries.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e3e1ba7a-ffe2-4691-ac5e-5d32d4e99c16

📥 Commits

Reviewing files that changed from the base of the PR and between 0752d54 and 02bba57.

📒 Files selected for processing (13)

• .dumirc.ts
• .github/FUNDING.yml
• .github/dependabot.yml
• .github/workflows/codeql.yml
• .github/workflows/react-component-ci.yml
• .github/workflows/react-doctor.yml
• .github/workflows/surge-preview.yml
• .gitignore
• README.md
• now.json
• package.json
• tsconfig.json
• vercel.json

💤 Files with no reviewable changes (1)

• now.json

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 24 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/react-component?upgradeToPro=build-rate-limit

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 24 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/afc163s-projects?upgradeToPro=build-rate-limit

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​husky@​9.1.7
	npm/​cross-env@​10.1.0
	npm/​gh-pages@​6.3.0
	npm/​glob@​8.1.0 ⏵ 13.0.6	-3			+35
	npm/​@​testing-library/​react@​15.0.7
	npm/​eslint-plugin-unicorn@​56.0.1
	npm/​lint-staged@​16.4.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm eslint-plugin-unicorn is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/eslint-plugin-unicorn@56.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-unicorn@56.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report