Skip to content

Feat/semi UI 19 #2996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 31 commits into
base: main
Choose a base branch
from
Open

Feat/semi UI 19 #2996

wants to merge 31 commits into from

Conversation

@YyumeiZhang
Copy link
Collaborator

@YyumeiZhang YyumeiZhang commented Sep 29, 2025

中文模板 / Chinese Template

What kind of change does this PR introduce? (check at least one)

  • Bugfix
  • Feature
  • Code style update
  • Refactor
  • Test Case
  • TypeScript definition update
  • Document improve
  • CI/CD improve
  • Branch sync
  • Other, please describe:

PR description

Fixes #

Changelog

🇨🇳 Chinese

  • Fix: 修复 ...

🇺🇸 English

  • Fix: fix ...

Checklist

  • Test or no need
  • Document or no need
  • Changelog or no need

Other

  • Skip Changelog

Additional information

pointhalo and others added 14 commits July 1, 2025 19:41
@pointhalo
feat: add condiction compile code, compact with react 19 (80%), #2743
973dbd2
fix: 支持semi-ui支持react19, 并验证兼容性
7774661 
Change-Id: I05940820f391fe0a6ddc2fc09003ec66ad398e20
fix: 检查&修复ReactDOM.findDOMNode编译标记
ce613ba
Merge upstream/main into feat/semi-ui-19
e15a28f
feat: add yarn lock
3b3ada4 
Change-Id: Ief96bc72ea2dcfa88a82c04bec19de048a3f2f26
fix: remove input unless
45a9176 
Change-Id: If466319952aec516400931e958fbe9d802558ca3
fix: 解决版本升级导致的依赖问题 & semi-ui-19包添加必须依赖
c8a64c5 
Change-Id: I6b684a9f6822325e8fb9145b2f55328957250229
feat: 删除弃用findDomNode用法 && 兼容tooltip组件
6702f04
fix: 调整github workflow为主动触发
586e3a3 
Change-Id: I4a80e30a505fb147befa0deeac6e244901af5384
fix: 删除build-and-publish触发条件,由手动控制触发
ed7106a 
Change-Id: Ib35e6ee04c884b83941073c5681d2b7b87be9b5b
fix: 补充resizeObserver组件,react19 children.ref解构写法兼容
2714bff 
Change-Id: I7d78a78dfe47994cbc97cea6b5512bc6880e8506
@YyumeiZhang
chore: react-version worklow change
80ecff7
@YyumeiZhang
chore: react-version worklow change
1abfdad
@YyumeiZhang
chore: react-version worklow change
546ce7b
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 29, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 29, 2025
View reviewed changes
.github/workflows/react-versions.yml
Comment on lines 70 to 146
name: Build and Publish
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref || github.ref_name }}
run: echo "branch=${{ github.head_ref || github.ref_name }}"


- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'yarn'
registry-url: 'https://registry.npmjs.org'

# 安装
- name: npm install
run: npm i -g lerna@^4.0.0 && npm run bootstrap

# 生成 semi-ui-19 的包
# if: ${{ github.event.inputs.publish_react19 == 'true' }}
- name: Build React 19 version
run: |
node scripts/react19-build.js 19

# 再运行一次,保证 semi-ui-19 中的包正确
- name: npm install again
run: npm run bootstrap

# 测试时候,暂时使用 RELEASE_TYPE: alpha,实际使用请修改为 ${{ github.event.inputs.release_type }}
- name: get version list
run: |
PKG_NAME=@douyinfe/semi-ui
echo "VERSION_LIST="$(npm view $PKG_NAME versions --json)"" >> $GITHUB_ENV

- name: get version
run: echo "RELEASE_VERSION="$(node scripts/version.js)"" >> $GITHUB_ENV
env:
RELEASE_TYPE: alpha

# publish 的时候不提交 semi-ui-19 相关的修改
# 合入到主分支前请将 DIST_TAG=alpha 位置的代码修改为下面的代码
# DIST_TAG=latest
# if [[ ${{ github.event.inputs.release_type }} == 'beta' ]]; then
# DIST_TAG=beta
# elif [[ ${{ github.event.inputs.release_type }} == 'alpha' ]]; then
# DIST_TAG=alpha
# fi
- name: publish
run: |
git config --global user.name 'semi-team'
git config --global user.email '[email protected]'
node scripts/sitemap_update.js
if [ -n "$(git status --porcelain)" ]; then
echo "there are changes";
git add . ':(exclude)packages/semi-ui-19'
git commit --no-verify -m "chore: publish ${{ env.RELEASE_VERSION }}"
else
echo "no changes";
fi
git add packages/semi-ui-19
git commit --no-verify -m "chore: semi-ui-19-related"
npm config set registry=https://registry.npmjs.org/
npm config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
npm whoami
DIST_TAG=alpha
echo "$RELEASE_VERSION"
echo "$DIST_TAG"
lerna version $RELEASE_VERSION --exact --force-publish --yes --no-push
lerna publish from-package --dist-tag $DIST_TAG --yes
git reset HEAD~2
rm -rf packages/semi-ui-19
git add .
git commit --no-verify -m "v${{env.RELEASE_VERSION}}"
git push -o ci.skip --follow-tags --no-verify --atomic

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 1 month ago

To fix the problem, add a permissions: block to the workflow, either at the root level (affecting all jobs unless overridden) or to the specific job (build-and-publish). It's best to review what permissions are actually required:

  • The job pushes commits and tags (git push), and uses lerna publish to publish to npm, indicating it needs at least contents: write (for pushing changes/tags), and possibly packages: write (to publish to npm via GitHub registry, but the workflow seems to push directly to npmjs.org).
  • If opening or updating pull requests, it would need pull-requests: write, but no evidence of that here.
  • If it only needs to read content and push commits/tags, then contents: write is typically sufficient.

The recommended minimal explicit permissions block for the workflow is:

permissions:
  contents: write

This should be placed at the very top of the file, after name: and before on:. Alternatively, if only the build-and-publish job needs these permissions, you can place it under that job.

If you want to be extra careful and only grant contents: write to the build-and-publish job (not all jobs), add the permissions: block inside the job, at the same level as runs-on:.

For clarity, the fix will add the permissions block at the workflow root.

Suggested changeset 1
.github/workflows/react-versions.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/react-versions.yml b/.github/workflows/react-versions.yml
--- a/.github/workflows/react-versions.yml
+++ b/.github/workflows/react-versions.yml
@@ -1,4 +1,6 @@
 name: React Multi-Version Build and Publish
+permissions:
+  contents: write
 
 on:
   pull_request:
EOF
@@ -1,4 +1,6 @@
name: React Multi-Version Build and Publish
permissions:
contents: write

on:
pull_request:
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@YyumeiZhang @pointhalo @semi-team @YannLynn