ci: update action (#4046)

* ci: update action
1 month ago · 4bd4f7490b
14 changed files with 99 additions and 104 deletions
--- a/.github/actions/setup-node/action.yml
+++ b/.github/actions/setup-node/action.yml
@ -0,0 +1,40 @@
+name: "Setup Node"
+
+description: "Setup node and pnpm"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install pnpm
+      uses: pnpm/action-setup@v4
+
+    - name: Install Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version-file: .node-version
+        cache: "pnpm"
+
+    - name: Get pnpm store directory
+      shell: bash
+      run: |
+        echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+    - uses: actions/cache@v4
+      name: Setup pnpm cache
+      if: ${{ github.ref_name == 'main' }}
+      with:
+        path: ${{ env.STORE_PATH }}
+        key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-pnpm-store-
+
+    - uses: actions/cache/restore@v4
+      if: ${{ github.ref_name != 'main' }}
+      with:
+        path: ${{ env.STORE_PATH }}
+        key: |
+          ${{ runner.os }}-pnpm-store-
+
+    - name: Install dependencies
+      shell: bash
+      run: pnpm install --frozen-lockfile
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -13,13 +13,17 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
  post-update:
    # if: ${{ github.actor == 'dependabot[bot]' }}
    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [20]
+    env:
+      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+      TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@ -28,21 +32,12 @@ jobs:

      - name: Checkout out pull request
        env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh pr checkout ${{ github.event.pull_request.number }}

-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node

      - name: Build
        run: |
--- a/.github/workflows/changeset-version.yml
+++ b/.github/workflows/changeset-version.yml
@ -23,27 +23,14 @@ jobs:
    timeout-minutes: 15
    runs-on: ubuntu-latest

-    strategy:
-      matrix:
-        node-version: [20]
-
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node

      - name: Create Release Pull Request
        uses: changesets/action@v1
@ -52,4 +39,4 @@ jobs:
          commit: "chore: bump versions"
          title: "chore: bump versions"
        env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -21,7 +21,6 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        node-version: [20]
        os:
          - ubuntu-latest
          - macos-latest
@ -38,27 +37,8 @@ jobs:
        with:
          run_install: false

-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Find pnpm store path
-        shell: bash
-        run: |
-          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
-
-      - name: Setup pnpm cache
-        uses: actions/cache@v4
-        with:
-          path: ${{ env.STORE_PATH }}
-          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-store-
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node

      # - name: Check Git version
      #   run: git --version
@ -80,7 +60,6 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        node-version: [20]
        os:
          - ubuntu-latest
          - macos-latest
@ -92,17 +71,8 @@ jobs:
        with:
          fetch-depth: 0

-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node

      - name: Lint
        run: pnpm run lint
@ -113,7 +83,6 @@ jobs:
    timeout-minutes: 20
    strategy:
      matrix:
-        node-version: [20]
        os:
          - ubuntu-latest
          - macos-latest
@ -124,17 +93,8 @@ jobs:
        with:
          fetch-depth: 0

-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node

      - name: Typecheck
        run: pnpm check:type
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -10,10 +10,6 @@ jobs:
    name: Deploy Push Ftp
    if: github.actor != 'dependabot[bot]' && !contains(github.event.head_commit.message, '[skip ci]')
    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [20]
-
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@ -33,17 +29,8 @@ jobs:
          sed -i  "s#VITE_PWA\s*=.*#VITE_PWA = true#g" ./apps/web-naive/.env.production
          cat ./apps/web-naive/.env.production

-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node

      - name: Build
        run: pnpm run build
--- a/.github/workflows/draft.yml
+++ b/.github/workflows/draft.yml
@ -14,4 +14,4 @@ jobs:
    steps:
      - uses: release-drafter/release-drafter@v6
        env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/issue-close-require.yml
+++ b/.github/workflows/issue-close-require.yml
@ -6,6 +6,10 @@ on:
  schedule:
    - cron: "0 0 * * *"

+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
  close-issues:
    runs-on: ubuntu-latest
@ -16,6 +20,6 @@ jobs:
        uses: actions-cool/issues-helper@v3
        with:
          actions: "close-issues" # 执行动作：关闭 Issues
-          token: ${{ secrets.ACCESS_TOKEN }} # GitHub Token，用于认证
+          token: ${{ secrets.GITHUB_TOKEN }} # GitHub Token，用于认证
          labels: "need reproduction" # 目标标签
          inactive-day: 3 # 未活动天数阈值
--- a/.github/workflows/issue-labeled.yml
+++ b/.github/workflows/issue-labeled.yml
@ -6,6 +6,11 @@ on:
  # pull_request:
  #   types: [labeled]

+permissions:
+  issues: write
+  pull-requests: write
+  contents: write
+
 jobs:
  reply-labeled:
    runs-on: ubuntu-latest
@ -15,7 +20,7 @@ jobs:
        uses: actions-cool/issues-helper@v3
        with:
          actions: "remove-labels"
-          token: ${{ secrets.ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
          issue-number: ${{ github.event.issue.number }}
          labels: "enhancement: pending triage"

@ -24,7 +29,7 @@ jobs:
        uses: actions-cool/issues-helper@v3
        with:
          actions: "remove-labels"
-          token: ${{ secrets.ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
          issue-number: ${{ github.event.issue.number }}
          labels: "bug: pending triage"

@ -33,7 +38,7 @@ jobs:
        uses: actions-cool/issues-helper@v3
        with:
          actions: "create-comment, remove-labels"
-          token: ${{ secrets.ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
          issue-number: ${{ github.event.issue.number }}
          body: |
            Hello @${{ github.event.issue.user.login }}. Please provide the complete reproduction steps and code. Issues labeled by `needs reproduction` will be closed if no activities in 3 days.
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@ -15,7 +15,7 @@ jobs:
    steps:
      - uses: dessant/lock-threads@v5
        with:
-          github-token: ${{ secrets.ACCESS_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
          issue-inactive-days: "30"
          issue-lock-reason: ""
          pr-inactive-days: "30"
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@ -8,6 +8,10 @@ on:
 env:
  HUSKY: "0"

+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
  build:
    name: Create Release
@ -58,7 +62,7 @@ jobs:
          version: ${{ steps.version.outputs.version }}
          publish: true
        env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      # - name: force update major tag
      #   run: |
@ -69,7 +73,7 @@ jobs:
      #   id: release_tag
      #   uses: ncipollo/release-action@v1
      #   with:
-      #     token: ${{ secrets.ACCESS_TOKEN }}
+      #     token: ${{ secrets.GITHUB_TOKEN }}
      #     generateReleaseNotes: "true"
      #     body: |
      #       > Please refer to [CHANGELOG.md](https://github.com/vbenjs/vue-vben-admin/blob/main/CHANGELOG.md) for details.
--- a/.github/workflows/semantic-pull-request.yml
+++ b/.github/workflows/semantic-pull-request.yml
@ -22,5 +22,19 @@ jobs:
            didn't match the configured pattern. Please ensure that the subject
            doesn't start with an uppercase character.
          requireScope: false
+          types: |
+            fix
+            feat
+            docs
+            style
+            refactor
+            perf
+            test
+            build
+            ci
+            chore
+            revert
+            types
+            release
        env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -10,7 +10,7 @@ jobs:
    steps:
      - uses: actions/stale@v9
        with:
-          repo-token: ${{ secrets.ACCESS_TOKEN }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
          stale-issue-message: "This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days"
          stale-pr-message: "This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days"
          exempt-issue-labels: "bug,enhancement"
--- a/.node-version
+++ b/.node-version
@ -1 +1 @@
-20
+20.14.0
--- a/internal/lint-configs/commitlint-config/index.mjs
+++ b/internal/lint-configs/commitlint-config/index.mjs
@ -145,7 +145,6 @@ const userConfig = {
        'revert',
        'types',
        'release',
-        'improvement',
      ],
    ],
  },