chore: standardize repository setup

[afc163]

Summary

Standardize this rc-component repository as part of the Ant Design rc-component maintenance sweep.

Tracking issue: ant-design/ant-design#58514

Scope

• Redesign README.md and README.zh-CN.md with centered title, Ant Design ecosystem branding, aligned badges, scoped Bundlephobia badge, install command, Usage, Development, Release, and License sections.
• Standardize package metadata, GitHub repo metadata, npm package name, package entry fields, types: "./es/index.d.ts", publishConfig, and release flow through @rc-component/np.
• Align shared dependencies and scripts for React, testing-library, Jest/Vitest where existing, TypeScript, ESLint, Prettier, Less, dumi, father, Husky, lint-staged, and Dependabot.
• Use the shared react-component/rc-test/.github/workflows/test-utoo.yml@main workflow, React Doctor, Codecov, CodeQL, updated GitHub Actions versions, and guarded Surge preview fallback.
• Keep Vercel preview configuration compatible with docs-dist output and remove legacy now-build / Cloudflare Pages residue.
• Keep API docs, demos, tests, TypeScript checks, funding metadata, and npm package files aligned with the repository standardization matrix.

Notes

• No breaking runtime behavior is intended.
• React peer dependency ranges are preserved when narrowing them would be a breaking change.
• secrets: inherit is kept until react-component/rc-test#176 is merged, then it can be narrowed to explicit CODECOV_TOKEN forwarding.

Summary by CodeRabbit

• New Features

  • 新增中文文档与站点说明，补充安装、示例、API、开发和发布指引。
  • 新增站点资金支持入口，并增加 React 健康检查与预览部署流程。

• Bug Fixes

  • 调整站点路径与构建输出配置，提升 GitHub Pages 和预览部署的兼容性。

• Chores

  • 更新依赖与脚本配置，优化代码格式化、提交检查和自动更新策略。
  • 新增许可证文件，并同步更新仓库链接与构建相关配置。

[coderabbitai]

Warning

Review limit reached

@afc163, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 27 minutes and 56 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dde785be-4c36-4ed1-aea9-1723f9f30a52

📥 Commits

Reviewing files that changed from the base of the PR and between 258a9f9 and d98a3f1.

📒 Files selected for processing (1)

• .github/workflows/main.yml

Walkthrough

将文档构建输出切到 docs-dist，更新 CI 预览与检查工作流，升级工具链配置，并重写英中文 README。

Changes

构建、CI 与文档基础设施更新

Layer / File(s)	Summary
构建输出路径与部署配置 .dumirc.ts, vercel.json, package.json	.dumirc.ts 改为由 GH_PAGES 决定路径并将 outputPath 设为 docs-dist；vercel.json 新增 UmiJS 构建配置；package.json 更新文档部署脚本、增加 prettier 脚本并调整 lint-staged。
CI 工作流更新与新增 .github/workflows/main.yml, .github/workflows/surge-preview.yml, .github/workflows/react-doctor.yml, .github/FUNDING.yml, .github/dependabot.yml	main.yml 切换测试复用工作流；删除旧 preview.yml；新增 surge-preview.yml 和 react-doctor.yml；新增资助配置与 Dependabot 调度更新。
TypeScript 与测试工具链配置升级 tsconfig.json, tests/setup.ts, package.json, .gitignore, .prettierignore, .husky/pre-commit	tsconfig.json 调整 types、paths、include 和 ignoreDeprecations；tests/setup.ts 改为命名空间导入；package.json 批量升级 devDependencies；并同步更新忽略与 pre-commit 配置。
README 英中文全面更新 README.md, README.zh-CN.md, LICENSE	README.md 重写顶部、示例、API、开发与发布章节并更新许可证链接；新增 README.zh-CN.md 中文文档；新增 LICENSE 许可文本。

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• react-component/color-picker#267: 同样修改了 .github/workflows/main.yml 的测试复用工作流引用，与本 PR 的工作流切换直接相关。

Poem

🐇 小兔跳跳改路径，
docs-dist 替代旧 .doc，
CI 新旧交替忙不停，
中英文档齐更新，
彩色圆盘转呀转，✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	标题准确概括了仓库配置、脚本、CI、文档和依赖标准化的主要变更。
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/standardize-rc-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

❌ Deploy failed

	❌ Failed
	🔗 Preview https://react-component-color-picker-preview-pr-287.surge.sh (may be unavailable)
	📝 Commit	d98a3f1
	🪵 Logs	View logs

📋 Build log (last lines)

npm warn exec The following package was not found and will be installed: surge@0.27.4

   Running as afc163@gmail.com (Student)

        project: ./docs-dist
         domain: react-component-color-picker-preview-pr-287.surge.sh
           size: 34 files, 1.5 MB

   Aborted - you do not have permission to publish to react-component-color-picker-preview-pr-287.surge.sh

_{🤖 Powered by surge-preview}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (b8eaf1b) to head (d98a3f1).

Additional details and impacted files

@@            Coverage Diff             @@
##            master      #287    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files           15        13     -2     
  Lines          902       238   -664     
  Branches        89        50    -39     
==========================================
- Hits           902       238   -664     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gemini-code-assist]

Code Review

This pull request introduces several configuration and documentation updates. Key changes include adding a Vercel configuration file (vercel.json) and adjusting .dumirc.ts to support Vercel deployments, adding a GitHub funding configuration, updating the README.md with enhanced documentation and API details, and introducing new scripts (build, prettier, tsc) to package.json. Additionally, the TypeScript configuration has been updated to explicitly include source, test, and documentation directories. There are no review comments, and I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[afc163]

AI review follow-up:

• Gemini reported no actionable feedback.
• CodeRabbit was rate limited and did not provide actionable comments.
• Existing lint warning in src/hooks/useColorDrag.ts is unrelated to this repository-standardization change and was left unchanged.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​husky@​9.1.7
	npm/​vitest@​4.1.9
	npm/​@​vitest/​coverage-v8@​4.1.9
	npm/​jsdom@​29.1.1
	npm/​gh-pages@​6.3.0
	npm/​@​umijs/​fabric@​4.0.1
	npm/​@​testing-library/​react@​15.0.7
	npm/​eslint-plugin-unicorn@​56.0.1
	npm/​@​testing-library/​jest-dom@​6.9.1
	npm/​prettier@​3.9.1
	npm/​lint-staged@​16.4.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/vitest@4.1.9 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm css-tree is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/jsdom@29.1.1 → npm/@umijs/fabric@4.0.1 → npm/css-tree@3.2.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/css-tree@3.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm data-urls is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/jsdom@29.1.1 → npm/data-urls@7.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/data-urls@7.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint-plugin-react is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/@umijs/fabric@4.0.1 → npm/eslint-plugin-react@7.37.5 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-react@7.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint-plugin-unicorn is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/eslint-plugin-unicorn@56.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-unicorn@56.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/jsdom@29.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/jsdom@29.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

README.zh-CN.md (2)

39-39: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

混合语言：请完整翻译特性描述。

第 39 行 "暴露 Color helpers for hex, RGB, and HSB conversions" 仍为英文，应统一为中文，例如："暴露 Color 辅助方法，支持 hex、RGB 和 HSB 转换"。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.zh-CN.md` at line 39, The feature description in README.zh-CN.md is
still in English and should be fully translated to Chinese. Update the `Color`
helpers sentence so it consistently uses Chinese wording while preserving the
meaning of hex, RGB, and HSB conversions, and keep the `Color` reference
recognizable in the translated text.

---

93-99: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Color 方法说明未翻译。

toHexString、toHsb、toHsbString、toRgb、toRgbString 的 Description 列仍为英文，应与表头「说明」保持一致，翻译为中文。例如：

• Convert to hex color string → 转换为十六进制颜色字符串
• Convert to HSB object → 转换为 HSB 对象

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.zh-CN.md` around lines 93 - 99, The Color method descriptions in the
README.zh-CN table are still in English and should be translated to match the
“说明” column. Update the entries for toHexString, toHsb, toHsbString, toRgb, and
toRgbString in the README.zh-CN.md table so their descriptions are Chinese
equivalents, keeping the method names and type signatures unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/main.yml:
- Around line 5-6: The reusable workflow reference in the main workflow is too
loosely pinned and inherits all secrets, so update the workflow call to the
specific reusable workflow identifier and pin it to an immutable commit SHA
instead of the moving main branch. Remove secrets: inherit and, if any secrets
are still required, pass only the explicit ones supported by the called
workflow’s workflow_call.secrets contract; otherwise drop secret passing
entirely.

In @.github/workflows/surge-preview.yml:
- Line 22: The conditional on the Surge preview steps is directly referencing
secrets, which GitHub Actions does not allow in an if expression. Update the
workflow by moving SURGE_TOKEN into an env mapping first, then change the
affected step conditions to check env.SURGE_TOKEN instead; use the existing
Surge-related step blocks in surge-preview.yml as the place to apply the fix.

In `@package.json`:
- Around line 31-34: The gh-pages build chain does not set GH_PAGES, so
docs:build still produces root-path assets instead of the GitHub Pages base
path. Update the publishing flow by introducing or using a GH_PAGES=1 build
script for the gh-pages command, and reference the existing docs:build,
docs:deploy, and gh-pages scripts in package.json so the GitHub Pages deployment
uses the correct base/publicPath configured by .dumirc.ts.

In `@README.zh-CN.md`:
- Line 87: The API table header translation is incorrect in the README, where
the `ColorGenInput` field name `value` is rendered as “价值”; update the table
entry to use the original parameter name `value` or a clear label like “当前值”
while keeping it consistent with the English documentation. Make this change in
the README table row that lists `ColorGenInput` so the parameter naming remains
accurate and aligned with the source API.

---

Nitpick comments:
In `@README.zh-CN.md`:
- Line 39: The feature description in README.zh-CN.md is still in English and
should be fully translated to Chinese. Update the `Color` helpers sentence so it
consistently uses Chinese wording while preserving the meaning of hex, RGB, and
HSB conversions, and keep the `Color` reference recognizable in the translated
text.
- Around line 93-99: The Color method descriptions in the README.zh-CN table are
still in English and should be translated to match the “说明” column. Update the
entries for toHexString, toHsb, toHsbString, toRgb, and toRgbString in the
README.zh-CN.md table so their descriptions are Chinese equivalents, keeping the
method names and type signatures unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5d42e89d-a84c-400b-8cbb-6211099fd70c

📥 Commits

Reviewing files that changed from the base of the PR and between b8eaf1b and 8d0ff00.

⛔ Files ignored due to path filters (1)

• tests/__snapshots__/index.test.tsx.snap is excluded by !**/*.snap

📒 Files selected for processing (12)

• .dumirc.ts
• .github/FUNDING.yml
• .github/workflows/main.yml
• .github/workflows/preview.yml
• .github/workflows/react-doctor.yml
• .github/workflows/surge-preview.yml
• README.md
• README.zh-CN.md
• package.json
• tests/setup.ts
• tsconfig.json
• vercel.json

💤 Files with no reviewable changes (1)

• .github/workflows/preview.yml