ci: update action (#4046)

* ci: update action

.github/actions/setup-node/action.yml

@@ -0,0 +1,40 @@
+name: "Setup Node"
+
+description: "Setup node and pnpm"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install pnpm
+      uses: pnpm/action-setup@v4
+
+    - name: Install Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version-file: .node-version
+        cache: "pnpm"
+
+    - name: Get pnpm store directory
+      shell: bash
+      run: |
+        echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+    - uses: actions/cache@v4
+      name: Setup pnpm cache
+      if: ${{ github.ref_name == 'main' }}
+      with:
+        path: ${{ env.STORE_PATH }}
+        key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+        restore-keys: |
+          ${{ runner.os }}-pnpm-store-
+
+    - uses: actions/cache/restore@v4
+      if: ${{ github.ref_name != 'main' }}
+      with:
+        path: ${{ env.STORE_PATH }}
+        key: |
+          ${{ runner.os }}-pnpm-store-
+
+    - name: Install dependencies
+      shell: bash
+      run: pnpm install --frozen-lockfile

.github/workflows/build.yml

@@ -13,13 +13,17 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   post-update:
     # if: ${{ github.actor == 'dependabot[bot]' }}
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [20]
+    env:
+      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+      TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -28,21 +32,12 @@ jobs:
 
       - name: Checkout out pull request
         env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           gh pr checkout ${{ github.event.pull_request.number }}
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node
 
       - name: Build
         run: |

.github/workflows/changeset-version.yml

@@ -23,27 +23,14 @@ jobs:
     timeout-minutes: 15
     runs-on: ubuntu-latest
 
-    strategy:
-      matrix:
-        node-version: [20]
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node
 
       - name: Create Release Pull Request
         uses: changesets/action@v1
@@ -52,4 +39,4 @@ jobs:
           commit: "chore: bump versions"
           title: "chore: bump versions"
         env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci.yml

@@ -21,7 +21,6 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [20]
         os:
           - ubuntu-latest
           - macos-latest
@@ -38,27 +37,8 @@ jobs:
         with:
           run_install: false
 
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Find pnpm store path
-        shell: bash
-        run: |
-          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
-
-      - name: Setup pnpm cache
-        uses: actions/cache@v4
-        with:
-          path: ${{ env.STORE_PATH }}
-          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-store-
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node
 
       # - name: Check Git version
       #   run: git --version
@@ -80,7 +60,6 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [20]
         os:
           - ubuntu-latest
           - macos-latest
@@ -92,17 +71,8 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node
 
       - name: Lint
         run: pnpm run lint
@@ -113,7 +83,6 @@ jobs:
     timeout-minutes: 20
     strategy:
       matrix:
-        node-version: [20]
         os:
           - ubuntu-latest
           - macos-latest
@@ -124,17 +93,8 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node
 
       - name: Typecheck
         run: pnpm check:type

.github/workflows/deploy.yml

@@ -10,10 +10,6 @@ jobs:
     name: Deploy Push Ftp
     if: github.actor != 'dependabot[bot]' && !contains(github.event.head_commit.message, '[skip ci]')
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [20]
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -33,17 +29,8 @@ jobs:
           sed -i  "s#VITE_PWA\s*=.*#VITE_PWA = true#g" ./apps/web-naive/.env.production
           cat ./apps/web-naive/.env.production
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - name: Setup Node
+        uses: ./.github/actions/setup-node
 
       - name: Build
         run: pnpm run build

.github/workflows/draft.yml

@@ -14,4 +14,4 @@ jobs:
     steps:
       - uses: release-drafter/release-drafter@v6
         env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/issue-close-require.yml

@@ -6,6 +6,10 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
   close-issues:
     runs-on: ubuntu-latest
@@ -16,6 +20,6 @@ jobs:
         uses: actions-cool/issues-helper@v3
         with:
           actions: "close-issues" # 执行动作：关闭 Issues
-          token: ${{ secrets.ACCESS_TOKEN }} # GitHub Token，用于认证
+          token: ${{ secrets.GITHUB_TOKEN }} # GitHub Token，用于认证
           labels: "need reproduction" # 目标标签
           inactive-day: 3 # 未活动天数阈值

.github/workflows/issue-labeled.yml

@@ -6,6 +6,11 @@ on:
   # pull_request:
   #   types: [labeled]
 
+permissions:
+  issues: write
+  pull-requests: write
+  contents: write
+
 jobs:
   reply-labeled:
     runs-on: ubuntu-latest
@@ -15,7 +20,7 @@ jobs:
         uses: actions-cool/issues-helper@v3
         with:
           actions: "remove-labels"
-          token: ${{ secrets.ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           issue-number: ${{ github.event.issue.number }}
           labels: "enhancement: pending triage"
 
@@ -24,7 +29,7 @@ jobs:
         uses: actions-cool/issues-helper@v3
         with:
           actions: "remove-labels"
-          token: ${{ secrets.ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           issue-number: ${{ github.event.issue.number }}
           labels: "bug: pending triage"
 
@@ -33,7 +38,7 @@ jobs:
         uses: actions-cool/issues-helper@v3
         with:
           actions: "create-comment, remove-labels"
-          token: ${{ secrets.ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           issue-number: ${{ github.event.issue.number }}
           body: |
             Hello @${{ github.event.issue.user.login }}. Please provide the complete reproduction steps and code. Issues labeled by `needs reproduction` will be closed if no activities in 3 days.

.github/workflows/lock.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: dessant/lock-threads@v5
         with:
-          github-token: ${{ secrets.ACCESS_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           issue-inactive-days: "30"
           issue-lock-reason: ""
           pr-inactive-days: "30"

.github/workflows/release-tag.yml

@@ -8,6 +8,10 @@ on:
 env:
   HUSKY: "0"
 
+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
   build:
     name: Create Release
@@ -58,7 +62,7 @@ jobs:
           version: ${{ steps.version.outputs.version }}
           publish: true
         env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       # - name: force update major tag
       #   run: |
@@ -69,7 +73,7 @@ jobs:
       #   id: release_tag
       #   uses: ncipollo/release-action@v1
       #   with:
-      #     token: ${{ secrets.ACCESS_TOKEN }}
+      #     token: ${{ secrets.GITHUB_TOKEN }}
       #     generateReleaseNotes: "true"
       #     body: |
       #       > Please refer to [CHANGELOG.md](https://github.com/vbenjs/vue-vben-admin/blob/main/CHANGELOG.md) for details.

.github/workflows/semantic-pull-request.yml

@@ -22,5 +22,19 @@ jobs:
             didn't match the configured pattern. Please ensure that the subject
             doesn't start with an uppercase character.
           requireScope: false
+          types: |
+            fix
+            feat
+            docs
+            style
+            refactor
+            perf
+            test
+            build
+            ci
+            chore
+            revert
+            types
+            release
         env:
-          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

@@ -10,7 +10,7 @@ jobs:
     steps:
       - uses: actions/stale@v9
         with:
-          repo-token: ${{ secrets.ACCESS_TOKEN }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-issue-message: "This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days"
           stale-pr-message: "This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days"
           exempt-issue-labels: "bug,enhancement"

.node-version

@@ -1 +1 @@
-20
+20.14.0

internal/lint-configs/commitlint-config/index.mjs

@@ -145,7 +145,6 @@ const userConfig = {
         'revert',
         'types',
         'release',
-        'improvement',
       ],
     ],
   },