chore: standardize repository tooling

[afc163]

Summary

• Redesign README with a centered @rc-component/cascader header, package-specific emoji description, focused highlights, install, usage, examples, API, development, and release sections.
• Restore the Bundlephobia minzip badge, keep the explicit npm install @rc-component/cascader command, and add a subtle Ant Design ecosystem note.
• Standardize repository scripts, including the lint extension fix and a broad Prettier command.
• Align the ESLint TypeScript toolchain with the existing @umijs/fabric config so lint and compile remain runnable.
• Switch the primary rc-test reusable workflow to test-utoo.yml.
• Add explicit Vercel preview configuration for the dumi build output.
• Add Surge Preview and optional Cloudflare Pages Preview fallback workflows.
• Add the React Doctor GitHub Action for pull requests and pushes to master.
• Normalize .github/FUNDING.yml to Ant Design sponsorship entries.
• Update CodeQL to the current v4 action and pin touched actions to immutable SHAs, using checkout v7 with persisted credentials disabled.
• Address AI review feedback by simplifying the README usage example.

Compatibility

No runtime code changes. This should not introduce breaking changes.

Verification

• npm run lint
• npm test
• npm run tsc
• npm run lint:tsc
• npm run compile
• npm run build
• git diff --check

Summary by CodeRabbit

• Documentation
  • 重写并重组 README：新增安装/使用/示例/API/开发/发布/许可结构，更新用法示例与 API 表述，并标注弃用内容。
• Chores
  • 更新构建与脚本：新增 prettier、修正 lint 扩展名；补充 react-doctor/Surge 预览与 Vercel 构建配置。
• CI
  • 提升持续集成稳定性：CodeQL 与相关工作流改为固定版本；更新复用测试工作流引用并优化并发控制。

---

Refs ant-design/ant-design#58514

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cascader	Ready	Preview, Comment	Jun 26, 2026 5:58pm

[coderabbitai]

Warning

Review limit reached

@afc163, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 4 minutes and 26 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c8d206e5-578f-407a-9014-73e9d45c7e73

📥 Commits

Reviewing files that changed from the base of the PR and between 861a385 and 0d117ca.

📒 Files selected for processing (2)

• .github/workflows/surge-preview.yml
• README.md

Walkthrough

新增多个 CI/预览工作流与 Vercel 配置；重写 README 的安装、用法、API、开发和发布内容；并调整 package.json 脚本、开发依赖与资金配置。

Changes

CI 与预览自动化

Layer / File(s)	Summary
React Doctor 工作流 .github/workflows/react-doctor.yml	新增 react-doctor 工作流的触发条件、权限、并发控制以及固定版本的检查和执行步骤。
CodeQL 与测试复用切换 .github/workflows/codeql.yml, .github/workflows/main.yml	CodeQL 工作流改为固定 commit 版本，测试工作流切换到新的可复用 test-utoo.yml。
预览发布配置 .github/workflows/surge-preview.yml, vercel.json	新增 Surge 预览工作流，并补充 Vercel 构建配置。

文档与工具配置

Layer / File(s)	Summary
README 概览 README.md	README 的介绍、安装、用法和示例内容被重组，顶部增加标题、徽标和 Highlights。
README API 与发布 README.md	README 的 API、开发、发布和许可内容被重写，并移除了旧的扩展章节。
脚本、依赖与资金配置 package.json, .github/FUNDING.yml	package.json 的脚本和开发依赖被更新，.github/FUNDING.yml 只保留了两个资助入口。

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• react-component/cascader#528: 也更新了 .github/workflows/main.yml 中复用工作流的 uses 目标。

Suggested reviewers

• zombieJ

Poem

(_/)
(•_•) 兔子蹦进 CI 花园，
/ >🥕 预览灯亮，脚步更欢。
README 换新装，字句排成队，
小草随风摇，发布也安然。

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	标题准确概括了本次对仓库工具链、CI 和配置标准化的主要改动。
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/standardize-rc-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[gemini-code-assist]

Code Review

This pull request updates the README.md with modern React usage examples, an updated API table, and updated development commands. It also fixes a typo in the lint script, adds a prettier script, and updates ESLint-related dependencies in package.json. The review feedback suggests simplifying the usage example in the README to avoid redundant state management that conflicts with the component's internal value handling.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

In rc-cascader, the component automatically manages the display value of the child trigger element (like <input />) using the selected options. Manually managing a label state and passing it as value={label} to the <input> is redundant and will conflict with the internal input value management of BaseSelect (which handles rendering, searching, and selection).

Instead, you should showcase a clean uncontrolled usage, or a proper controlled usage where the value is passed to the Cascader component itself rather than the child <input>. Here is the simplified uncontrolled usage:

Suggested change

	const App = () => {
	const [label, setLabel] = React.useState('');
	return (
	<Cascader
	options={options}
	onChange={(_, selectedOptions) => {
	setLabel(selectedOptions.map(option => option.label).join(' / '));
	}}
	>
	<input placeholder="Please select" value={label} readOnly />
	</Cascader>
	);
	};
	const App = () => (
	<Cascader options={options}>
	<input placeholder="Please select" />
	</Cascader>
	);

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.39%. Comparing base (e98fa3b) to head (0d117ca).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #640   +/-   ##
=======================================
  Coverage   99.39%   99.39%           
=======================================
  Files          22       22           
  Lines         661      661           
  Branches      204      203    -1     
=======================================
  Hits          657      657           
  Misses          4        4           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

package.json (1)

41-41: 🧹 Nitpick | 🔵 Trivial

补充 .prettierignore

仓库已有 .prettierrc，但没有 .prettierignore。prettier --write --ignore-unknown . 会遍历整个仓库，建议补上忽略规则，避免误处理构建产物、依赖或产出目录。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 41, Add a .prettierignore to complement the existing
Prettier setup so the prettier --write --ignore-unknown . script in package.json
does not traverse and format generated or third-party files. Update the ignore
rules to cover build outputs, dependency folders, and other generated artifacts,
and verify the ignore file is picked up by the existing Prettier workflow.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/react-doctor.yml:
- Around line 22-25: Pin the mutable workflow actions in
.github/workflows/react-doctor.yml by replacing actions/checkout@v5 and
millionco/react-doctor@v2 with their full commit SHAs, and update the checkout
step to disable credential persistence by setting persist-credentials to false.
Use the existing checkout and react-doctor steps as the targets for the change.

---

Nitpick comments:
In `@package.json`:
- Line 41: Add a .prettierignore to complement the existing Prettier setup so
the prettier --write --ignore-unknown . script in package.json does not traverse
and format generated or third-party files. Update the ignore rules to cover
build outputs, dependency folders, and other generated artifacts, and verify the
ignore file is picked up by the existing Prettier workflow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7caa662b-7a8f-4ffb-937d-61a9d1d87af8

📥 Commits

Reviewing files that changed from the base of the PR and between e98fa3b and 4063c7a.

📒 Files selected for processing (3)

• .github/workflows/react-doctor.yml
• README.md
• package.json

[github-actions]

❌ Deploy failed

	❌ Failed
	🔗 Preview https://react-component-cascader-preview-pr-640.surge.sh (may be unavailable)
	📝 Commit	0d117ca
	🪵 Logs	View logs

📋 Build log (last lines)

npm warn exec The following package was not found and will be installed: surge@0.27.4

   Running as afc163@gmail.com (Student)

        project: ./dist
         domain: react-component-cascader-preview-pr-640.surge.sh
           size: 112 files, 2.3 MB

   Aborted - you do not have permission to publish to react-component-cascader-preview-pr-640.surge.sh

_{🤖 Powered by surge-preview}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/surge-preview.yml (1)

11-33: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

给预览任务加并发分组，避免旧提交覆盖新预览。

同一个 PR 连续 push 时，这个 workflow 会并行保留多个 preview 运行；较早的 run 如果后完成，可能把较新的预览结果覆盖掉。

♻️ 建议修改

 jobs:
   preview:
+    concurrency:
+      group: surge-preview-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
     runs-on: ubuntu-latest

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/surge-preview.yml around lines 11 - 33, The preview
workflow can run multiple `preview` jobs in parallel for successive pushes on
the same PR, allowing older runs to overwrite newer Surge previews. Add a
workflow-level concurrency group to the `preview` job in `surge-preview.yml` so
only the latest run for a given PR/branch stays active, and cancel any
in-progress older run when a new commit arrives. Use the existing `preview` job
as the target and key the group off the PR or ref context so the behavior
remains isolated per PR.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/main.yml:
- Around line 5-6: Workflow reuse is currently pinned to an external branch ref,
which makes the dependency mutable and keeps inherited secrets exposed to future
upstream changes. Update the reusable workflow reference in the main workflow to
use a specific commit SHA for
react-component/rc-test/.github/workflows/test-utoo.yml, and then review the
secrets: inherit usage to narrow it if possible so only required secrets are
passed through.

---

Nitpick comments:
In @.github/workflows/surge-preview.yml:
- Around line 11-33: The preview workflow can run multiple `preview` jobs in
parallel for successive pushes on the same PR, allowing older runs to overwrite
newer Surge previews. Add a workflow-level concurrency group to the `preview`
job in `surge-preview.yml` so only the latest run for a given PR/branch stays
active, and cancel any in-progress older run when a new commit arrives. Use the
existing `preview` job as the target and key the group off the PR or ref context
so the behavior remains isolated per PR.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a6dd78fb-7fac-4043-95c9-0d4ff8e4a409

📥 Commits

Reviewing files that changed from the base of the PR and between 4063c7a and 2e384d7.

📒 Files selected for processing (8)

• .github/FUNDING.yml
• .github/workflows/codeql.yml
• .github/workflows/main.yml
• .github/workflows/react-doctor.yml
• .github/workflows/surge-preview.yml
• README.md
• package.json
• vercel.json

✅ Files skipped from review due to trivial changes (3)

• .github/FUNDING.yml
• vercel.json
• README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/react-doctor.yml

[coderabbitai]

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

请把复用工作流固定到提交 SHA。

Line 5 现在引用的是外部仓库的 @main，而 Line 6 又无条件 secrets: inherit。这意味着上游分支后续任何变更都会直接拿到当前仓库继承过去的 secrets，属于明显的供应链放大面。至少应先把 react-component/rc-test/.github/workflows/test-utoo.yml 固定到 commit SHA，再评估是否还能把继承的 secrets 收窄到必需集合。

🧰 Tools

🪛 zizmor (1.26.1)

[error] 5-5: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

---

[warning] 5-5: secrets unconditionally inherited by called workflow (secrets-inherit): this reusable workflow

(secrets-inherit)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/main.yml around lines 5 - 6, Workflow reuse is currently
pinned to an external branch ref, which makes the dependency mutable and keeps
inherited secrets exposed to future upstream changes. Update the reusable
workflow reference in the main workflow to use a specific commit SHA for
react-component/rc-test/.github/workflows/test-utoo.yml, and then review the
secrets: inherit usage to narrow it if possible so only required secrets are
passed through.

Source: Linters/SAST tools

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 24 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/react-component?upgradeToPro=build-rate-limit