ci: two-stage release with manual approval (2.x)

[fengmk2]

Brings the 2.x maintenance branch onto the same release flow as master (#814), so every line releases the same way.

Flow: run Prepare Release (manual, with a version) -> it opens a release/vX.Y.Z PR -> merge it -> Release checks the version against npm, pushes an approval request to DingTalk, waits on the release environment gate, then publishes and creates the GitHub Release.

2.x specifics:

• Publishes under dist-tag latest-2 (never latest).
• Publishes lib/ directly (no build step).
• Replaces the previous shared node-release reusable workflow.
• npm auth via OIDC trusted publishing (id-token: write).

Requires the repo release environment (required reviewers) and npm trusted-publisher config to allow this branch's workflow. DingTalk secrets are already set repo-wide.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4a06e150-b15a-4e86-b0cf-697cdd51f301

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/release-flow-2.x

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}