ci: optimize github actions workflows

- Use github.token instead of PAT
- Remove debug steps and simplify configurations
- Merge lint and test jobs
- Standardize secrets inheritance
- Fix uv command in deploy docs workflow

Author: colyerdeng

.github/workflows/bump_version.yaml

@@ -18,8 +18,7 @@ on:
         default: patch
 
 permissions:
-  contents: write  # 用于创建和推送标签
-  pull-requests: write  # 用于创建 PR
+  contents: write
 
 jobs:
   setup:
@@ -36,13 +35,13 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN }}
+          token: ${{ github.token }}
 
       - id: cz
         name: Create bump and changelog
         uses: commitizen-tools/commitizen-action@master
         with:
-          github_token: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN }}
+          github_token: ${{ github.token }}
           changelog_increment_filename: body.md
           increment: ${{ github.event.inputs.increment }}
 
@@ -52,4 +51,4 @@ jobs:
           body_path: body.md
           tag_name: ${{ env.REVISION }}
         env:
-          GITHUB_TOKEN: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/deploy_docs.yaml

@@ -14,11 +14,7 @@ jobs:
     uses: ./.github/workflows/setup.yaml
     with:
       install-deps: docs
-    secrets:
-      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-    outputs:
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+    secrets: inherit
 
   deploy:
     needs: setup
@@ -27,4 +23,4 @@ jobs:
       - name: Build and deploy documentation
         run: uvx mkdocs gh-deploy --force
         env:
-          GITHUB_TOKEN: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN || github.token }}
+          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/lint.yaml

@@ -17,32 +17,22 @@ jobs:
     uses: ./.github/workflows/setup.yaml
     with:
       install-deps: dev
-      python-version: "3.12"  # 使用最新版本
-    secrets:
-      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+      python-version: "3.12"
+    secrets: inherit
 
-  lint:
+  check:
     needs: setup
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v5
-
       - name: Run lint checks
         id: lint
         run: uv tool run nox -s lint
         continue-on-error: true
 
-      - name: Comment on PR
+      - name: Comment on PR (Lint)
         if: github.event_name == 'pull_request' && steps.lint.outcome == 'failure'
         uses: actions/github-script@v7
         with:
@@ -62,22 +52,7 @@ jobs:
         if: steps.lint.outcome == 'failure'
         run: exit 1
 
-  test-all:
-    needs: setup
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v5
-
-      - name: Run tests on all Python versions
+      - name: Run tests
         id: test
         run: uv tool run nox -s test_all
         continue-on-error: true
@@ -90,7 +65,7 @@ jobs:
           file: ./coverage.xml
           flags: unittests
 
-      - name: Comment on PR
+      - name: Comment on PR (Tests)
         if: github.event_name == 'pull_request' && steps.test.outcome == 'failure'
         uses: actions/github-script@v7
         with:

.github/workflows/release_build.yaml

@@ -21,11 +21,7 @@ jobs:
     with:
       install-deps: dev
       python-version: "3.12"
-    secrets:
-      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-    outputs:
-      personal-access-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+    secrets: inherit
 
   build:
     needs: setup
@@ -41,7 +37,7 @@ jobs:
         id: create_release
         uses: softprops/action-gh-release@v2
         with:
-          token: ${{ needs.setup.outputs.PERSONAL_ACCESS_TOKEN || github.token }}
+          token: ${{ github.token }}
           tag_name: ${{ github.event.inputs.version || github.ref_name }}
           draft: false
           prerelease: false

.github/workflows/setup.yaml

@@ -13,25 +13,18 @@ on:
     secrets:
       OP_SERVICE_ACCOUNT_TOKEN:
         required: false
-      PERSONAL_ACCESS_TOKEN:
-        required: false
     outputs:
       python-version:
         description: "The Python version that was set up"
         value: ${{ jobs.setup.outputs.python-version }}
-      PERSONAL_ACCESS_TOKEN:
-        description: "The personal access token"
-        value: ${{ jobs.setup.outputs.PERSONAL_ACCESS_TOKEN }}
 
 jobs:
   setup:
     runs-on: ubuntu-latest
     outputs:
       python-version: ${{ steps.setup-python.outputs.python-version }}
-      PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
     steps:
       - name: Load secret
-        if: ${{ inputs.install-deps != 'none' }}
         uses: 1password/load-secrets-action@v2
         with:
           export-env: true
@@ -43,7 +36,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ env.PERSONAL_ACCESS_TOKEN || github.token }}
+          token: ${{ github.token }}
 
       - name: Setup Python
         id: setup-python