feat(teams): comprehensive team management — role hierarchy, OIDC sync, admin UI team scoping #10447
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # =============================================================== | |
| # Lint & Static Analysis - Code Quality Gate | |
| # =============================================================== | |
| # | |
| # - Lints both mcpgateway/ and plugins/ in a unified workflow | |
| # - Python linters run per-target; repo-wide checks run once | |
| # - Each job installs the project in dev-editable mode | |
| # --------------------------------------------------------------- | |
| name: Lint & Static Analysis | |
| on: | |
| push: | |
| branches: ["main"] | |
| # paths: | |
| # - "mcpgateway/**" | |
| # - "plugins/**" | |
| # - "pyproject.toml" | |
| # - ".github/workflows/lint.yml" | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review] | |
| branches: ["main"] | |
| # paths: | |
| # - "mcpgateway/**" | |
| # - "plugins/**" | |
| # - "pyproject.toml" | |
| # - ".github/workflows/lint.yml" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| # Keep these pins in lockstep with the *_VERSION variables in the Makefile. | |
| # Linters are invoked via `uv tool run <tool>==<pin>` so CI and local runs | |
| # use identical versions regardless of the dev dependency group. | |
| env: | |
| RUFF_VERSION: "0.15.1" | |
| PYLINT_VERSION: "3.3.9" | |
| PYLINT_PYDANTIC_VERSION: "0.3.5" | |
| VULTURE_VERSION: "2.14" | |
| INTERROGATE_VERSION: "1.7.0" | |
| RADON_VERSION: "6.0.1" | |
| YAMLLINT_VERSION: "1.38.0" | |
| TOMLCHECK_VERSION: "0.2.3" | |
| jobs: | |
| # --------------------------------------------------------------- | |
| # Python linters - run on both mcpgateway/ and plugins/ | |
| # --------------------------------------------------------------- | |
| python-lint: | |
| if: github.event_name != 'pull_request' || !github.event.pull_request.draft | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: [mcpgateway, plugins] | |
| tool: | |
| - id: ruff | |
| cmd: "uv tool run ruff==$RUFF_VERSION check $TARGET" | |
| - id: vulture | |
| cmd: 'uv tool run vulture==$VULTURE_VERSION $TARGET --min-confidence 80 --exclude "*_pb2.py,*_pb2_grpc.py"' | |
| - id: pylint | |
| cmd: "uv tool run --with-editable . --with pylint-pydantic==$PYLINT_PYDANTIC_VERSION pylint==$PYLINT_VERSION $TARGET --rcfile=.pylintrc.$TARGET --fail-on E --fail-under=10" | |
| - id: interrogate | |
| cmd: "uv tool run interrogate==$INTERROGATE_VERSION -vv $TARGET --fail-under 100" | |
| - id: radon | |
| cmd: "uv tool run radon==$RADON_VERSION cc $TARGET --min C --show-complexity && uv tool run radon==$RADON_VERSION mi $TARGET --min B" | |
| name: "${{ matrix.tool.id }} (${{ matrix.target }})" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 1 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@d0d8abe699bfb85fec6de9f7adb5ae17292296ff # v6 | |
| - name: Run linter | |
| env: | |
| TARGET: ${{ matrix.target }} | |
| run: ${{ matrix.tool.cmd }} | |
| # --------------------------------------------------------------- | |
| # Repo-wide syntax/format checkers (run once, not per-target) | |
| # --------------------------------------------------------------- | |
| syntax-check: | |
| if: github.event_name != 'pull_request' || !github.event.pull_request.draft | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - id: yamllint | |
| setup: "true" | |
| cmd: uv tool run yamllint==$YAMLLINT_VERSION -c .yamllint . | |
| - id: jsonlint | |
| setup: | | |
| sudo apt-get update -qq | |
| sudo apt-get install -y jq | |
| cmd: | | |
| find . -type f -name '*.json' -not -path './node_modules/*' -print0 | | |
| xargs -0 -I{} jq empty "{}" | |
| - id: tomllint | |
| setup: "true" | |
| cmd: | | |
| find . -type f -name '*.toml' \ | |
| -not -path './plugin_templates/*' \ | |
| -not -path './mcp-servers/templates/*' \ | |
| -print0 | | |
| xargs -0 -I{} uv tool run tomlcheck==$TOMLCHECK_VERSION "{}" | |
| name: ${{ matrix.id }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 1 | |
| - name: Set up Python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version: "3.12" | |
| cache: pip | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@d0d8abe699bfb85fec6de9f7adb5ae17292296ff # v6 | |
| - name: Install tool | |
| run: ${{ matrix.setup }} | |
| - name: Run check | |
| run: ${{ matrix.cmd }} |