chore: sync from source ef7843d #175
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint and Validate | |
| on: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: '30 5 * * 1' | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| pre-commit: | |
| name: Run Pre-Commit Checks | |
| if: >- | |
| ${{ | |
| ! startsWith(github.head_ref, 'release-please--branches--') | |
| && ! (github.event_name == 'push' && contains(github.event.head_commit.message, 'release-please--branches--main')) | |
| }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version-file: pyproject.toml | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| cache-dependency-glob: "pyproject.toml" | |
| - name: Check lockfile is up-to-date | |
| run: uv lock --check | |
| - name: Install dependencies | |
| run: uv sync --locked --all-extras --all-groups | |
| - name: Install pre-commit | |
| run: pip install pre-commit | |
| - name: Run pre-commit hooks | |
| run: | | |
| pre-commit run --all-files --show-diff-on-failure | |
| mcp: | |
| name: MCP Checks | |
| if: >- | |
| ${{ | |
| ! startsWith(github.head_ref, 'release-please--branches--') | |
| && ! (github.event_name == 'push' && contains(github.event.head_commit.message, 'release-please--branches--main')) | |
| }} | |
| runs-on: ubuntu-latest | |
| env: | |
| SERVER_NAME: io.github.alex-feel/mcp-context-server | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Verify MCP marker in README | |
| run: | | |
| set -euo pipefail | |
| # Accept either plain line or HTML comment | |
| if grep -Eq "(^|<!--[[:space:]]*)mcp-name:[[:space:]]*${SERVER_NAME}([[:space:]]*-->|$)" README.md; then | |
| echo 'OK: README contains MCP marker' | |
| else | |
| echo "README.md must contain 'mcp-name: ${SERVER_NAME}' line or HTML comment" >&2 | |
| exit 1 | |
| fi | |
| - name: Validate server.json presence and JSON syntax | |
| run: | | |
| python - <<'PY' | |
| # Validate that server.json exists and is valid JSON | |
| import json, sys | |
| from pathlib import Path | |
| p = Path('server.json') | |
| if not p.exists(): | |
| print('server.json not found', file=sys.stderr) | |
| sys.exit(1) | |
| with p.open('r', encoding='utf-8') as f: | |
| json.load(f) | |
| print('OK: server.json exists and is valid JSON') | |
| PY | |
| security: | |
| name: Security Scan | |
| if: >- | |
| ${{ | |
| ! startsWith(github.head_ref, 'release-please--branches--') | |
| && ! (github.event_name == 'push' && contains(github.event.head_commit.message, 'release-please--branches--main')) | |
| }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Run Trivy security scanner | |
| uses: aquasecurity/trivy-action@v0.35.0 | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| version: 'latest' | |
| - name: Upload Trivy results to GitHub Security | |
| uses: github/codeql-action/upload-sarif@v4 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' |