Tailscale MCP Server

name: Release on: push: branches: [main] workflow_dispatch: inputs: release_type: description: "Release type" required: true default: "patch" type: choice options: - patch - minor - major - prerelease env: NODE_VERSION: "20" BUN_VERSION: "latest" ARTIFACT_NAME: tailscale-mcp-server # Grant minimum necessary permissions for the GITHUB_TOKEN permissions: contents: write packages: write id-token: write jobs: release: name: Release runs-on: ubuntu-latest if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} outputs: # Correctly map outputs to the step that generates them released: ${{ steps.version.outputs.released }} version: ${{ steps.version.outputs.new_version }} tag: ${{ steps.version.outputs.tag }} steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Bun uses: oven-sh/setup-bun@v1 with: bun-version: ${{ env.BUN_VERSION }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} - name: Cache dependencies uses: actions/cache@v4 with: path: | ~/.bun/install/cache node_modules key: ${{ runner.os }}-bun-release-${{ hashFiles('**/bun.lock') }} restore-keys: | ${{ runner.os }}-bun- - name: Install dependencies run: bun install --frozen-lockfile - name: Run tests run: bun run test:ci - name: Build project run: bun run build - name: Verify build run: | test -f dist/index.js test -f dist/index.cjs echo "✅ Build verification passed" - name: Upload build artifact uses: actions/upload-artifact@v4 with: name: ${{ env.ARTIFACT_NAME }} path: ./dist - name: Configure Git run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - name: Determine version bump id: version_bump run: | if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then echo "type=${{ github.event.inputs.release_type }}" >> $GITHUB_OUTPUT else if git log --format=%B -n 1 ${{ github.sha }} | grep -q "BREAKING CHANGE\|!:"; then echo "type=major" >> $GITHUB_OUTPUT elif git log --format=%B -n 1 ${{ github.sha }} | grep -q "^feat"; then echo "type=minor" >> $GITHUB_OUTPUT else echo "type=patch" >> $GITHUB_OUTPUT fi fi - name: Bump version and generate changelog id: version run: | OLD_VERSION=$(node -p "require('./package.json').version") bun version ${{ steps.version_bump.outputs.type }} --no-git-tag-version NEW_VERSION=$(node -p "require('./package.json').version") echo "old_version=$OLD_VERSION" >> $GITHUB_OUTPUT echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT echo "tag=v$NEW_VERSION" >> $GITHUB_OUTPUT echo "released=true" >> $GITHUB_OUTPUT # Generate changelog CHANGELOG_BODY=$(git log --pretty=format:"- %s (%h)" v$OLD_VERSION..HEAD 2>/dev/null || git log --pretty=format:"- %s (%h)" --max-count=10) echo "changelog<<EOF" >> $GITHUB_OUTPUT echo "$CHANGELOG_BODY" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT - name: Commit version bump run: | git add package.json bun.lock git commit -m "chore: bump version to ${{ steps.version.outputs.new_version }}" git tag "v${{ steps.version.outputs.new_version }}" - name: Setup NPM authentication run: | echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc - name: Publish to NPM if: ${{ secrets.NPM_TOKEN }} run: | echo "📦 Publishing to NPM..." bun publish --access public echo "✅ Published to NPM successfully!" - name: Create GitHub Release uses: softprops/action-gh-release@v1 with: tag_name: v${{ steps.version.outputs.new_version }} name: Release v${{ steps.version.outputs.new_version }} body: | ## Changes in v${{ steps.version.outputs.new_version }} ${{ steps.version.outputs.changelog }} ## Installation ### NPM ```bash npm install -g @hexsleeves/tailscale-mcp-server ``` ### Bun (Recommended) ```bash bun add -g @hexsleeves/tailscale-mcp-server ``` ### Docker ```bash docker pull ghcr.io/hexsleeves/tailscale-mcp-server:v${{ steps.version.outputs.new_version }} ``` draft: false prerelease: ${{ contains(steps.version.outputs.new_version, 'alpha') || contains(steps.version.outputs.new_version, 'beta') || contains(steps.version.outputs.new_version, 'rc') }} token: ${{ secrets.GITHUB_TOKEN }} - name: Push changes and tags run: | git push origin main git push origin v${{ steps.version.outputs.new_version }} docker-publish: name: Publish Docker Images runs-on: ubuntu-latest needs: release if: needs.release.outputs.released == 'true' permissions: contents: read packages: write steps: - name: Checkout code uses: actions/checkout@v4 with: ref: v${{ needs.release.outputs.version }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Log in to Docker Hub if: ${{ secrets.DOCKER_HUB_TOKEN }} uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: | ghcr.io/${{ github.repository }} ${{ secrets.DOCKER_HUB_USERNAME }}/tailscale-mcp-server tags: | type=semver,pattern={{version}},value=v${{ needs.release.outputs.version }} type=semver,pattern={{major}}.{{minor}},value=v${{ needs.release.outputs.version }} type=semver,pattern={{major}},value=v${{ needs.release.outputs.version }} type=raw,value=latest - name: Build and push Docker images uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max