MCP Kafka Schema Reg

Overview Inspect Schema Related Servers Score Discussions

build.yml•9.21 kB

name: Build on: push: branches: - main paths: - 'Dockerfile' - '*.py' - 'requirements.txt' - .github/workflows/build.yml pull_request: branches: - main paths: - 'Dockerfile' - '*.py' - 'requirements.txt' jobs: build: runs-on: ubuntu-latest permissions: contents: read security-events: write # Required for SARIF upload steps: - uses: actions/checkout@v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker image for testing (amd64 only) uses: docker/build-push-action@v6 with: context: . platforms: linux/amd64 tags: kafka-schema-reg-mcp:test cache-from: type=gha cache-to: type=gha,mode=max load: true # Multi-platform builds are only done during releases/publishing # This saves CI time and GitHub Actions minutes while still validating functionality - name: Test MCP server Docker image run: | echo "Testing MCP server Docker image..." # Clean up any existing cache directories that might cause permission issues echo "Cleaning up cache directories..." docker run --rm kafka-schema-reg-mcp:test find . -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null || true # Test that the image contains the correct files echo "Checking application files..." docker run --rm kafka-schema-reg-mcp:test ls -la | grep kafka_schema_registry_unified_mcp.py # Test that dependencies are installed echo "Testing MCP SDK installation..." docker run --rm -e PYTHONDONTWRITEBYTECODE=1 kafka-schema-reg-mcp:test python -c "import mcp; print('✅ MCP SDK installed')" # Test unified MCP server can be imported without errors echo "Testing unified MCP server import..." docker run --rm -e PYTHONDONTWRITEBYTECODE=1 kafka-schema-reg-mcp:test python -c " import kafka_schema_registry_unified_mcp print('✅ Unified MCP server imports successfully') print('✅ No Pydantic warnings - field name conflicts resolved') " # Test that the script is syntactically valid echo "Testing Python syntax..." docker run --rm -e PYTHONDONTWRITEBYTECODE=1 kafka-schema-reg-mcp:test python -B -m py_compile kafka_schema_registry_unified_mcp.py # Test basic MCP server startup (should start and wait for stdio) echo "Testing unified MCP server startup..." timeout 3s docker run --rm kafka-schema-reg-mcp:test || test $? -eq 124 if [ $? -eq 124 ]; then echo "✅ Unified MCP server started and waited for stdio input (expected behavior)" else echo "✅ Unified MCP server started successfully" fi # Test environment variable handling echo "Testing unified MCP server environment configuration..." docker run --rm \ -e PYTHONDONTWRITEBYTECODE=1 \ -e SCHEMA_REGISTRY_NAME_1=test \ -e SCHEMA_REGISTRY_URL_1=http://test:8081 \ -e VIEWONLY_1=false \ kafka-schema-reg-mcp:test python -c " import os print(f'SCHEMA_REGISTRY_NAME_1: {os.getenv(\"SCHEMA_REGISTRY_NAME_1\", \"not set\")}') print(f'SCHEMA_REGISTRY_URL_1: {os.getenv(\"SCHEMA_REGISTRY_URL_1\", \"not set\")}') print(f'VIEWONLY_1: {os.getenv(\"VIEWONLY_1\", \"not set\")}') import kafka_schema_registry_unified_mcp print('✅ Unified MCP server environment variables handled correctly') " echo "✅ All Docker image tests passed!" # Option 3: Enhanced Trivy configuration - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master continue-on-error: true # Don't fail the workflow if Trivy scan fails with: image-ref: kafka-schema-reg-mcp:test format: 'sarif' output: 'trivy-results-raw.sarif' severity: 'CRITICAL,HIGH' ignore-unfixed: true vuln-type: 'os,library' scanners: 'vuln' # Option 2: Filter SARIF results to ensure only HIGH and CRITICAL are reported - name: Filter SARIF results for HIGH and CRITICAL only run: | if [ -f "trivy-results-raw.sarif" ]; then # Install jq if not available which jq || sudo apt-get update && sudo apt-get install -y jq # Filter SARIF to only include HIGH and CRITICAL severity # SARIF uses levels: error=CRITICAL, warning=HIGH, note=MEDIUM, none=LOW jq ' .runs[].results |= map( select(.level == "error" or .level == "warning") ) ' trivy-results-raw.sarif > trivy-results.sarif # Debug: Show filtered results count echo "Filtered SARIF results:" jq '.runs[].results | length' trivy-results.sarif # Mark as existing echo "trivy_results_exist=true" >> $GITHUB_ENV else echo "⚠️ No Trivy SARIF results to filter" echo "trivy_results_exist=false" >> $GITHUB_ENV fi # Option 3: Enhanced Trivy configuration for table output - name: Run Trivy vulnerability scanner (Table format) uses: aquasecurity/trivy-action@master continue-on-error: true with: image-ref: kafka-schema-reg-mcp:test format: 'table' output: 'trivy-table.txt' severity: 'CRITICAL,HIGH' ignore-unfixed: true vuln-type: 'os,library' scanners: 'vuln' - name: Check if Trivy results exist id: check_trivy_results run: | if [ -f "trivy-results.sarif" ]; then echo "trivy_results_exist=true" >> $GITHUB_OUTPUT else echo "trivy_results_exist=false" >> $GITHUB_OUTPUT echo "⚠️ Trivy scan results not found - scan may have failed" fi - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v4 if: always() && steps.check_trivy_results.outputs.trivy_results_exist == 'true' continue-on-error: true # Don't fail the workflow if SARIF upload fails with: sarif_file: 'trivy-results.sarif' - name: Generate build security summary if: always() run: | echo "## Build Security Summary" >> $GITHUB_STEP_SUMMARY echo "- ✅ Docker image build completed successfully" >> $GITHUB_STEP_SUMMARY echo "- 🔍 Trivy vulnerability scan completed (CRITICAL and HIGH severity only)" >> $GITHUB_STEP_SUMMARY echo "- ✅ **SARIF Filtering**: Applied to ensure only HIGH and CRITICAL appear in Security tab" >> $GITHUB_STEP_SUMMARY echo "- 📋 **Severity Filter**: Only CRITICAL and HIGH vulnerabilities reported" >> $GITHUB_STEP_SUMMARY echo "- ❌ **Excluded**: MEDIUM and LOW severity issues" >> $GITHUB_STEP_SUMMARY echo "- ✅ **Unfixed vulnerabilities**: Ignored to reduce noise" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY # Include the actual Trivy scan results if available if [ -f "trivy-table.txt" ]; then echo "### Vulnerability Report" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY cat trivy-table.txt >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY # Extract vulnerability counts from the table if grep -q "Total:" trivy-table.txt; then TOTAL_LINE=$(grep "Total:" trivy-table.txt) echo "### Vulnerability Counts" >> $GITHUB_STEP_SUMMARY echo "$TOTAL_LINE" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY fi else echo "⚠️ No detailed vulnerability report available" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY fi if [ -f "trivy-results.sarif" ]; then echo "- ✅ Filtered security scan results uploaded to GitHub Security tab" >> $GITHUB_STEP_SUMMARY else echo "- ⚠️ Security scan results not available" >> $GITHUB_STEP_SUMMARY fi echo "" >> $GITHUB_STEP_SUMMARY echo "**Note**: This build follows the security policy of reporting only CRITICAL and HIGH severity vulnerabilities." >> $GITHUB_STEP_SUMMARY - name: Upload scan results uses: actions/upload-artifact@v6 if: always() with: name: build-security-scan-results path: | trivy-results.sarif trivy-results-raw.sarif trivy-table.txt retention-days: 30

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/aywengo/kafka-schema-reg-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

build.yml•9.21 kB