MCP Context Provider

name: Continuous Integration on: pull_request: branches: [ main, develop ] push: branches: [ main, develop ] permissions: contents: read # Required to checkout code actions: read # Required to read workflow status checks: write # Required to write check results security-events: write # Required for security scanning jobs: validate: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.9' - name: Set up Node.js (for DXT CLI) uses: actions/setup-node@v4 with: node-version: '18' - name: Install DXT CLI run: npm install -g @anthropic-ai/dxt - name: Install Python dependencies run: | python -m pip install --upgrade pip pip install pre-commit black - name: Validate context files structure run: | echo "🔍 Validating context file structure..." python scripts/validate_contexts.py contexts/*.json - name: Test build process run: | echo "🧪 Testing build process..." python scripts/test_build.py - name: Check version consistency run: | echo "🔍 Checking version consistency..." python scripts/check_versions.py - name: Validate JSON syntax run: | echo "🔍 Validating JSON syntax..." for json_file in contexts/*.json; do if [ -f "$json_file" ]; then echo "Checking: $(basename $json_file)" python -m json.tool "$json_file" > /dev/null fi done echo "✅ All JSON files are valid" - name: Test full build process run: | echo "🔨 Testing full build process..." python scripts/build_dxt.py --version "test-$(date +%s)" # Verify package was created PACKAGE_FILE=$(ls mcp-context-provider-test-*.dxt | head -1) if [ ! -f "$PACKAGE_FILE" ]; then echo "❌ Test package not created" exit 1 fi echo "✅ Test package created: $PACKAGE_FILE" # Test package unpack mkdir -p test-unpack dxt unpack "$PACKAGE_FILE" test-unpack/ # Verify unpacked structure REQUIRED_FILES=( "test-unpack/server/context_provider_server.py" "test-unpack/contexts" "test-unpack/manifest.json" ) for file in "${REQUIRED_FILES[@]}"; do if [ ! -e "$file" ]; then echo "❌ Missing file after unpack: $file" exit 1 fi done # Count context files CONTEXT_COUNT=$(find test-unpack/contexts -name "*.json" | wc -l) echo "✅ Package test passed - $CONTEXT_COUNT context files found" # Cleanup rm -f "$PACKAGE_FILE" rm -rf test-unpack/ - name: Code quality check run: | echo "🎨 Checking Python code quality..." # Check if Python files exist and run black on them if ls *.py 1> /dev/null 2>&1; then black --check --diff *.py fi if ls scripts/*.py 1> /dev/null 2>&1; then black --check --diff scripts/*.py fi echo "✅ Code quality check passed" compatibility-test: runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-latest, macos-latest, windows-latest] python-version: ['3.8', '3.9', '3.10', '3.11'] exclude: # Skip some combinations to reduce CI time - os: windows-latest python-version: '3.8' - os: macos-latest python-version: '3.8' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Set up Node.js (for DXT CLI) uses: actions/setup-node@v4 with: node-version: '18' - name: Install DXT CLI run: npm install -g @anthropic-ai/dxt - name: Test basic validation run: | echo "🧪 Testing basic validation on ${{ matrix.os }} with Python ${{ matrix.python-version }}" python scripts/validate_contexts.py contexts/*.json - name: Test build script syntax run: | echo "🔍 Testing build script syntax..." python -m py_compile scripts/build_dxt.py echo "✅ Build script syntax check passed" security-scan: runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - name: Checkout code uses: actions/checkout@v4 - name: Security scan for secrets uses: trufflesecurity/trufflehog@main with: path: ./ base: main head: HEAD extra_args: --debug --only-verified - name: Check for sensitive files run: | echo "🔍 Checking for sensitive files..." # Check for common sensitive file patterns SENSITIVE_PATTERNS=( "*.key" "*.pem" "*.p12" "*.pfx" "*password*" "*secret*" "*.env" ".env.*" ) for pattern in "${SENSITIVE_PATTERNS[@]}"; do if find . -name "$pattern" -not -path "./.git/*" | grep -q .; then echo "❌ Found potentially sensitive files matching: $pattern" find . -name "$pattern" -not -path "./.git/*" exit 1 fi done echo "✅ No sensitive files detected"