Wazuh MCP Server

name: CI Pipeline on: push: branches: [ main, mcp-remote, develop ] pull_request: branches: [ main, mcp-remote ] workflow_dispatch: jobs: test: name: Test Python ${{ matrix.python-version }} runs-on: ubuntu-latest strategy: matrix: python-version: ['3.9', '3.10', '3.11', '3.12', '3.13'] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Cache pip packages uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt', '**/pyproject.toml') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | python -m pip install --upgrade pip pip install -e . pip install pytest pytest-asyncio pytest-cov - name: Run tests run: | pytest tests/ -v --cov=src/wazuh_mcp_server --cov-report=xml --cov-report=term continue-on-error: true - name: Upload coverage reports uses: codecov/codecov-action@v4 with: file: ./coverage.xml flags: unittests name: codecov-${{ matrix.python-version }} continue-on-error: true lint: name: Lint & Security Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install linters run: | python -m pip install --upgrade pip pip install ruff black mypy bandit - name: Run ruff run: ruff check src/ || true - name: Check black formatting run: black --check src/ || true - name: Run mypy run: mypy src/ --ignore-missing-imports || true - name: Security scan with bandit run: bandit -r src/ -f json -o bandit-report.json || true - name: Upload bandit report uses: actions/upload-artifact@v4 with: name: bandit-security-report path: bandit-report.json if: always() fastmcp-test: name: FastMCP STDIO Test runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install package run: | python -m pip install --upgrade pip pip install -e . - name: Test CLI command run: | wazuh-mcp-server --help || true wazuh-mcp-server --version || true dependency-check: name: Dependency Security Check runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install dependencies run: | python -m pip install --upgrade pip pip install safety pip-audit - name: Check with safety run: safety check --json || true continue-on-error: true - name: Check with pip-audit run: pip-audit || true continue-on-error: true validate-configs: name: Validate Configurations runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Validate YAML files run: | sudo apt-get update && sudo apt-get install -y yamllint yamllint .github/workflows/*.yml || true - name: Validate JSON files run: | for file in $(find . -name "*.json" -type f); do python -m json.tool "$file" > /dev/null || echo "Invalid JSON: $file" done - name: Check .env.example run: | if [ ! -f .env.example ]; then echo "ERROR: .env.example file missing!" exit 1 fi echo "✅ .env.example exists"