Wazuh MCP Server

name: Release Pipeline on: push: tags: - 'v*.*.*' - 'stdio-v*.*.*' - 'remote-v*.*.*' workflow_dispatch: inputs: version: description: 'Release version (e.g., 3.0.0)' required: true branch: description: 'Branch to release from' required: true default: 'main' type: choice options: - main - mcp-remote jobs: build-and-test: name: Build and Test runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.inputs.branch || github.ref }} - name: Set up Python uses: actions/setup-python@v5 with: python-version: '3.11' - name: Install dependencies run: | python -m pip install --upgrade pip pip install build twine pip install -e . - name: Run tests run: | pip install pytest pytest-asyncio pytest tests/ -v || true - name: Build package run: python -m build - name: Check package run: twine check dist/* - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: python-packages path: dist/ docker-release: name: Docker Release runs-on: ubuntu-latest needs: build-and-test if: github.ref == 'refs/heads/mcp-remote' || contains(github.ref, 'remote-v') steps: - uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} if: github.event_name != 'workflow_dispatch' - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: | gensecai/wazuh-mcp-server tags: | type=ref,event=branch type=ref,event=tag type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=raw,value=latest,enable={{is_default_branch}} type=raw,value=remote,enable=${{ github.ref == 'refs/heads/mcp-remote' }} - name: Build and push uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'workflow_dispatch' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max create-release: name: Create GitHub Release runs-on: ubuntu-latest needs: [build-and-test] if: startsWith(github.ref, 'refs/tags/') steps: - uses: actions/checkout@v4 - name: Download artifacts uses: actions/download-artifact@v4 with: name: python-packages path: dist/ - name: Extract version id: version run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - name: Generate release notes id: notes run: | cat << EOF > RELEASE_NOTES.md # Wazuh MCP Server Release ${{ steps.version.outputs.VERSION }} ## 🚀 Features - Production-ready MCP server for Wazuh SIEM - 29 specialized security tools - Full MCP protocol compliance - Enterprise-grade security ## 📦 Installation ### PyPI \`\`\`bash pip install wazuh-mcp-server==${{ steps.version.outputs.VERSION }} \`\`\` ### Docker \`\`\`bash docker pull gensecai/wazuh-mcp-server:${{ steps.version.outputs.VERSION }} \`\`\` ## 📋 Changelog See [CHANGELOG.md](https://github.com/${{ github.repository }}/blob/main/CHANGELOG.md) EOF - name: Create Release uses: softprops/action-gh-release@v2 with: body_path: RELEASE_NOTES.md files: dist/* draft: false prerelease: ${{ contains(steps.version.outputs.VERSION, 'beta') || contains(steps.version.outputs.VERSION, 'rc') }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} publish-pypi: name: Publish to PyPI runs-on: ubuntu-latest needs: [build-and-test, create-release] if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'remote-v') steps: - name: Download artifacts uses: actions/download-artifact@v4 with: name: python-packages path: dist/ - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: password: ${{ secrets.PYPI_API_TOKEN }} skip-existing: true if: secrets.PYPI_API_TOKEN != ''