name: CI Tests
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18.x, 20.x, 22.x]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run security audit
run: npm audit --audit-level high
- name: Build project
run: npm run build
- name: Run tests
run: npm test
- name: Check TypeScript compilation
run: npx tsc --noEmit
- name: Test MCP server startup
run: |
timeout 10s node dist/index.js || exit_code=$?
if [ $exit_code -eq 124 ]; then
echo "✅ Server started successfully (timed out as expected)"
exit 0
elif [ $exit_code -eq 0 ]; then
echo "✅ Server started and stopped gracefully"
exit 0
else
echo "❌ Server failed to start"
exit 1
fi
security:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '20.x'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Security audit
run: npm audit
- name: Check for sensitive data
run: |
# Check for potential secrets (excluding the known public API key)
if grep -r --exclude-dir=node_modules --exclude-dir=.git -E "(password|secret|token|private_key)" . | grep -v "AIzaSyCqPSptx9mClE5NU4cpfzr6cgdO_phV1lM" | grep -v "example" | grep -v "test" | grep -v "\.md:" | grep -v "README" | grep -v "SECURITY"; then
echo "❌ Potential sensitive data found"
exit 1
else
echo "✅ No sensitive data detected"
fi
