Industrial MCP Server

name: CI/CD Pipeline on: push: branches: [ main, develop, 'feature/*' ] pull_request: branches: [ main, develop ] workflow_dispatch: # Add permissions for GitHub token permissions: contents: read pull-requests: write issues: write jobs: # Security scanning job - runs in parallel with tests security: runs-on: ubuntu-latest name: Security Audit steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '18' cache: 'npm' - name: Install dependencies run: npm ci - name: Audit dependencies for vulnerabilities run: npm audit --audit-level=moderate continue-on-error: true - name: Check for hardcoded secrets uses: trufflesecurity/trufflehog@main with: path: ./ base: ${{ github.event.repository.default_branch }} head: HEAD continue-on-error: true test: runs-on: ubuntu-latest name: Test and Lint steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 # Fetch all history for branch comparison - name: Check branch is up-to-date with main if: github.event_name == 'pull_request' run: | echo "🔍 Checking if PR branch is up-to-date with main..." git fetch origin main if ! git merge-base --is-ancestor origin/main HEAD; then echo "❌ Branch is behind main. Please sync your branch:" echo " git checkout ${{ github.head_ref }}" echo " git pull origin main --no-rebase" echo " git push origin ${{ github.head_ref }}" exit 1 fi echo "✅ Branch is up-to-date with main" - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '18' cache: 'npm' - name: Install dependencies run: npm ci - name: Run TypeScript check run: npm run type-check - name: Run ESLint run: npm run lint - name: Build application run: npm run build - name: Run Jest unit tests run: | echo "🧪 Running MCP-focused test suite..." npm test -- --coverage --verbose echo "✅ Unit tests completed" - name: Run MCP integration tests env: CI_TEST_API_KEY: ${{ secrets.CI_TEST_API_KEY || 'test-key' }} run: | # Start the dev server in background npm run dev & DEV_PID=$! # Dynamic health check with timeout echo "Waiting for server to start..." MAX_ATTEMPTS=30 for i in $(seq 1 $MAX_ATTEMPTS); do if curl -f http://localhost:3000/api/health 2>/dev/null; then echo "✅ Server is responding! (attempt $i/$MAX_ATTEMPTS)" break fi if [ $i -eq $MAX_ATTEMPTS ]; then echo "❌ Server failed to start after $MAX_ATTEMPTS attempts" kill $DEV_PID || true exit 1 fi echo "⏳ Attempt $i/$MAX_ATTEMPTS: Server not ready yet, waiting..." sleep 2 done # Run basic MCP tests with environment credentials node scripts/test-mcp.js \ --url=http://localhost:3000 \ --api-key="$CI_TEST_API_KEY" \ --verbose=false || echo "⚠️ MCP tests completed with issues - this is expected in CI environment" # Kill the dev server kill $DEV_PID || echo "Dev server already stopped" # Preview deployment for non-main branches and PRs deploy-preview: needs: [test, security] runs-on: ubuntu-latest if: github.ref != 'refs/heads/main' || github.event_name == 'pull_request' name: Deploy Preview steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js for testing uses: actions/setup-node@v4 with: node-version: '18' cache: 'npm' - name: Install dependencies for testing run: npm ci - name: Check environment variable size run: | echo "🔍 Checking environment variable size before preview deployment..." node .github/scripts/env-size.js echo "✅ Preview environment size check passed" - name: Deploy to Vercel Preview uses: amondnet/vercel-action@v25 id: vercel-preview with: vercel-token: ${{ secrets.VERCEL_TOKEN }} vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }} working-directory: ./ scope: ${{ secrets.VERCEL_ORG_ID }} - name: Preview deployment info if: success() run: | echo "✅ Preview deployment successful!" PREVIEW_URL="${{ steps.vercel-preview.outputs.preview-url }}" if [ -n "$PREVIEW_URL" ]; then echo "🔗 Preview URL: $PREVIEW_URL" echo "📊 MCP Endpoint: $PREVIEW_URL/api/mcp" echo "⚠️ Note: Preview testing skipped due to Vercel SSO authentication" echo "🧪 Full testing will run on production deployment" else echo "⚠️ Preview URL not available" fi - name: Comment PR with preview URL if: github.event_name == 'pull_request' && success() uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const previewUrl = '${{ steps.vercel-preview.outputs.preview-url }}'; if (previewUrl) { await github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: '🚀 **Preview deployment ready!**\n\n' + '**🔗 Preview URL:** ' + previewUrl + '\n' + '**📊 MCP Endpoint:** `' + previewUrl + '/api/mcp`\n\n' + '**✅ Test the deployment:**\n' + '- Neo4j Knowledge Graph tools\n' + '- MySQL Analytics (Matomo) tools\n' + '- Cross-database correlation tools\n' + '- 18+ total MCP tools available\n\n' + '**🔑 Testing:** Use `x-api-key` header for MCP endpoints.' }); } # Production deployment for main branch deploy: needs: [test, security] runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' && github.event_name == 'push' name: Deploy to Production steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js for testing uses: actions/setup-node@v4 with: node-version: '18' cache: 'npm' - name: Install dependencies for testing run: npm ci - name: Check environment variable size run: | echo "🔍 Checking environment variable size before production deployment..." node .github/scripts/env-size.js echo "✅ Environment size check passed" - name: Deploy to Vercel uses: amondnet/vercel-action@v25 with: vercel-token: ${{ secrets.VERCEL_TOKEN }} vercel-org-id: ${{ secrets.VERCEL_ORG_ID }} vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }} vercel-args: '--prod' - name: Wait for production deployment health check run: | echo "🔍 Checking production deployment health..." PROD_URL="https://industrial-mcp-delta.vercel.app" MAX_ATTEMPTS=30 for i in $(seq 1 $MAX_ATTEMPTS); do if curl -f "$PROD_URL/api/health" 2>/dev/null; then echo "✅ Production deployment is healthy! (attempt $i/$MAX_ATTEMPTS)" break fi if [ $i -eq $MAX_ATTEMPTS ]; then echo "❌ Production deployment health check failed after $MAX_ATTEMPTS attempts" exit 1 fi echo "⏳ Attempt $i/$MAX_ATTEMPTS: Deployment not ready yet, waiting..." sleep 5 done - name: Test production deployment run: | MCP_PROD_URL=https://industrial-mcp-delta.vercel.app \ API_KEY=${{ secrets.PROD_API_KEY }} \ npm run test:prod - name: Update deployment status if: success() run: | echo "✅ Production deployment successful!" echo "🔗 Production URL: https://industrial-mcp-delta.vercel.app" echo "📊 MCP Endpoint: https://industrial-mcp-delta.vercel.app/api/mcp"