mcp-teamcity

name: CI on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] permissions: contents: read security-events: write pull-requests: write jobs: test: name: Test runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: '1.23' - name: Cache Go modules uses: actions/cache@v3 with: path: | ~/.cache/go-build ~/go/pkg/mod key: ${{ runner.os }}-go-1.23-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-1.23- ${{ runner.os }}-go- - name: Download dependencies run: go mod download - name: Verify dependencies run: go mod verify - name: Run tests run: | go test -v -race -coverprofile=coverage.out ./... go tool cover -func=coverage.out - name: Upload coverage to Codecov uses: codecov/codecov-action@v3 with: file: ./coverage.out fail_ci_if_error: false build: name: Build runs-on: ubuntu-latest strategy: matrix: goos: [linux, windows, darwin] goarch: [amd64, arm64] exclude: - goos: windows goarch: arm64 steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v4 with: go-version: '1.23' - name: Build binary env: GOOS: ${{ matrix.goos }} GOARCH: ${{ matrix.goarch }} CGO_ENABLED: 0 run: | go build -v -ldflags="-s -w" -o teamcity-mcp-${{ matrix.goos }}-${{ matrix.goarch }} ./cmd/server docker: name: Docker Build runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 push: false tags: teamcity-mcp:test cache-from: type=gha cache-to: type=gha,mode=max security: name: Security Scan runs-on: ubuntu-latest needs: [test] steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' dependency-review: name: Dependency Review runs-on: ubuntu-latest if: github.event_name == 'pull_request' steps: - name: Checkout code uses: actions/checkout@v4 - name: Dependency Review uses: actions/dependency-review-action@v3 with: fail-on-severity: moderate quality-gate: name: Quality Gate runs-on: ubuntu-latest needs: [test, build, docker, security] if: always() steps: - name: Check all jobs status run: | if [[ "${{ needs.test.result }}" == "failure" || "${{ needs.build.result }}" == "failure" || "${{ needs.docker.result }}" == "failure" || "${{ needs.security.result }}" == "failure" ]]; then echo "Quality gate failed - one or more checks failed" exit 1 fi echo "Quality gate passed - all checks successful"