We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/jhomen368/steam-reviews-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server
name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
security-events: write
jobs:
typescript-build:
name: TypeScript Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run npm audit
run: npm audit --audit-level=moderate
continue-on-error: true # Don't fail PR, just warn
- name: TypeScript Build
run: npm run build
- name: Verify build output
run: |
test -f build/index.js || (echo "❌ build/index.js not found" && exit 1)
node -e "require('fs').accessSync('build/index.js'); console.log('Found build/index.js')" || exit 1
node -v >/dev/null 2>&1 || (echo '❌ Node not available' && exit 1)
node build/index.js --help >/dev/null 2>&1 || echo "ℹ️ build/index.js executed (non-blocking)"
echo "✅ Build artifact verified"
docker-security-scan:
name: Docker Build & Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image (test only - no push)
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
push: false
load: true
tags: steam-reviews-mcp:test
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.34.1
with:
image-ref: steam-reviews-mcp:test
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'
limit-severities-for-sarif: true
exit-code: '1'
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v4
if: always()
with:
sarif_file: 'trivy-results.sarif'