OpenAPI MCP Server

name: Docker Build and Publish on: push: branches: [main, develop] tags: ["v*"] pull_request: branches: [main] env: REGISTRY: docker.io IMAGE_NAME: reallv/openapi-mcp-server jobs: build: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Docker Hub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=raw,value=latest,enable={{is_default_branch}} - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Build development image if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main' uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile.dev platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:dev labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max test: runs-on: ubuntu-latest needs: build if: github.event_name == 'pull_request' steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build test image uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile load: true tags: openapi-mcp-server:test cache-from: type=gha - name: Test container startup run: | # Test basic container startup with minimal config docker run --rm --name mcp-test -d \ -e API_BASE_URL=https://httpbin.org \ -e OPENAPI_SPEC_INLINE='{"openapi":"3.0.0","info":{"title":"Test","version":"1.0.0"},"paths":{}}' \ -e TRANSPORT_TYPE=http \ -p 3000:3000 \ openapi-mcp-server:test # Wait for startup sleep 5 # Test health check (basic connection test) curl -f http://localhost:3000/mcp --max-time 10 || exit 1 # Cleanup docker stop mcp-test - name: Test with Petstore API run: | # Test with a real OpenAPI spec docker run --rm --name mcp-petstore -d \ -e API_BASE_URL=https://petstore.swagger.io/v2 \ -e OPENAPI_SPEC_PATH=https://raw.githubusercontent.com/readmeio/oas-examples/main/3.0/json/petstore.json \ -e TRANSPORT_TYPE=http \ -e DEBUG=true \ -p 3001:3000 \ openapi-mcp-server:test # Wait for startup and spec loading sleep 10 # Test MCP protocol initialization curl -X POST http://localhost:3001/mcp \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":0,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"test-client","version":"1.0.0"}}}' \ --max-time 10 || exit 1 # Cleanup docker stop mcp-petstore security-scan: runs-on: ubuntu-latest needs: build if: github.event_name != 'pull_request' steps: - name: Checkout repository uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest format: "sarif" output: "trivy-results.sarif" - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: sarif_file: "trivy-results.sarif"