Ubuntu MCP Server

name: CI/CD Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] schedule: # Run security scans weekly - cron: '0 0 * * 0' jobs: security-scan: name: Security Scan runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.9' - name: Install security tools run: | python -m pip install --upgrade pip pip install bandit safety - name: Run Bandit Security Scan run: | bandit -r main.py -f json -o bandit-report.json || true bandit -r main.py - name: Check Dependencies for Vulnerabilities run: | pip install -r requirements.txt safety check --json --output safety-report.json || true safety check - name: Upload Security Reports uses: actions/upload-artifact@v3 if: always() with: name: security-reports path: | bandit-report.json safety-report.json test: name: Test Suite runs-on: ubuntu-latest strategy: matrix: python-version: ['3.9', '3.10', '3.11', '3.12'] steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Create virtual environment run: | python -m venv .venv source .venv/bin/activate python -m pip install --upgrade pip - name: Install dependencies run: | source .venv/bin/activate pip install -r requirements.txt - name: Run functionality tests run: | source .venv/bin/activate python main.py --test - name: Run security validation tests run: | source .venv/bin/activate python main.py --security-test - name: Test MCP protocol compliance run: | source .venv/bin/activate timeout 10s python main.py --policy secure || test $? -eq 124 integration-test: name: Integration Tests runs-on: ubuntu-latest needs: [test, security-scan] steps: - uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.11' - name: Full setup test run: | python setup.py --skip-claude --quiet - name: Test server startup and shutdown run: | source .venv/bin/activate python main.py --policy secure & SERVER_PID=$! sleep 5 if kill -0 $SERVER_PID 2>/dev/null; then echo "Server started successfully" kill $SERVER_PID wait $SERVER_PID 2>/dev/null || true echo "Server stopped successfully" else echo "Server failed to start" exit 1 fi release-check: name: Release Readiness runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' needs: [test, security-scan, integration-test] steps: - uses: actions/checkout@v4 - name: Security scan summary run: | echo "🔒 Security Scan Summary:" echo "✅ Bandit static analysis completed" echo "✅ Dependency vulnerability scan completed" echo "✅ Security policy tests passed" - name: Release readiness report run: | echo "🚀 Release Readiness Report:" echo "✅ All tests passing" echo "✅ Security scans clean" echo "✅ Integration tests passed" echo "Ready for release! 🎉"