GitHub PR Issue Analyser

name: CI on: push: branches: - main paths: - "src/mcp_github/*.py" - "Dockerfile" - ".github/workflows/ci.yml" - "requirements.txt" - "pyproject.toml" pull_request: branches: - main paths: - "src/mcp_github/*.py" - "Dockerfile" - ".github/workflows/ci.yml" - "requirements.txt" - "pyproject.toml" workflow_dispatch: env: REGISTRY: ghcr.io OWNER: ${{ github.repository_owner }} REPO_NAME: ${{ github.event.repository.name }} jobs: analyze: name: analyze runs-on: ubuntu-latest strategy: fail-fast: false matrix: language: ['python'] steps: - name: Checkout repository uses: actions/checkout@v6 - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} - name: Autobuild uses: github/codeql-action/autobuild@v4 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 review: uses: saidsef/saidsef/.github/workflows/dependency-review.yaml@main if: ${{ github.event_name == 'pull_request' }} needs: [analyze] build: runs-on: ubuntu-latest needs: [analyze] steps: - name: Checkout source code uses: actions/checkout@v6 with: lfs: 'true' - name: Set Tag Name run: | echo "TAG=$(echo ${{ github.head_ref || github.ref_name }} | sed 's/[^a-zA-Z0-9.-]/-/g')" >> $GITHUB_ENV echo "DATE=v$(echo `date +'%Y.%m'`)" >> $GITHUB_ENV - name: Run Trivy config vulnerability scanner uses: aquasecurity/trivy-action@master continue-on-error: true with: scan-type: "config" scan-ref: "." - name: Login to DockerHub uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ env.OWNER }} password: ${{ github.token }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 with: platforms: all - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v3 env: DOCKER_BUILDKIT: 1 - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.REPO_NAME }} - name: Build and push Docker image uses: docker/build-push-action@v6 env: DOCKER_BUILD_SUMMARY: true DOCKER_BUILD_CHECKS_ANNOTATIONS: true DOCKER_BUILD_RECORD_RETENTION_DAYS: 10 with: context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 build-args: | BUILD_ID=${{ env.DATE }} pull: true push: true sbom: true provenance: mode=max cache-from: type=gha cache-to: type=gha,mode=max tags: ${{ env.REGISTRY }}/${{ env.OWNER }}/${{ env.REPO_NAME }}:${{ env.TAG != 'main' && env.TAG || env.DATE && 'latest' }} labels: ${{ steps.meta.outputs.labels }} auto-approve: runs-on: ubuntu-latest needs: [build, review] if: ${{ github.event_name == 'pull_request' }} steps: - name: Auto Approve PR uses: actions/github-script@v8 with: script: | github.rest.pulls.createReview({ owner: context.repo.owner, repo: context.repo.repo, pull_number: context.issue.number, event: "APPROVE" })