Code-MCP

generate_github_actions

Create GitHub Actions workflow files for CI/CD pipelines, testing, security scanning, and deployment automation across multiple project types.

Instructions

Generates GitHub Actions workflow files for CI/CD, testing, security scanning, and deployment.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`projectType`	Yes	Type of project
`features`	Yes	Features to include

Implementation Reference

src/tools/fullstack.ts:222-315 (handler)

The handler function that generates GitHub Actions workflow YAML files based on the provided projectType and features. It constructs CI/CD pipelines for testing, linting, building, and security scanning.

export function generateGitHubActionsHandler(args: any) {
    const { projectType, features } = args;

    const workflows: string[] = [];

    if (features.includes("test") || features.includes("lint") || features.includes("build")) {
        const ciSteps = [];
        if (projectType === "node") {
            ciSteps.push(`      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      - run: npm ci`);
            if (features.includes("lint")) ciSteps.push(`      - run: npm run lint`);
            if (features.includes("test")) ciSteps.push(`      - run: npm test`);
            if (features.includes("build")) ciSteps.push(`      - run: npm run build`);
        } else if (projectType === "python") {
            ciSteps.push(`      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.12'
      - run: pip install -r requirements.txt`);
            if (features.includes("lint")) ciSteps.push(`      - run: ruff check .`);
            if (features.includes("test")) ciSteps.push(`      - run: pytest`);
        }

        workflows.push(`# .github/workflows/ci.yml
name: CI
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
${ciSteps.join("\n")}`);
    }

    if (features.includes("security")) {
        workflows.push(`# .github/workflows/security.yml
name: Security Scan
on:
  push:
    branches: [main]
  schedule:
    - cron: '0 0 * * 0'  # Weekly

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run security audit
        run: ${projectType === "node" ? "npm audit --audit-level=high" : projectType === "python" ? "pip-audit" : "cargo audit"}
      - name: Dependency review
        uses: actions/dependency-review-action@v4
        if: github.event_name == 'pull_request'`);
    }

    const result = `# GitHub Actions Workflows

## Generated Workflows for ${projectType}

${workflows.join("\n\n---\n\n")}

---

## Additional Recommended Workflows

### Dependabot Config
Create \`.github/dependabot.yml\`:
\`\`\`yaml
version: 2
updates:
  - package-ecosystem: "${projectType === "node" ? "npm" : projectType === "python" ? "pip" : projectType}"
    directory: "/"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 10
\`\`\`

### Branch Protection
Enable in GitHub Settings:
- Require PR reviews
- Require status checks (CI must pass)
- Require up-to-date branches
`;

    return { content: [{ type: "text", text: result }] };
}

src/tools/fullstack.ts:213-220 (schema)

Zod schema defining the input structure for the tool, including projectType (enum) and features (array of enums).

export const generateGitHubActionsSchema = {
    name: "generate_github_actions",
    description: "Generates GitHub Actions workflow files for CI/CD, testing, security scanning, and deployment.",
    inputSchema: z.object({
        projectType: z.enum(["node", "python", "rust", "go", "docker"]).describe("Type of project"),
        features: z.array(z.enum(["test", "lint", "build", "deploy", "security", "release"])).describe("Features to include")
    })
};

src/index.ts:115-115 (registration)

Registration of the tool in the main stdio server's toolRegistry Map.

["generate_github_actions", { schema: generateGitHubActionsSchema, handler: generateGitHubActionsHandler }],

src/server.ts:120-120 (registration)

Registration of the tool in the HTTP server's toolRegistry Map.

["generate_github_actions", { schema: generateGitHubActionsSchema, handler: generateGitHubActionsHandler }],

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It states the tool 'generates' files, implying a write operation, but doesn't specify where files are saved (e.g., in a .github/workflows directory), whether it overwrites existing files, or what permissions are required. It mentions features like 'security scanning' but doesn't detail implementation (e.g., using third-party actions). The description is minimal and lacks critical behavioral context for a file-generation tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence: 'Generates GitHub Actions workflow files for CI/CD, testing, security scanning, and deployment.' It is front-loaded with the core action and resource, and every word adds value (e.g., listing specific use cases). There is no wasted verbiage or redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of generating workflow files (a write operation with multiple configurations), no annotations, and no output schema, the description is incomplete. It doesn't cover behavioral aspects (e.g., file location, overwrite behavior), output details (e.g., what the generated file looks like), or error handling. The tool has 2 required parameters, but the description doesn't help interpret them beyond the schema. For a tool that creates files, more context is needed.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, with both parameters documented in the schema: 'projectType' (type of project) and 'features' (features to include). The description doesn't add any parameter-specific semantics beyond what the schema provides (e.g., it doesn't explain how 'projectType' influences the generated workflow or what each 'feature' entails). Baseline 3 is appropriate since the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Generates GitHub Actions workflow files for CI/CD, testing, security scanning, and deployment.' It specifies the verb ('generates'), resource ('GitHub Actions workflow files'), and scope (CI/CD, testing, security, deployment). However, it doesn't differentiate from sibling tools, which are mostly unrelated (e.g., generate_config files, analyze_architecture).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., GitHub repository setup), exclusions (e.g., not for other CI/CD platforms), or related tools (e.g., generate_tests for test-only workflows). Usage is implied by the purpose but lacks explicit context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/millsydotdev/Code-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server