Skip to main content
Glama
rideRTD

DevOps Helper MCP

by rideRTD
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Local

sonarcloud_create_workflow

Generate GitHub Actions workflow to integrate SonarCloud code analysis into CI/CD pipelines for automated quality checks.

Instructions

Generate GitHub Actions workflow with SonarCloud analysis

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Implementation Reference

  • src/index.js:761-1053 (handler)
    The primary handler function for the 'sonarcloud_create_workflow' MCP tool. It generates a complete GitHub Actions workflow YAML file that includes SonarCloud code analysis steps tailored to the specified project type (Java Maven/Gradle, Node.js, Python, Go). Optionally includes Docker build and push to GHCR. Returns formatted instructions with the YAML content.
      "sonarcloud_create_workflow",
  "Generate GitHub Actions workflow with SonarCloud analysis",
  {
    project_type: { type: "string", description: "Project type: java-maven, java-gradle, nodejs, python, golang" },
    organization: { type: "string", description: "SonarCloud organization key" },
    include_docker: { type: "boolean", description: "Include Docker build", default: false },
    github_owner: { type: "string", description: "GitHub owner for GHCR", default: "" }
  },
  async ({ project_type, organization, include_docker, github_owner }) => {
    const workflows = {
      "java-maven": `name: CI/CD with SonarCloud

on:
  push:
    branches: [ main, master, develop ]
  pull_request:
    branches: [ main, master ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history for SonarCloud

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: maven

      - name: Cache SonarCloud packages
        uses: actions/cache@v4
        with:
          path: ~/.sonar/cache
          key: \${{ runner.os }}-sonar
          restore-keys: \${{ runner.os }}-sonar

      - name: Build and Test with Coverage
        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=\${{ github.repository_owner }}_\${{ github.event.repository.name }}
        env:
          GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: \${{ secrets.SONAR_TOKEN }}`,

      "java-gradle": `name: CI/CD with SonarCloud

on:
  push:
    branches: [ main, master, develop ]
  pull_request:
    branches: [ main, master ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: gradle

      - name: Cache SonarCloud packages
        uses: actions/cache@v4
        with:
          path: ~/.sonar/cache
          key: \${{ runner.os }}-sonar
          restore-keys: \${{ runner.os }}-sonar

      - name: Build, Test and Analyze
        run: ./gradlew build jacocoTestReport sonar --info
        env:
          GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: \${{ secrets.SONAR_TOKEN }}`,

      "nodejs": `name: CI/CD with SonarCloud

on:
  push:
    branches: [ main, master, develop ]
  pull_request:
    branches: [ main, master ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Run tests with coverage
        run: npm test -- --coverage --coverageReporters=lcov
        continue-on-error: true

      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: \${{ secrets.SONAR_TOKEN }}
        with:
          args: >
            -Dsonar.organization=${organization}
            -Dsonar.projectKey=\${{ github.repository_owner }}_\${{ github.event.repository.name }}`,

      "python": `name: CI/CD with SonarCloud

on:
  push:
    branches: [ main, master, develop ]
  pull_request:
    branches: [ main, master ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'
          cache: 'pip'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt
          pip install pytest pytest-cov

      - name: Run tests with coverage
        run: pytest --cov=src --cov-report=xml
        continue-on-error: true

      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: \${{ secrets.SONAR_TOKEN }}
        with:
          args: >
            -Dsonar.organization=${organization}
            -Dsonar.projectKey=\${{ github.repository_owner }}_\${{ github.event.repository.name }}
            -Dsonar.python.coverage.reportPaths=coverage.xml`,

      "golang": `name: CI/CD with SonarCloud

on:
  push:
    branches: [ main, master, develop ]
  pull_request:
    branches: [ main, master ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.21'

      - name: Build
        run: go build -v ./...

      - name: Test with coverage
        run: go test -v -coverprofile=coverage.out ./...

      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: \${{ secrets.SONAR_TOKEN }}
        with:
          args: >
            -Dsonar.organization=${organization}
            -Dsonar.projectKey=\${{ github.repository_owner }}_\${{ github.event.repository.name }}
            -Dsonar.go.coverage.reportPaths=coverage.out`
    };

    let workflow = workflows[project_type];
    if (!workflow) {
      return {
        content: [{
          type: "text",
          text: `Unknown project type: ${project_type}\n\nSupported: java-maven, java-gradle, nodejs, python, golang`
        }]
      };
    }

    // Add Docker job if requested
    if (include_docker) {
      workflow += `

  docker:
    needs: build
    runs-on: ubuntu-latest
    if: github.event_name != 'pull_request'
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: \${{ github.actor }}
          password: \${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ghcr.io/${github_owner || "${{ github.repository_owner }}"}/\${{ github.event.repository.name }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max`;
    }

    return {
      content: [{
        type: "text",
        text: `GITHUB ACTIONS WITH SONARCLOUD
==============================

Save to: .github/workflows/ci.yml

${workflow}

REQUIRED SECRETS:
-----------------
gh secret set SONAR_TOKEN
(Get token from: https://sonarcloud.io/account/security)

SONARCLOUD SETUP:
-----------------
1. Import project at sonarcloud.io
2. Organization: ${organization}
3. Project key will be: owner_repo-name

QUALITY GATE:
-------------
PRs will show SonarCloud status check.
Configure quality gates at: sonarcloud.io → Project → Administration

COVERAGE REPORTS:
-----------------
The workflow generates coverage reports that SonarCloud uses.
View detailed reports at: sonarcloud.io/project/overview`
      }]
    };
  }
);
  • src/index.js:763-768 (schema)
    Input schema defining parameters for the sonarcloud_create_workflow tool: project_type (required), organization (required), include_docker (optional), github_owner (optional).
    {
  project_type: { type: "string", description: "Project type: java-maven, java-gradle, nodejs, python, golang" },
  organization: { type: "string", description: "SonarCloud organization key" },
  include_docker: { type: "boolean", description: "Include Docker build", default: false },
  github_owner: { type: "string", description: "GitHub owner for GHCR", default: "" }
},
  • src/index.js:761-761 (registration)
    MCP tool registration call using McpServer.tool() method, specifying the tool name 'sonarcloud_create_workflow', description, schema, and handler.
    "sonarcloud_create_workflow",
  • src/index.js:609-610 (helper)
    Reference to sonarcloud_create_workflow tool in the sonarcloud_setup_guide tool's response text.
    Use 'sonarcloud_create_workflow' to generate the GitHub Actions workflow.
  • src/index.js:749-749 (helper)
    Reference to sonarcloud_create_workflow tool in the sonarcloud_create_config tool's response text.
    3. Use 'sonarcloud_create_workflow' to generate CI workflow

Tool Definition Quality

B3.1/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It states the tool generates a workflow but doesn't disclose behavioral traits such as whether it modifies existing files, requires specific permissions, outputs a file or code snippet, or handles errors. This leaves the agent guessing about the tool's effects and constraints.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, clear sentence that efficiently conveys the core function without any fluff. It's front-loaded with the main action and resource, making it easy for an agent to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of generating a workflow (which could involve file creation, code generation, or configuration), the description is insufficient. With no annotations, no output schema, and minimal behavioral details, it doesn't provide enough context for an agent to understand the tool's full scope, output format, or integration steps.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 0 parameters with 100% coverage, so no parameter documentation is needed. The description doesn't add parameter details, which is appropriate. A baseline of 4 is applied since no parameters exist, and the description doesn't introduce unnecessary complexity.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Generate GitHub Actions workflow with SonarCloud analysis.' It specifies the action (generate), resource (GitHub Actions workflow), and context (SonarCloud analysis). However, it doesn't explicitly differentiate from its sibling 'sonarcloud_create_config', which might create confusion about when to use each tool.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites, context (e.g., after setup), or exclusions. With siblings like 'sonarcloud_setup_guide' and 'sonarcloud_create_config', the lack of differentiation is a significant gap.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rideRTD/RTD-DevOps'

If you have feedback or need assistance with the MCP directory API, please join our Discord server