docs: adopt doctrine project manifest #310
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI, Publish & Release | |
| on: | |
| push: | |
| branches: | |
| - main # Trigger on push to main branch | |
| tags: | |
| - 'v*.*.*' # Trigger on push of version tags (e.g., v0.5.5) | |
| pull_request: | |
| branches: | |
| - main # Trigger on PR to main branch | |
| merge_group: | |
| types: [checks_requested] | |
| jobs: | |
| validate: | |
| name: Validate Code Quality | |
| runs-on: [self-hosted, sylphx, linux, standard] | |
| permissions: # Added permissions | |
| actions: read | |
| contents: read | |
| security-events: write # Required for CodeQL results | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5.0.0 | |
| # Initializes the CodeQL tools for scanning. # Added CodeQL init | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: typescript # Specify the language to analyze | |
| # Optional: config-file: './.github/codeql/codeql-config.yml' | |
| # Optional: queries: '+security-extended' | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.3.1' | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4.0.3 | |
| with: | |
| node-version: '22.14' | |
| - name: Install dependencies # Correct install step | |
| run: bun install --frozen-lockfile | |
| - name: Check for vulnerabilities | |
| run: bun audit | |
| - name: Check Formatting | |
| run: bun run check-format # Fails job if check fails | |
| - name: Lint Code | |
| run: bun run lint # Fails job if lint fails | |
| - name: Run Tests and Check Coverage | |
| run: bun run test:cov # Fails job if tests fail or coverage threshold not met | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4.5.0 # Use Codecov action with fixed version | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} # Use Codecov token | |
| files: ./coverage/lcov.info # Specify LCOV file path | |
| fail_ci_if_error: true # Optional: fail CI if upload error | |
| - name: Upload test results to Codecov | |
| if: ${{ !cancelled() }} | |
| uses: codecov/test-results-action@v1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| # No file specified, action defaults to common patterns like test-report.junit.xml | |
| - name: Perform CodeQL Analysis # Added CodeQL analyze | |
| uses: github/codeql-action/analyze@v3 | |
| - name: Upload coverage reports # Kept artifact upload | |
| uses: actions/upload-artifact@v5.0.0 | |
| with: | |
| name: coverage-report | |
| path: coverage/ # Upload the whole coverage directory | |
| build-archive: | |
| name: Build and Archive Artifacts | |
| needs: validate # Depends on successful validation | |
| runs-on: [self-hosted, sylphx, linux, standard] | |
| if: startsWith(github.ref, 'refs/tags/v') # Only run for tags | |
| outputs: # Define outputs for the release job | |
| version: ${{ steps.get_version.outputs.version }} | |
| artifact_path: ${{ steps.archive_build.outputs.artifact_path }} | |
| # Removed incorrect permissions block from here | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5.0.0 | |
| # Removed incorrect CodeQL init from here | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.3.1' | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4.0.3 | |
| with: | |
| node-version: '22.14' | |
| registry-url: 'https://registry.npmjs.org/' # For npm publish | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Build project | |
| run: bun run build | |
| - name: Get package version from tag | |
| id: get_version | |
| run: | | |
| VERSION=$(echo "${{ github.ref }}" | sed 's#refs/tags/##') | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Archive build artifacts for release | |
| id: archive_build | |
| run: | | |
| ARTIFACT_NAME="pdf-reader-mcp-${{ steps.get_version.outputs.version }}.tar.gz" | |
| tar -czf $ARTIFACT_NAME dist package.json README.md LICENSE CHANGELOG.md | |
| echo "artifact_path=$ARTIFACT_NAME" >> $GITHUB_OUTPUT | |
| - name: Upload build artifact for release job | |
| uses: actions/upload-artifact@v5.0.0 | |
| with: | |
| name: release-artifact | |
| path: ${{ steps.archive_build.outputs.artifact_path }} | |
| # Publish steps moved to parallel jobs below | |
| publish-npm: | |
| name: Publish to NPM | |
| needs: build-archive # Depends on build-archive completion | |
| runs-on: [self-hosted, sylphx, linux, standard] | |
| if: startsWith(github.ref, 'refs/tags/v') # Only run for tags | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5.0.0 | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: '1.3.1' | |
| - name: Set up Node.js for NPM | |
| uses: actions/setup-node@v4.0.3 | |
| with: | |
| node-version: '22.14' | |
| registry-url: 'https://registry.npmjs.org/' | |
| # No need to install dependencies again if publish doesn't need them | |
| # If package publish needs package.json, it's checked out | |
| - name: Install all dependencies for prepublishOnly script | |
| run: bun install --frozen-lockfile | |
| - name: Publish to npm | |
| run: bun run changeset:publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| publish-docker: | |
| name: Publish to Docker Hub | |
| needs: build-archive # Depends on build-archive completion | |
| runs-on: [self-hosted, sylphx, linux, standard] | |
| if: startsWith(github.ref, 'refs/tags/v') # Only run for tags | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5.0.0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.6.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3.11.1 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3.3.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5.5.1 | |
| with: | |
| images: sylphx/filesystem-mcp | |
| # Use version from the build-archive job output | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ needs.build-archive.outputs.version }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ needs.build-archive.outputs.version }} | |
| type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6.7.0 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| release: | |
| name: Create GitHub Release | |
| needs: [publish-npm, publish-docker] # Depends on successful parallel publishes | |
| runs-on: [self-hosted, sylphx, linux, standard] | |
| if: startsWith(github.ref, 'refs/tags/v') # Only run for tags | |
| permissions: | |
| contents: write # Need permission to create releases and release notes | |
| steps: | |
| - name: Download build artifact | |
| uses: actions/download-artifact@v6.0.0 | |
| with: | |
| name: release-artifact | |
| # No path specified, downloads to current directory | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2.0.6 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| name: Release ${{ github.ref_name }} | |
| generate_release_notes: true # Auto-generate release notes from commits | |
| files: ${{ needs.build-archive.outputs.artifact_path }} # Attach the artifact archive from build-archive job | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |