ci: add GitHub Actions workflows

Mearman · Mearman · commit 4abdca86bcbf · 2025-06-05T05:28:50.000+01:00
- Add CI workflow for testing and building
- Configure semantic-release workflow for automated releases
- Set up release workflow for npm publishing
- Include test coverage reporting
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,67 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version:
+          - 18
+          - 20
+          - 22
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Lint commit messages
+        if: github.event_name == 'pull_request'
+        run: |
+          npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }}
+
+      - name: Type check
+        run: npx tsc --noEmit
+
+      - name: Run tests with coverage
+        run: yarn test:ci
+
+      - name: Upload coverage reports
+        if: matrix.node-version == '20'
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./coverage/coverage-final.json
+          flags: unittests
+          name: codecov-umbrella
+
+      - name: Build
+        run: yarn build
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-node-${{ matrix.node-version }}
+          path: dist/
+          retention-days: 7
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,122 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+  attestations: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Run tests
+        run: yarn test
+
+      - name: Build
+        run: yarn build
+
+      - name: Generate SBOM
+        uses: anchore/sbom-action@v0
+        with:
+          format: spdx-json
+          output-file: sbom.spdx.json
+
+      - name: Attest Build Provenance
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: |
+            ./dist
+            ./sbom.spdx.json
+
+      - name: Attest SBOM
+        uses: actions/attest-sbom@v1
+        with:
+          subject-path: './dist'
+          sbom-path: './sbom.spdx.json'
+
+      - name: Generate Release Notes
+        id: changelog
+        run: |
+          # Extract version changelog
+          VERSION=${GITHUB_REF#refs/tags/}
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          
+          # Extract changelog for this version
+          if [ -f "CHANGELOG.md" ]; then
+            CHANGELOG=$(awk -v ver="$VERSION" '
+              /^##? \[?v?[0-9]+\.[0-9]+\.[0-9]+/ {
+                if (p) exit;
+                if ($0 ~ ver) p=1;
+                next;
+              }
+              p && /^##? \[?v?[0-9]+\.[0-9]+\.[0-9]+/ {exit}
+              p {print}
+            ' CHANGELOG.md)
+            
+            echo "CHANGELOG<<EOF" >> $GITHUB_OUTPUT
+            echo "$CHANGELOG" >> $GITHUB_OUTPUT
+            echo "EOF" >> $GITHUB_OUTPUT
+          else
+            echo "CHANGELOG=No changelog found" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: Release ${{ steps.changelog.outputs.VERSION }}
+          body: |
+            ## What's Changed
+            ${{ steps.changelog.outputs.CHANGELOG }}
+            
+            ## Attestations
+            This release includes build provenance attestation and SBOM (Software Bill of Materials).
+            
+            You can verify the attestation using:
+            ```bash
+            gh attestation verify <artifact> --owner ${{ github.repository_owner }}
+            ```
+          files: |
+            sbom.spdx.json
+          generate_release_notes: true
+
+      - name: Publish to NPM
+        run: npm publish --access public --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Setup Node.js for GitHub Packages
+        uses: actions/setup-node@v4
+        with:
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@${{ github.repository_owner }}'
+
+      - name: Publish to GitHub Packages
+        run: |
+          # Update package name for GitHub Packages
+          npm pkg set name="@${{ github.repository_owner }}/mcp-wayback-machine"
+          npm publish --access public --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
@@ -0,0 +1,106 @@
+name: Semantic Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+  attestations: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    if: "!contains(github.event.head_commit.message, '[skip ci]')"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Run tests
+        run: yarn test
+
+      - name: Build
+        run: yarn build
+
+      - name: Run semantic-release
+        id: semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          # Capture the current version before release
+          CURRENT_VERSION=$(node -p "require('./package.json').version")
+          
+          # Run semantic-release
+          npx semantic-release
+          
+          # Check if version changed (indicating a release was made)
+          NEW_VERSION=$(node -p "require('./package.json').version")
+          if [ "$CURRENT_VERSION" != "$NEW_VERSION" ]; then
+            echo "new-release-published=true" >> $GITHUB_OUTPUT
+            echo "new-version=$NEW_VERSION" >> $GITHUB_OUTPUT
+          else
+            echo "new-release-published=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Generate SBOM
+        if: steps.semantic-release.outputs.new-release-published == 'true'
+        uses: anchore/sbom-action@v0
+        with:
+          format: spdx-json
+          output-file: sbom.spdx.json
+
+      - name: Attest Build Provenance
+        if: steps.semantic-release.outputs.new-release-published == 'true'
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: |
+            ./dist
+            ./sbom.spdx.json
+
+      - name: Attest SBOM
+        if: steps.semantic-release.outputs.new-release-published == 'true'
+        uses: actions/attest-sbom@v1
+        with:
+          subject-path: './dist'
+          sbom-path: './sbom.spdx.json'
+
+      - name: Setup Node.js for GitHub Packages
+        if: steps.semantic-release.outputs.new-release-published == 'true'
+        uses: actions/setup-node@v4
+        with:
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@${{ github.repository_owner }}'
+
+      - name: Publish to GitHub Packages
+        if: steps.semantic-release.outputs.new-release-published == 'true'
+        run: |
+          # Update package name for GitHub Packages (must be lowercase)
+          npm pkg set name="@mearman/mcp-wayback-machine"
+          # Ensure we're publishing to GitHub Packages registry
+          npm config set registry https://npm.pkg.github.com/
+          # Skip prepublishOnly script to avoid running tests with modified package name
+          npm publish --access public --provenance --ignore-scripts
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
