chore(deps): bump @modelcontextprotocol/sdk from 1.25.2 to 1.25.3 #194
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Automated Checks | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| branches: [main] | |
| env: | |
| ENABLE_COVERAGE_THRESHOLD: '80' | |
| FAIL_ON_COVERAGE_DROP: 'true' | |
| ENABLE_SECURITY_SCAN: 'true' | |
| jobs: | |
| # Self-contained test jobs - optimized for parallel execution | |
| test-lint: | |
| name: Linting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run linting | |
| run: pnpm test:lint | |
| test-types: | |
| name: Type Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run TypeScript type checking | |
| run: pnpm test:types | |
| test-format: | |
| name: Format Checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run format check | |
| run: pnpm test:format | |
| test-knip: | |
| name: Unused Dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run dependency check (knip) | |
| run: pnpm test:knip | |
| test-coverage: | |
| name: Unit Tests & Coverage Analysis | |
| runs-on: ubuntu-latest | |
| env: | |
| CI: true | |
| NODE_ENV: test | |
| FORCE_COLOR: '1' | |
| TERM: xterm-256color | |
| outputs: | |
| coverage: ${{ steps.coverage.outputs.coverage }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| # Ensure proper git state for file-snapshot.ts tests | |
| set-safe-directory: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install Nerd Fonts for Powerline character support | |
| run: | | |
| # Install required packages for font support | |
| sudo apt-get update | |
| sudo apt-get install -y fonts-firacode fonts-powerline | |
| # Install Nerd Fonts manually | |
| mkdir -p ~/.local/share/fonts | |
| wget -q https://github.com/ryanoasis/nerd-fonts/releases/download/v3.2.1/FiraCode.zip -O /tmp/FiraCode.zip | |
| unzip -q /tmp/FiraCode.zip -d ~/.local/share/fonts | |
| fc-cache -fv | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build project (required for CLI integration tests) | |
| run: pnpm build | |
| - name: Run unit tests with coverage | |
| run: npx c8 ava #pnpm test:ava:coverage | |
| - name: Generate coverage summary | |
| run: | | |
| pnpm exec c8 report --reporter=json-summary | |
| # pnpm exec c8 report --reporter=json-summary --include='source/**/*.ts' --exclude='**/*.spec.ts' | |
| - name: Extract coverage percentage | |
| id: coverage | |
| run: | | |
| if [ -f coverage/coverage-summary.json ]; then | |
| COVERAGE=$(cat coverage/coverage-summary.json | jq -r '.total.lines.pct') | |
| echo "coverage=${COVERAGE}" >> $GITHUB_OUTPUT | |
| echo "Current coverage: ${COVERAGE}%" | |
| # Check coverage threshold | |
| if (( $(echo "${COVERAGE} < ${ENABLE_COVERAGE_THRESHOLD}" | bc -l) )); then | |
| echo "❌ Coverage ${COVERAGE}% is below threshold ${ENABLE_COVERAGE_THRESHOLD}%" | |
| exit 1 | |
| else | |
| echo "✅ Coverage ${COVERAGE}% meets threshold ${ENABLE_COVERAGE_THRESHOLD}%" | |
| fi | |
| else | |
| echo "❌ No coverage report found" | |
| exit 1 | |
| fi | |
| verify-build: | |
| name: Verify Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build project | |
| run: pnpm build | |
| - name: Verify build artifacts | |
| run: | | |
| if [ "$RUNNER_OS" == "Linux" ]; then | |
| test -f dist/cli.js | |
| echo "✓ CLI build verified" | |
| fi | |
| if [ "$RUNNER_OS" == "Linux" ]; then | |
| test -f assets/nanocoder-vscode.vsix | |
| echo "✓ VS Code extension verified" | |
| fi | |
| shell: bash | |
| # Package Audit and dependency analysis (runs once) | |
| package-audit: | |
| name: Package Audit Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 10 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run security audit | |
| run: pnpm audit --audit-level=high | |
| continue-on-error: false | |
| - name: Check for outdated dependencies | |
| run: | | |
| echo "Checking for outdated dependencies..." | |
| pnpm outdated || echo "Some dependencies are outdated" | |
| continue-on-error: true | |
| # Security analysis with Semgrep | |
| semgrep-scan: | |
| name: Semgrep Security Scan | |
| runs-on: ubuntu-latest | |
| container: | |
| image: semgrep/semgrep | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Run Semgrep | |
| run: semgrep scan --config auto --error | |
| # CodeQL Analysis | |
| codeql-scan: | |
| name: CodeQL Security Analysis | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: ['javascript'] # CodeQL analyzes both JavaScript and TypeScript together | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| # Initializes the CodeQL tools for scanning | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # If you wish to specify custom queries, you can do so here or in a config file | |
| # By default, queries listed here will override any specified in a config file | |
| # Prefix the list here with "+" to use these queries and those in the config file | |
| # queries: security-extended,security-and-quality | |
| # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java) | |
| # If this step fails, then you should remove it and run the build manually | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@v3 | |
| # Perform CodeQL Analysis | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| # # PR Comment with results | |
| # pr-comment: | |
| # name: PR Results Summary | |
| # runs-on: ubuntu-latest | |
| # needs: [test-lint, test-types, test-format, test-knip, test-coverage, verify-build, package-audit, semgrep-scan, codeql-scan] | |
| # if: always() && github.event_name == 'pull_request' | |
| # permissions: | |
| # pull-requests: write | |
| # steps: | |
| # - name: Comment on PR | |
| # uses: actions/github-script@v8 | |
| # with: | |
| # script: | | |
| # const { owner, repo } = context.repo; | |
| # const { number } = context.issue; | |
| # // Check job results | |
| # const lintResult = '${{ needs.test-lint.result }}'; | |
| # const typesResult = '${{ needs.test-types.result }}'; | |
| # const formatResult = '${{ needs.test-format.result }}'; | |
| # const knipResult = '${{ needs.test-knip.result }}'; | |
| # const coverageResult = '${{ needs.test-coverage.result }}'; | |
| # const buildResult = '${{ needs.verify-build.result }}'; | |
| # const packageAuditResult = '${{ needs.package-audit.result }}'; | |
| # const semgrepResult = '${{ needs.semgrep-scan.result }}'; | |
| # const codeqlResult = '${{ needs.codeql-scan.result }}'; | |
| # // Build status message | |
| # let status = '✅ All checks passed!'; | |
| # let hasFailures = false; | |
| # if (lintResult !== 'success' || typesResult !== 'success' || formatResult !== 'success' || | |
| # knipResult !== 'success' || coverageResult !== 'success' || buildResult !== 'success' || | |
| # packageAuditResult !== 'success' || semgrepResult !== 'success' || codeqlResult !== 'success') { | |
| # status = '❌ Some checks failed'; | |
| # hasFailures = true; | |
| # } | |
| # // Get coverage percentage if available | |
| # let coverageText = 'Coverage analysis'; | |
| # if (coverageResult === 'success') { | |
| # try { | |
| # const coverageOutput = '${{ needs.test-coverage.outputs.coverage }}'; | |
| # if (coverageOutput) { | |
| # coverageText = `Coverage: ${coverageOutput}%`; | |
| # } | |
| # } catch (e) { | |
| # // Fallback to generic text | |
| # } | |
| # } | |
| # // Create comment body | |
| # const comment = ` | |
| # ## 🤖 PR Checks Summary | |
| # | Check | Status | Description | | |
| # |-------|--------|-------------| | |
| # | Linting | ${lintResult === 'success' ? '✅' : '❌'} | Code linting with Biome | | |
| # | TypeScript | ${typesResult === 'success' ? '✅' : '❌'} | TypeScript type checking | | |
| # | Formatting | ${formatResult === 'success' ? '✅' : '❌'} | Code formatting check | | |
| # | Dependencies | ${knipResult === 'success' ? '✅' : '❌'} | Unused dependency check (knip) | | |
| # | Coverage | ${coverageResult === 'success' ? '✅' : '❌'} | ${coverageText}. Coverage threshold (${{ env.ENABLE_COVERAGE_THRESHOLD }}%) met | | |
| # | Build | ${buildResult === 'success' ? '✅' : '❌'} | Build and artifact verification | | |
| # | Package Audit | ${packageAuditResult === 'success' ? '✅' : '❌'} | No Package Audit issues detected | | |
| # | Semgrep | ${semgrepResult === 'success' ? '✅' : '❌'} | Static analysis security scanning | | |
| # | CodeQL | ${codeqlResult === 'success' ? '✅' : '❌'} | Advanced code analysis for vulnerabilities | | |
| # **Overall Status: ${status}** | |
| # --- | |
| # *This comment was automatically generated by PR checks workflow* | |
| # `; | |
| # // Find existing bot comment | |
| # const { data: comments } = await github.rest.issues.listComments({ | |
| # owner, | |
| # repo, | |
| # issue_number: number, | |
| # }); | |
| # const botComment = comments.find(c => | |
| # c.user.type === 'Bot' && | |
| # c.body.includes('PR Checks Summary') | |
| # ); | |
| # if (botComment) { | |
| # // Update existing comment | |
| # await github.rest.issues.updateComment({ | |
| # owner, | |
| # repo, | |
| # comment_id: botComment.id, | |
| # body: comment, | |
| # }); | |
| # } else { | |
| # // Create new comment | |
| # await github.rest.issues.createComment({ | |
| # owner, | |
| # repo, | |
| # issue_number: number, | |
| # body: comment, | |
| # }); | |
| # } |