github
diff --git a/‎.github/workflows/close-inactive-issues.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/close-inactive-issues.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/code-scanning.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/code-scanning.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/docker-publish.yml‎
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/docker-publish.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎.github/workflows/lint.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/lint.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/moderator.yml‎
Lines changed: 28 additions & 0 deletions b/‎.github/workflows/moderator.yml‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎.github/workflows/registry-releaser.yml‎
Lines changed: 20 additions & 1 deletion b/‎.github/workflows/registry-releaser.yml‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 1 deletion b/‎.gitignore‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.golangci.yml‎
Lines changed: 5 additions & 0 deletions b/‎.golangci.yml‎
Lines changed: 5 additions & 0 deletions
@@ -7,8 +7,8 @@ jobs:
   close-issues:
     runs-on: ubuntu-latest
     env:
-      PR_DAYS_BEFORE_STALE: 60
-      PR_DAYS_BEFORE_CLOSE: 120
+      PR_DAYS_BEFORE_STALE: 30
+      PR_DAYS_BEFORE_CLOSE: 60
       PR_STALE_LABEL: stale
     permissions:
       issues: write
@@ -21,8 +21,8 @@ jobs:
           stale-issue-label: ${{ env.PR_STALE_LABEL }}
           stale-issue-message: "This issue is stale because it has been open for ${{ env.PR_DAYS_BEFORE_STALE }} days with no activity. Leave a comment to avoid closing this issue in ${{ env.PR_DAYS_BEFORE_CLOSE }} days."
           close-issue-message: "This issue was closed because it has been inactive for ${{ env.PR_DAYS_BEFORE_CLOSE }} days since being marked as stale."
-          days-before-pr-stale: -1
-          days-before-pr-close: -1
+          days-before-pr-stale: ${{ env.PR_DAYS_BEFORE_STALE }}
+          days-before-pr-close: ${{ env.PR_DAYS_BEFORE_STALE }}
           # Start with the oldest items first
           ascending: true
           repo-token: ${{ secrets.GITHUB_TOKEN }}
@@ -38,7 +38,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -52,13 +52,13 @@ jobs:
             threat-models: [  ]
       - name: Setup proxy for registries
         id: proxy
-        uses: github/codeql-action/start-proxy@v3
+        uses: github/codeql-action/start-proxy@v4
         with:
           registries_credentials: ${{ secrets.GITHUB_REGISTRIES_PROXY }}
           language: ${{ matrix.language }}
 
       - name: Configure
-        uses: github/codeql-action/resolve-environment@v3
+        uses: github/codeql-action/resolve-environment@v4
         id: resolve-environment
         with:
           language: ${{ matrix.language }}
@@ -70,10 +70,10 @@ jobs:
           cache: false
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         env:
           CODEQL_PROXY_HOST: ${{ steps.proxy.outputs.proxy_host }}
           CODEQL_PROXY_PORT: ${{ steps.proxy.outputs.proxy_port }}
 
@@ -46,7 +46,7 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 #v3.10.0
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad #v4.0.0
         with:
           cosign-release: "v2.2.4"
 
@@ -70,7 +70,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -127,3 +127,4 @@ jobs:
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+        
@@ -18,6 +18,6 @@ jobs:
         with:
           go-version: stable
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v8
+        uses: golangci/golangci-lint-action@v9
         with:
-          version: v2.1
+          version: v2.5
@@ -0,0 +1,28 @@
+name: AI Moderator
+on:
+  issues:
+    types: [opened]
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  spam-detection:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+      models: read
+      contents: read
+    steps:
+      - uses: actions/checkout@v5
+      - uses: github/ai-moderator@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          spam-label: 'spam'
+          ai-label: 'ai-generated'
+          minimize-detected-comments: true
+          enable-spam-detection: true
+          enable-link-spam-detection: true
+          enable-ai-detection: true
@@ -29,6 +29,25 @@ jobs:
             echo "Skipping tag fetch - already on tag ${{ github.ref_name }}"
           fi
 
+      - name: Wait for Docker image
+        run: |
+          if [[ "${{ github.ref_type }}" == "tag" ]]; then
+            TAG="${{ github.ref_name }}"
+          else
+            TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n1)
+          fi
+          IMAGE="ghcr.io/github/github-mcp-server:$TAG"
+          
+          for i in {1..10}; do
+            if docker manifest inspect "$IMAGE" &>/dev/null; then
+              echo "✅ Docker image ready: $TAG"
+              break
+            fi
+            [ $i -eq 10 ] && { echo "❌ Timeout waiting for $TAG after 5 minutes"; exit 1; }
+            echo "⏳ Waiting for Docker image ($i/10)..."
+            sleep 30
+          done
+
       - name: Install MCP Publisher
         run: |
           git clone --quiet https://github.com/modelcontextprotocol/registry publisher-repo
@@ -40,7 +59,7 @@ jobs:
           if [[ "${{ github.ref_type }}" == "tag" ]]; then
             TAG_VERSION=$(echo "${{ github.ref_name }}" | sed 's/^v//')
           else
-            LATEST_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+(-.*)?$' | head -n 1)
+            LATEST_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1)
             [ -z "$LATEST_TAG" ] && { echo "No release tag found"; exit 1; }
             TAG_VERSION=$(echo "$LATEST_TAG" | sed 's/^v//')
             echo "Using latest tag: $LATEST_TAG"
 
@@ -17,4 +17,6 @@ bin/
 .DS_Store
 
 # binary
-github-mcp-server
+github-mcp-server
+
+.history
@@ -11,6 +11,11 @@ linters:
     - misspell
     - nakedret
     - revive
+    - errcheck
+    - staticcheck
+    - govet
+    - ineffassign
+    - unused
   exclusions:
     generated: lax
     presets: