chore: disallow overriding of internal tool implementations #753
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Code Health | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| run-tests: | |
| name: Run MongoDB tests | |
| if: github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository) | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| fail-fast: false | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| if: matrix.os == 'ubuntu-latest' | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - uses: docker/setup-docker-action@v4 | |
| if: matrix.os == 'ubuntu-latest' | |
| name: Setup Docker Environment | |
| with: | |
| set-host: true | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: package.json | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run tests | |
| run: pnpm test | |
| env: | |
| SKIP_ATLAS_TESTS: "true" | |
| SKIP_ATLAS_LOCAL_TESTS: "true" | |
| - name: Upload test results | |
| if: always() && matrix.os == 'ubuntu-latest' | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: test-results | |
| path: coverage/lcov.info | |
| run-atlas-tests: | |
| name: Run Atlas tests | |
| if: github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: package.json | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run tests | |
| env: | |
| MDB_MCP_API_CLIENT_ID: ${{ secrets.TEST_ATLAS_CLIENT_ID }} | |
| MDB_MCP_API_CLIENT_SECRET: ${{ secrets.TEST_ATLAS_CLIENT_SECRET }} | |
| MDB_MCP_API_BASE_URL: ${{ vars.TEST_ATLAS_BASE_URL }} | |
| run: pnpm test tests/integration/tools/atlas/ | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v5 | |
| if: always() | |
| with: | |
| name: atlas-test-results | |
| path: coverage/lcov.info | |
| run-atlas-local-tests: | |
| name: Run Atlas Local tests | |
| if: github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: package.json | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run tests | |
| run: pnpm test tests/integration/tools/atlas-local/ | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v5 | |
| if: always() | |
| with: | |
| name: atlas-local-test-results | |
| path: coverage/lcov.info | |
| coverage: | |
| name: Report Coverage | |
| if: always() && (github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository)) | |
| runs-on: ubuntu-latest | |
| needs: [run-tests, run-atlas-tests, run-atlas-local-tests] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: package.json | |
| cache: "pnpm" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Download test results | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: test-results | |
| path: coverage/mongodb | |
| - name: Download atlas test results | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: atlas-test-results | |
| path: coverage/atlas | |
| - name: Download atlas local test results | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: atlas-local-test-results | |
| path: coverage/atlas-local | |
| - name: Merge coverage reports | |
| run: | | |
| pnpm dlx [email protected] "coverage/*/lcov.info" "coverage/lcov.info" | |
| - name: Coveralls GitHub Action | |
| uses: coverallsapp/[email protected] | |
| with: | |
| file: coverage/lcov.info | |
| run-git-secrets: | |
| name: Run git secrets | |
| if: github.event_name == 'push' || (github.event.pull_request.user.login != 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get install -y git-secrets | |
| - name: Run git-secrets | |
| run: git-secrets --register-aws && git-secrets --scan |