Release - CodeQL Development MCP Server #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release - CodeQL Development MCP Server | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Release version (e.g., vX.Y.Z). Must start with "v".' | |
| required: true | |
| type: string | |
| permissions: | |
| contents: read | |
| jobs: | |
| build-and-release: | |
| name: Build and Release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Release - Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| # Fetch tags so workflow_dispatch can resolve and checkout the target tag | |
| fetch-tags: true | |
| # Explicitly checkout the tag ref to ensure we build the correct commit | |
| # For tag pushes: refs/tags/vX.Y.Z | |
| # For workflow_dispatch: refs/heads/<branch> (will be validated below) | |
| ref: ${{ github.ref }} | |
| - name: Release - Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| cache: 'npm' | |
| node-version-file: '.node-version' | |
| registry-url: 'https://npm.pkg.github.com' | |
| scope: '@advanced-security' | |
| - name: Release - Determine version | |
| id: version | |
| run: | | |
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
| VERSION="${{ github.event.inputs.version }}" | |
| else | |
| VERSION="${{ github.ref_name }}" | |
| fi | |
| # Validate version starts with 'v' | |
| if [[ ! "${VERSION}" =~ ^v ]]; then | |
| echo "::error::Version '${VERSION}' must start with 'v'" | |
| exit 1 | |
| fi | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| echo "release_name=${VERSION#v}" >> $GITHUB_OUTPUT | |
| - name: Release - Checkout or create tag for workflow_dispatch | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| # For workflow_dispatch, we need to checkout the specific tag | |
| TAG="${{ steps.version.outputs.version }}" | |
| if git rev-parse "refs/tags/${TAG}" >/dev/null 2>&1; then | |
| echo "Checking out existing tag: ${TAG}" | |
| git checkout "refs/tags/${TAG}" | |
| else | |
| echo "Tag '${TAG}' does not exist. Creating it now..." | |
| CURRENT_SHA=$(git rev-parse HEAD) | |
| git tag "${TAG}" "${CURRENT_SHA}" | |
| git push origin "${TAG}" | |
| echo "✅ Created and pushed tag: ${TAG} at commit ${CURRENT_SHA:0:8}" | |
| fi | |
| - name: Release - Verify checkout matches expected version | |
| run: | | |
| # Verify we're on the correct commit for the release | |
| CURRENT_SHA=$(git rev-parse HEAD) | |
| TAG="${{ steps.version.outputs.version }}" | |
| if git rev-parse "refs/tags/${TAG}" >/dev/null 2>&1; then | |
| TAG_SHA=$(git rev-parse "refs/tags/${TAG}^{commit}" 2>/dev/null || git rev-parse "refs/tags/${TAG}") | |
| if [ "${CURRENT_SHA}" != "${TAG_SHA}" ]; then | |
| echo "::error::Current checkout (${CURRENT_SHA}) does not match tag ${TAG} (${TAG_SHA})" | |
| exit 1 | |
| fi | |
| echo "✅ Verified: Building from tag ${TAG} at commit ${CURRENT_SHA:0:8}" | |
| else | |
| echo "::warning::Tag ${TAG} not found, building from current checkout at ${CURRENT_SHA:0:8}" | |
| fi | |
| - name: Release - Install dependencies | |
| run: npm ci --include=optional | |
| - name: Release - Build server | |
| run: npm run build -w server | |
| - name: Release - Setup CodeQL environment | |
| uses: ./.github/actions/setup-codeql-environment | |
| with: | |
| add-to-path: true | |
| install-language-runtimes: false | |
| - name: Release - Install CodeQL pack dependencies | |
| run: server/scripts/install-packs.sh | |
| - name: Release - Publish CodeQL tool query packs | |
| if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| LANGUAGES="actions cpp csharp go java javascript python ruby swift" | |
| echo "Publishing CodeQL tool query packs..." | |
| for lang in ${LANGUAGES}; do | |
| PACK_DIR="server/ql/${lang}/tools/src" | |
| if [ -d "${PACK_DIR}" ]; then | |
| echo "📦 Publishing ${PACK_DIR}..." | |
| codeql pack publish --threads=-1 -- "${PACK_DIR}" | |
| echo "✅ Published ${lang} tool query pack" | |
| else | |
| echo "⚠️ Skipping ${lang}: ${PACK_DIR} not found" | |
| fi | |
| done | |
| - name: Release - Publish npm package | |
| if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' | |
| working-directory: server | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| echo "Publishing @advanced-security/codeql-development-mcp-server to GitHub Packages..." | |
| npm publish | |
| echo "✅ Published npm package to GitHub Packages" | |
| - name: Release - Create distribution directory | |
| run: | | |
| mkdir -p dist-package/server | |
| mkdir -p dist-package/docs | |
| # Copy server distributable files | |
| cp -r server/dist dist-package/server/ | |
| cp -r server/ql dist-package/server/ | |
| cp server/package.json dist-package/server/ | |
| # Copy root files | |
| cp README.md dist-package/ | |
| cp LICENSE dist-package/ | |
| # Copy documentation | |
| cp -r docs/* dist-package/docs/ | |
| - name: Release - Clean QL test directories from distribution | |
| run: | | |
| # Remove test and examples directories from ql folders (only keep src) | |
| find dist-package/server/ql -type d \( -name "test" -o -name "examples" \) -prune -exec rm -rf {} \; | |
| - name: Release - Install production dependencies | |
| working-directory: dist-package/server | |
| run: npm install --omit=dev --include=optional | |
| - name: Release - Create archive | |
| run: | | |
| tar -czvf codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz -C dist-package . | |
| - name: Release - Upload artifact | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: codeql-development-mcp-server-${{ steps.version.outputs.version }} | |
| path: codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz | |
| - name: Release - Create GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' | |
| uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 | |
| with: | |
| files: codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz | |
| generate_release_notes: true | |
| tag_name: ${{ steps.version.outputs.version }} | |
| - name: Release - Summary | |
| run: | | |
| echo "## Release Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ Server built successfully" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ npm package published to GitHub Packages" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ CodeQL tool query packs published to GHCR" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ Distribution package created" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ Production dependencies installed" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ Archive created: codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Package Contents" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`server/dist/\` - Bundled JavaScript output" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`server/ql/*/tools/src/\` - CodeQL tool queries" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`server/node_modules/\` - Production dependencies" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`docs/\` - User documentation" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`README.md\` - Project overview" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`LICENSE\` - CodeQL Terms and Conditions" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Published CodeQL Packs" >> $GITHUB_STEP_SUMMARY | |
| echo "| Pack | Version |" >> $GITHUB_STEP_SUMMARY | |
| echo "| ---- | ------- |" >> $GITHUB_STEP_SUMMARY | |
| for lang in actions cpp csharp go java javascript python ruby swift; do | |
| echo "| \`advanced-security/ql-mcp-${lang}-tools-src\` | ${{ steps.version.outputs.release_name }} |" >> $GITHUB_STEP_SUMMARY | |
| done |