Skip to content
Release - CodeQL Development MCP Server

Release - CodeQL Development MCP Server #9

Sign in to view logs

Release - CodeQL Development MCP Server

Release - CodeQL Development MCP Server #9

Workflow file for this run

.github/workflows/release.yml at 1facb81
name: Release - CodeQL Development MCP Server
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Release version (e.g., vX.Y.Z). Must start with "v".'
required: true
type: string
permissions:
contents: read
jobs:
build-and-release:
name: Build and Release
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Release - Checkout repository
uses: actions/checkout@v6
with:
# Fetch tags so workflow_dispatch can resolve and checkout the target tag
fetch-tags: true
# Explicitly checkout the tag ref to ensure we build the correct commit
# For tag pushes: refs/tags/vX.Y.Z
# For workflow_dispatch: refs/heads/<branch> (will be validated below)
ref: ${{ github.ref }}
- name: Release - Setup Node.js
uses: actions/setup-node@v6
with:
cache: 'npm'
node-version-file: '.node-version'
registry-url: 'https://npm.pkg.github.com'
scope: '@advanced-security'
- name: Release - Determine version
id: version
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
VERSION="${{ github.event.inputs.version }}"
else
VERSION="${{ github.ref_name }}"
fi
# Validate version starts with 'v'
if [[ ! "${VERSION}" =~ ^v ]]; then
echo "::error::Version '${VERSION}' must start with 'v'"
exit 1
fi
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "release_name=${VERSION#v}" >> $GITHUB_OUTPUT
- name: Release - Checkout or create tag for workflow_dispatch
if: github.event_name == 'workflow_dispatch'
run: |
# For workflow_dispatch, we need to checkout the specific tag
TAG="${{ steps.version.outputs.version }}"
if git rev-parse "refs/tags/${TAG}" >/dev/null 2>&1; then
echo "Checking out existing tag: ${TAG}"
git checkout "refs/tags/${TAG}"
else
echo "Tag '${TAG}' does not exist. Creating it now..."
CURRENT_SHA=$(git rev-parse HEAD)
git tag "${TAG}" "${CURRENT_SHA}"
git push origin "${TAG}"
echo "✅ Created and pushed tag: ${TAG} at commit ${CURRENT_SHA:0:8}"
fi
- name: Release - Verify checkout matches expected version
run: |
# Verify we're on the correct commit for the release
CURRENT_SHA=$(git rev-parse HEAD)
TAG="${{ steps.version.outputs.version }}"
if git rev-parse "refs/tags/${TAG}" >/dev/null 2>&1; then
TAG_SHA=$(git rev-parse "refs/tags/${TAG}^{commit}" 2>/dev/null || git rev-parse "refs/tags/${TAG}")
if [ "${CURRENT_SHA}" != "${TAG_SHA}" ]; then
echo "::error::Current checkout (${CURRENT_SHA}) does not match tag ${TAG} (${TAG_SHA})"
exit 1
fi
echo "✅ Verified: Building from tag ${TAG} at commit ${CURRENT_SHA:0:8}"
else
echo "::warning::Tag ${TAG} not found, building from current checkout at ${CURRENT_SHA:0:8}"
fi
- name: Release - Install dependencies
run: npm ci --include=optional
- name: Release - Build server
run: npm run build -w server
- name: Release - Setup CodeQL environment
uses: ./.github/actions/setup-codeql-environment
with:
add-to-path: true
install-language-runtimes: false
- name: Release - Install CodeQL pack dependencies
run: server/scripts/install-packs.sh
- name: Release - Publish CodeQL tool query packs
if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
LANGUAGES="actions cpp csharp go java javascript python ruby swift"
echo "Publishing CodeQL tool query packs..."
for lang in ${LANGUAGES}; do
PACK_DIR="server/ql/${lang}/tools/src"
if [ -d "${PACK_DIR}" ]; then
echo "📦 Publishing ${PACK_DIR}..."
codeql pack publish --threads=-1 -- "${PACK_DIR}"
echo "✅ Published ${lang} tool query pack"
else
echo "⚠️ Skipping ${lang}: ${PACK_DIR} not found"
fi
done
- name: Release - Bundle CodeQL tool query packs
run: |
mkdir -p dist-packs
LANGUAGES="actions cpp csharp go java javascript python ruby swift"
echo "Bundling CodeQL tool query packs..."
for lang in ${LANGUAGES}; do
PACK_DIR="server/ql/${lang}/tools/src"
if [ -d "${PACK_DIR}" ]; then
PACK_NAME="ql-mcp-${lang}-tools-src"
OUTPUT="dist-packs/${PACK_NAME}.tar.gz"
echo "📦 Bundling ${PACK_DIR} -> ${OUTPUT}..."
codeql pack bundle --threads=-1 --output="${OUTPUT}" -- "${PACK_DIR}"
echo "✅ Bundled ${PACK_NAME}"
fi
done
echo "Bundled packs:"
ls -lh dist-packs/
- name: Release - Upload CodeQL pack artifacts
uses: actions/upload-artifact@v6
with:
name: codeql-tool-query-packs-${{ steps.version.outputs.version }}
path: dist-packs/*.tar.gz
- name: Release - Publish npm package
if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch'
working-directory: server
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Publishing @advanced-security/codeql-development-mcp-server to GitHub Packages..."
npm publish
echo "✅ Published npm package to GitHub Packages"
- name: Release - Create distribution directory
run: |
mkdir -p dist-package/server
mkdir -p dist-package/docs
# Copy server distributable files
cp -r server/dist dist-package/server/
cp -r server/ql dist-package/server/
cp server/package.json dist-package/server/
# Copy root files
cp README.md dist-package/
cp LICENSE dist-package/
# Copy documentation
cp -r docs/* dist-package/docs/
- name: Release - Clean QL test directories from distribution
run: |
# Remove test and examples directories from ql folders (only keep src)
find dist-package/server/ql -type d \( -name "test" -o -name "examples" \) -prune -exec rm -rf {} \;
- name: Release - Install production dependencies
working-directory: dist-package/server
run: npm install --omit=dev --include=optional
- name: Release - Create archive
run: |
tar -czvf codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz -C dist-package .
- name: Release - Upload artifact
uses: actions/upload-artifact@v6
with:
name: codeql-development-mcp-server-${{ steps.version.outputs.version }}
path: codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz
- name: Release - Create GitHub Release
if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch'
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
with:
files: |
codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz
dist-packs/*.tar.gz
generate_release_notes: true
tag_name: ${{ steps.version.outputs.version }}
- name: Release - Summary
run: |
echo "## Release Summary" >> $GITHUB_STEP_SUMMARY
echo "✅ Server built successfully" >> $GITHUB_STEP_SUMMARY
echo "✅ npm package published to GitHub Packages" >> $GITHUB_STEP_SUMMARY
echo "✅ CodeQL tool query packs published to GHCR" >> $GITHUB_STEP_SUMMARY
echo "✅ Distribution package created" >> $GITHUB_STEP_SUMMARY
echo "✅ Production dependencies installed" >> $GITHUB_STEP_SUMMARY
echo "✅ Archive created: codeql-development-mcp-server-${{ steps.version.outputs.version }}.tar.gz" >> $GITHUB_STEP_SUMMARY
echo "✅ CodeQL tool query pack archives bundled" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Package Contents" >> $GITHUB_STEP_SUMMARY
echo "- \`server/dist/\` - Bundled JavaScript output" >> $GITHUB_STEP_SUMMARY
echo "- \`server/ql/*/tools/src/\` - CodeQL tool queries" >> $GITHUB_STEP_SUMMARY
echo "- \`server/node_modules/\` - Production dependencies" >> $GITHUB_STEP_SUMMARY
echo "- \`docs/\` - User documentation" >> $GITHUB_STEP_SUMMARY
echo "- \`README.md\` - Project overview" >> $GITHUB_STEP_SUMMARY
echo "- \`LICENSE\` - CodeQL Terms and Conditions" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Published CodeQL Packs" >> $GITHUB_STEP_SUMMARY
echo "| Pack | Version |" >> $GITHUB_STEP_SUMMARY
echo "| ---- | ------- |" >> $GITHUB_STEP_SUMMARY
for lang in actions cpp csharp go java javascript python ruby swift; do
echo "| \`advanced-security/ql-mcp-${lang}-tools-src\` | ${{ steps.version.outputs.release_name }} |" >> $GITHUB_STEP_SUMMARY
done