chore: import upstream snapshot with attribution
CF: Deploy Dev Docs / deploy (push) Has been cancelled
Sync Labels / build (push) Has been cancelled
tests / unit tests (macos-latest) (push) Has been cancelled
tests / unit tests (windows-latest) (push) Has been cancelled
tests / unit tests (ubuntu-latest) (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:32:45 +08:00
commit e04ed9c211
1798 changed files with 307905 additions and 0 deletions
@@ -0,0 +1,181 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Cloud Build Failure Reporter
on:
workflow_call:
inputs:
trigger_names:
required: true
type: string
workflow_dispatch:
inputs:
trigger_names:
description: 'Cloud Build trigger names separated by comma.'
required: true
default: ''
jobs:
report:
permissions:
issues: 'write'
checks: 'read'
runs-on: 'ubuntu-latest'
steps:
- uses: 'actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3' # v9
env:
TRIGGER_NAMES: ${{ inputs.trigger_names }}
with:
script: |-
// parse test names
const testNameSubstring = process.env.TRIGGER_NAMES;
const testNameFound = new Map(); //keeps track of whether each test is found
testNameSubstring.split(',').forEach(testName => {
testNameFound.set(testName, false);
});
// label for all issues opened by reporter
const periodicLabel = 'periodic-failure';
// check if any reporter opened any issues previously
const prevIssues = await github.paginate(github.rest.issues.listForRepo, {
...context.repo,
state: 'open',
creator: 'github-actions[bot]',
labels: [periodicLabel]
});
// createOrCommentIssue creates a new issue or comments on an existing issue.
const createOrCommentIssue = async function (title, txt) {
if (prevIssues.length < 1) {
console.log('no previous issues found, creating one');
await github.rest.issues.create({
...context.repo,
title: title,
body: txt,
labels: [periodicLabel]
});
return;
}
// only comment on issue related to the current test
for (const prevIssue of prevIssues) {
if (prevIssue.title.includes(title)){
console.log(
`found previous issue ${prevIssue.html_url}, adding comment`
);
await github.rest.issues.createComment({
...context.repo,
issue_number: prevIssue.number,
body: txt
});
return;
}
}
};
// updateIssues comments on any existing issues. No-op if no issue exists.
const updateIssues = async function (checkName, txt) {
if (prevIssues.length < 1) {
console.log('no previous issues found.');
return;
}
// only comment on issue related to the current test
for (const prevIssue of prevIssues) {
if (prevIssue.title.includes(checkName)){
console.log(`found previous issue ${prevIssue.html_url}, adding comment`);
await github.rest.issues.createComment({
...context.repo,
issue_number: prevIssue.number,
body: txt
});
}
}
};
// Find status of check runs.
// We will find check runs for each commit and then filter for the periodic.
// Checks API only allows for ref and if we use main there could be edge cases where
// the check run happened on a SHA that is different from head.
const commits = await github.paginate(github.rest.repos.listCommits, {
...context.repo
});
const relevantChecks = new Map();
for (const commit of commits) {
console.log(
`checking runs at ${commit.html_url}: ${commit.commit.message}`
);
const checks = await github.rest.checks.listForRef({
...context.repo,
ref: commit.sha
});
// Iterate through each check and find matching names
for (const check of checks.data.check_runs) {
console.log(`Handling test name ${check.name}`);
for (const testName of testNameFound.keys()) {
if (testNameFound.get(testName) === true){
//skip if a check is already found for this name
continue;
}
if (check.name.includes(testName)) {
relevantChecks.set(check, commit);
testNameFound.set(testName, true);
}
}
}
// Break out of the loop early if all tests are found
const allTestsFound = Array.from(testNameFound.values()).every(value => value === true);
if (allTestsFound){
break;
}
}
// Handle each relevant check
relevantChecks.forEach((commit, check) => {
if (
check.status === 'completed' &&
check.conclusion === 'success'
) {
updateIssues(
check.name,
`[Tests are passing](${check.html_url}) for commit [${commit.sha}](${commit.html_url}).`
);
} else if (check.status === 'in_progress') {
console.log(
`Check is pending ${check.html_url} for ${commit.html_url}. Retry again later.`
);
} else {
createOrCommentIssue(
`Cloud Build Failure Reporter: ${check.name} failed`,
`Cloud Build Failure Reporter found test failure for [**${check.name}** ](${check.html_url}) at [${commit.sha}](${commit.html_url}). Please fix the error and then close the issue after the **${check.name}** test passes.`
);
}
});
// no periodic checks found across all commits, report it
const noTestFound = Array.from(testNameFound.values()).every(value => value === false);
if (noTestFound){
createOrCommentIssue(
`Missing periodic tests: ${process.env.TRIGGER_NAMES}`,
`No periodic test is found for triggers: ${process.env.TRIGGER_NAMES}. Last checked from ${
commits[0].html_url
} to ${commits[commits.length - 1].html_url}.`
);
}
+51
View File
@@ -0,0 +1,51 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "Sync v1 docsite to Cloudflare"
permissions:
contents: read
concurrency:
group: cloudflare-sync
cancel-in-progress: true
# zizmor flags workflow_run, but this is safe because it only deploys internal branches and is strictly gated to the base repository.
on: # zizmor: ignore[dangerous-triggers]
workflow_dispatch:
workflow_run:
workflows: ["CF: Deploy Dev Docs", "CF: Deploy Versioned Docs", "CF: Deploy Previous Version Docs"]
types: [completed]
jobs:
deploy:
runs-on: ubuntu-latest
# Hardened workflow_run: strictly verifies the triggering run originated from the base repository to prevent execution from forks.
if: >
github.event_name == 'workflow_dispatch' ||
(github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_repository.full_name == github.repository)
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: 'cloudflare-pages'
persist-credentials: false
- name: Cleanup
run: |
rm -rf .git
- name: Cloudflare Deploy
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: pages deploy . --project-name=toolbox-docs --branch=main
+79
View File
@@ -0,0 +1,79 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: conformance
# zizmor flags pull_request_target, but it is safely gated by the 'tests: run' label manually applied by maintainers.
on: # zizmor: ignore[dangerous-triggers]
pull_request:
pull_request_target:
types: [labeled]
permissions: read-all
jobs:
conformance:
if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}"
name: conformance
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: 'read'
issues: 'write'
pull-requests: 'write'
steps:
- name: Remove PR Label
if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}"
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
try {
await github.rest.issues.removeLabel({
name: 'tests: run',
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number
});
} catch (e) {
console.log('Failed to remove label. Another job may have already removed it!');
}
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
token: ${{ secrets.GITHUB_TOKEN }}
persist-credentials: false
- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: 'go.mod'
- name: Start MCP Toolbox Server
run: |
go build -o toolbox
./toolbox --allowed-hosts localhost --config tests/conformance/tools.yaml &
sleep 5 # Give the server a moment to bind to port 5000
- name: Run Conformance Tests
uses: modelcontextprotocol/conformance@21a9a2febd7100d7c17ac1021ee7f2ed9f66a1e0 # v0.1.16
with:
mode: server
url: 'http://localhost:5000/mcp'
suite: active
expected-failures: tests/conformance/conformance-baseline.yml
@@ -0,0 +1,91 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "CF: Deploy Dev Docs"
permissions:
contents: write
on:
push:
branches:
- main
paths:
- 'docs/**'
- '.github/workflows/docs*_cf.yaml'
- '.github/workflows/deploy*_cf.yaml'
- '.hugo/**'
# Allow triggering manually.
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-24.04
defaults:
run:
working-directory: .hugo
# This shared concurrency group ensures only one docs deployment runs at a time.
concurrency:
group: cf-docs-update
cancel-in-progress: true
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: 0
submodules: recursive
persist-credentials: false
- name: Setup Hugo
uses: peaceiris/actions-hugo@2752ce1d29631191ea3f27c23495fa06139a5b78 # v3
with:
hugo-version: "0.163.3"
extended: true
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "22"
- name: Cache dependencies
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- run: npm ci
- run: hugo --minify --config hugo.cloudflare.toml
env:
HUGO_BASEURL: https://mcp-toolbox.dev/dev/
HUGO_RELATIVEURLS: false
- name: Build Pagefind Search Index
run: npx pagefind --site public
- name: Create Staging Directory
run: |
mkdir staging
mv public staging/dev
mv staging/dev/releases.releases staging/releases.releases
- name: Push to Cloudflare Branch
uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./.hugo/staging
publish_branch: cloudflare-pages
keep_files: true
commit_message: "deploy: ${{ github.event.head_commit.message }}"
@@ -0,0 +1,119 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "CF: Deploy Previous Version Docs"
on:
workflow_dispatch:
inputs:
version_tag:
description: 'The old version tag to build docs for (e.g., v0.15.0)'
required: true
type: string
jobs:
build_and_deploy:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout main branch (for latest templates and theme)
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: 'main'
submodules: 'recursive'
fetch-depth: 0
persist-credentials: false
- name: Checkout old content from tag into a temporary directory
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: ${{ github.event.inputs.version_tag }}
path: 'old_version_source'
sparse-checkout: |
docs
persist-credentials: false
- name: Replace content with old version
run: |
# Remove the current content directory from the main branch checkout
rm -rf docs/
# Move the old content directory into place
mv ./old_version_source/docs docs
- name: Setup Hugo
uses: peaceiris/actions-hugo@2752ce1d29631191ea3f27c23495fa06139a5b78 # v3
with:
hugo-version: "0.163.3"
extended: true
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "22"
- name: Install Dependencies
run: npm ci
working-directory: .hugo
- name: Build Hugo Site for Archived Version
run: |
hugo --minify --config hugo.cloudflare.toml
rm -f public/releases.releases
working-directory: .hugo
env:
HUGO_BASEURL: https://mcp-toolbox.dev/${{ github.event.inputs.version_tag }}/
HUGO_RELATIVEURLS: false
HUGO_PARAMS_VERSION: ${{ github.event.inputs.version_tag }}
- name: Build Pagefind Index (Archived Version)
run: npx pagefind --site public
working-directory: .hugo
- name: Deploy to cloudflare-pages
uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: .hugo/public
publish_branch: cloudflare-pages
destination_dir: ./${{ github.event.inputs.version_tag }}
keep_files: true
allow_empty_commit: true
commit_message: "docs(backport): deploy docs for ${{ github.event.inputs.version_tag }}"
- name: Clean Build Directory
run: rm -rf .hugo/public
- name: Build Hugo Site
run: hugo --minify --config hugo.cloudflare.toml
working-directory: .hugo
env:
HUGO_BASEURL: https://mcp-toolbox.dev/
HUGO_RELATIVEURLS: false
HUGO_PARAMS_VERSION: ${{ github.event.inputs.version_tag }}
- name: Build Pagefind Index (Root)
run: npx pagefind --site public
working-directory: .hugo
- name: Deploy to root
uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: .hugo/public
publish_branch: cloudflare-pages
keep_files: true
allow_empty_commit: true
commit_message: "deploy: docs to root for ${{ github.event.inputs.version_tag }}"
@@ -0,0 +1,108 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "CF: Deploy Versioned Docs"
permissions:
contents: write
on:
release:
types: [published]
jobs:
deploy:
runs-on: ubuntu-24.04
# This shared concurrency group ensures only one docs deployment runs at a time.
concurrency:
group: cf-docs-update
cancel-in-progress: false
steps:
- name: Checkout Code at Tag
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: ${{ github.event.release.tag_name }}
persist-credentials: false
- name: Get Version from Release Tag
id: get_version
env:
RELEASE_TAG: ${{ github.event.release.tag_name }}
run: echo "VERSION=${RELEASE_TAG}" >> "$GITHUB_OUTPUT"
- name: Setup Hugo
uses: peaceiris/actions-hugo@2752ce1d29631191ea3f27c23495fa06139a5b78 # v3
with:
hugo-version: "0.163.3"
extended: true
- name: Setup Node
# zizmor flags setup-node for cache-poisoning on releases, but since we don't pass `cache: npm`, no caching occurs. Safe to ignore.
# zizmor: ignore[cache-poisoning]
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "22"
- name: Install Dependencies
run: npm ci
working-directory: .hugo
- name: Build Hugo Site
run: |
hugo --minify --config hugo.cloudflare.toml
rm -f public/releases.releases
working-directory: .hugo
env:
HUGO_BASEURL: https://mcp-toolbox.dev/${{ steps.get_version.outputs.VERSION }}/
HUGO_RELATIVEURLS: false
HUGO_PARAMS_VERSION: ${{ steps.get_version.outputs.VERSION }}
- name: Build Pagefind Index (Versioned)
run: npx pagefind --site public
working-directory: .hugo
- name: Deploy
uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: .hugo/public
publish_branch: cloudflare-pages
destination_dir: ./${{ steps.get_version.outputs.VERSION }}
keep_files: true
commit_message: "deploy: docs for ${{ steps.get_version.outputs.VERSION }}"
- name: Clean Build Directory
run: rm -rf .hugo/public
- name: Build Hugo Site
run: hugo --minify --config hugo.cloudflare.toml
working-directory: .hugo
env:
HUGO_BASEURL: https://mcp-toolbox.dev/
HUGO_RELATIVEURLS: false
HUGO_PARAMS_VERSION: ${{ steps.get_version.outputs.VERSION }}
- name: Build Pagefind Index (Root)
run: npx pagefind --site public
working-directory: .hugo
- name: Deploy to root
uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: .hugo/public
publish_branch: cloudflare-pages
keep_files: true
allow_empty_commit: true
commit_message: "deploy: docs to root for ${{ steps.get_version.outputs.VERSION }}"
+62
View File
@@ -0,0 +1,62 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Lint Documentation
permissions:
contents: read
on:
pull_request:
paths:
- 'docs/**'
- '.github/workflows/docs**'
- '.ci/lint-docs-*.sh'
- '.hugo/data/filters.yaml'
jobs:
lint-source-pages:
name: Lint Documentation
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.x'
- name: Check for large files (>24MB)
run: |
LARGE_FILES=$(find docs/ -type f -size +24M)
if [ -n "$LARGE_FILES" ]; then
echo "Error: Files exceed 24MB limit: $LARGE_FILES"
exit 1
fi
- name: Make scripts executable
run: chmod +x .ci/lint-docs-*.sh
- name: Run Structure Linter for Source Pages
run: bash .ci/lint-docs-source-page.sh
- name: Run Structure Linter for Tool Pages
run: bash .ci/lint-docs-tool-page.sh
- name: Run Sample Filters Linter
run: bash .ci/lint-docs-sample-filters.sh
@@ -0,0 +1,118 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "CF: Build Docs Preview"
on:
pull_request:
types: [opened, synchronize, reopened, labeled]
paths:
- 'docs/**'
- '.github/workflows/docs*_cf.yaml'
- '.hugo/**'
permissions:
contents: read
jobs:
build-preview:
if: "contains(github.event.pull_request.labels.*.name, 'docs: deploy-preview')"
runs-on: ubuntu-24.04
env:
PR_NUMBER: ${{ github.event.number }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
concurrency:
group: "cf-preview-${{ github.event.number }}"
cancel-in-progress: true
defaults:
run:
working-directory: .hugo
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: ${{ env.HEAD_SHA }}
fetch-depth: 0
persist-credentials: false
- name: Setup Hugo
uses: peaceiris/actions-hugo@2752ce1d29631191ea3f27c23495fa06139a5b78 # v3
with:
hugo-version: "0.163.3"
extended: true
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "22"
cache: 'npm'
cache-dependency-path: '.hugo/package-lock.json'
- run: npm ci --ignore-scripts
- run: hugo --minify --config hugo.cloudflare.toml
env:
HUGO_BASEURL: "/"
HUGO_ENVIRONMENT: preview
HUGO_RELATIVEURLS: false
- name: Build Pagefind Search Index
run: npx pagefind --site public
- name: Prepare Artifact Payload
run: |
mkdir -p ../artifact-payload
cp -r public ../artifact-payload/public
echo ${PR_NUMBER} > ../artifact-payload/pr_number.txt
- name: Upload Artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: cf-preview-data
path: artifact-payload/
retention-days: 1
- name: Deployment Link
run: |
DEPLOY_URL="https://github.com/${{ github.repository_owner }}/${GITHUB_EVENT_REPOSITORY_NAME}/actions/workflows/docs_deploy_cf.yaml"
echo "### Build Complete" >> $GITHUB_STEP_SUMMARY
echo "The build for PR #${PR_NUMBER} succeeded." >> $GITHUB_STEP_SUMMARY
echo "The Cloudflare deployment workflow is now starting." >> $GITHUB_STEP_SUMMARY
echo "---" >> $GITHUB_STEP_SUMMARY
echo "#### [Track Deployment Progress]($DEPLOY_URL)" >> $GITHUB_STEP_SUMMARY
env:
GITHUB_EVENT_REPOSITORY_NAME: ${{ github.event.repository.name }}
remove-label:
needs: build-preview
if: "always() && contains(github.event.pull_request.labels.*.name, 'docs: deploy-preview')"
runs-on: ubuntu-24.04
permissions:
pull-requests: write
steps:
- name: Remove deploy-preview label
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
script: |
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name: 'docs: deploy-preview'
});
console.log("Label 'docs: deploy-preview' removed successfully.");
} catch (error) {
console.log(`Error removing label: ${error}`);
}
@@ -0,0 +1,73 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "CF: Cleanup PR Preview"
permissions:
pull-requests: write
# This Workflow depends on 'github.event.number',
# not compatible with branch or manual triggers.
on:
pull_request:
types:
- closed
jobs:
clean:
# Only run for PRs from the same repository to ensure secret access
if: "${{ github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name }}"
runs-on: ubuntu-24.04
concurrency:
# Shared concurrency group with preview staging.
group: "cf-preview-${{ github.event.number }}"
cancel-in-progress: true
steps:
- name: Delete Cloudflare Pages Deployments via API
env:
ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
PROJECT_NAME: toolbox-docs
BRANCH_NAME: pr-${{ github.event.number }}
run: |
echo "Fetching deployments for preview branch: $BRANCH_NAME"
# Fetch the most recent deployments from your Cloudflare project
RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/pages/projects/$PROJECT_NAME/deployments" \
-H "Authorization: Bearer $API_TOKEN")
# Use 'jq' to extract all deployment IDs that match this specific PR branch alias
IDS=$(echo "$RESPONSE" | jq -r --arg branch "$BRANCH_NAME" '.result[] | select(.deployment_trigger.metadata.branch? == $branch) | .id')
if [ -z "$IDS" ]; then
echo "No preview deployments found to clean up."
else
for id in $IDS; do
echo "Deleting Cloudflare deployment ID: $id"
curl -s -X DELETE "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/pages/projects/$PROJECT_NAME/deployments/$id?force=true" \
-H "Authorization: Bearer $API_TOKEN"
done
echo "Successfully removed preview environment."
fi
- name: Comment
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
script: |
github.rest.issues.createComment({
issue_number: context.payload.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "🧨 **Preview deployments removed.**\n\nCloudflare Pages environments for `pr-${{ github.event.number }}` have been deleted."
})
@@ -0,0 +1,118 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "CF: Deploy Docs Preview"
# zizmor flags workflow_run input, but this workflow safely sanitizes the untrusted PR number artifact before use.
on: # zizmor: ignore[dangerous-triggers]
workflow_run:
workflows: ["CF: Build Docs Preview"]
types:
- completed
workflow_dispatch:
inputs:
pr_number:
description: 'PR Number to deploy (Manual override)'
required: true
type: string
build_run_id:
description: 'The Run ID from the successful "CF: Build Docs Preview" workflow'
required: true
type: string
permissions:
contents: read
pull-requests: write
jobs:
deploy-preview:
if: >
github.event_name == 'workflow_dispatch' ||
(github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success')
runs-on: ubuntu-24.04
concurrency:
group: "cf-deploy-${{ github.event.inputs.pr_number || github.event.workflow_run.pull_requests[0].number }}"
cancel-in-progress: true
steps:
- name: Checkout base repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- name: Download Artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
name: cf-preview-data
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.inputs.build_run_id || github.event.workflow_run.id }}
path: downloaded-artifact
- name: Read PR Number
id: get_pr
run: |
if [ -n "${GITHUB_EVENT_INPUTS_PR_NUMBER}" ]; then
PR_NUMBER="${GITHUB_EVENT_INPUTS_PR_NUMBER}"
else
PR_NUMBER=$(cat downloaded-artifact/pr_number.txt)
fi
if ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then
echo "Error: PR number [$PR_NUMBER] is invalid."
exit 1
fi
echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT"
env:
GITHUB_EVENT_INPUTS_PR_NUMBER: ${{ github.event.inputs.pr_number }}
- name: Deploy to Cloudflare Pages
id: cf_deploy
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: pages deploy downloaded-artifact/public --project-name toolbox-docs --branch pr-${{ steps.get_pr.outputs.pr_number }}
- name: Post Preview URL Comment
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
env:
PR_NUMBER: ${{ steps.get_pr.outputs.pr_number }}
DEPLOY_URL: ${{ steps.cf_deploy.outputs.pages-deployment-alias-url }}
with:
script: |
const prNumber = parseInt(process.env.PR_NUMBER, 10);
const deployUrl = process.env.DEPLOY_URL;
const marker = '<!-- cf-preview-comment-marker -->';
// Fetch all comments on the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
});
// Look for the invisible HTML marker
const existingComment = comments.find(c => c.body.includes(marker));
// Exit early if we've already posted a comment for this PR to avoid duplicates
if (existingComment) {
console.log("Preview link already posted on this PR. Skipping.");
return;
}
// Create the comment since it's the first deployment for this PR
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: prNumber,
body: `${marker}\n🚀 **Cloudflare Preview Ready!**\n\n🔎 View Preview: ${deployUrl}\n\n*(Note: Subsequent pushes to this PR will automatically update the preview at this same URL)*`
});
+105
View File
@@ -0,0 +1,105 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Link Checker
on:
pull_request:
permissions:
contents: read
jobs:
link-check:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
persist-credentials: false
- name: Identify Changed Files
id: changed-files
shell: bash
run: |
git fetch origin main
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRT origin/main...HEAD -- '*.md')
if [ -z "$CHANGED_FILES" ]; then
echo "No markdown files changed. Skipping checks."
echo "HAS_CHANGES=false" >> "$GITHUB_OUTPUT"
else
echo "--- Changed Files to Scan ---"
echo "$CHANGED_FILES"
echo "-----------------------------"
FILES_QUOTED=$(echo "$CHANGED_FILES" | sed 's/^/"/;s/$/"/' | tr '\n' ' ')
# Use EOF to write multiline or long strings to GITHUB_OUTPUT
echo "HAS_CHANGES=true" >> "$GITHUB_OUTPUT"
echo "CHECK_FILES<<EOF" >> "$GITHUB_OUTPUT"
echo "$FILES_QUOTED" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
fi
- name: Restore lychee cache
if: steps.changed-files.outputs.HAS_CHANGES == 'true'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: .lycheecache
key: cache-lychee-${{ github.sha }}
restore-keys: cache-lychee-
- name: Link Checker
id: lychee-check
if: steps.changed-files.outputs.HAS_CHANGES == 'true'
uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2
continue-on-error: true
with:
args: >
--quiet
--no-progress
--cache
--max-cache-age 1d
--exclude '^neo4j\+.*' --exclude '^bolt://.*'
--max-retries 10
${{ steps.changed-files.outputs.CHECK_FILES }}
output: lychee-report.md
format: markdown
fail: true
jobSummary: false
debug: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare Report
if: steps.changed-files.outputs.HAS_CHANGES == 'true' && steps.lychee-check.outcome == 'failure'
run: |
echo "## Link Resolution Note" > full-report.md
echo "Local links and directory changes work differently on GitHub than on the docsite. You must ensure fixes pass the **GitHub check** and also work with **\`hugo server\`**." >> full-report.md
echo "See [Link Checking and Fixing with Lychee](https://github.com/googleapis/mcp-toolbox/blob/main/DEVELOPER.md#link-checking-and-fixing-with-lychee) for more details." >> full-report.md
echo "" >> full-report.md
sed -E '/(Redirect|Redirects per input)/d' lychee-report.md >> full-report.md
- name: Display Failure Report
# Run this ONLY if the link checker failed
if: steps.lychee-check.outcome == 'failure'
run: |
# We can now simply output the prepared file to the job summary
cat full-report.md >> $GITHUB_STEP_SUMMARY
# Fail the job
exit 1
@@ -0,0 +1,75 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Link Checks
on:
schedule:
- cron: '0 0 * * 1'
jobs:
linkChecker:
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- name: Checkout Repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: 0
persist-credentials: false
- name: Link Checker
id: lychee-check
uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2
continue-on-error: true
with:
args: >
--quiet
--no-progress
--exclude '^neo4j\+.*' --exclude '^bolt://.*'
README.md
docs/
output: lychee-report.md
format: markdown
fail: true
jobSummary: false
debug: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare Report
run: |
echo "## Link Resolution Note" > full-report.md
echo "Local links and directory changes work differently on GitHub than on the docsite.You must ensure fixes pass the **GitHub check** and also work with **\`hugo server\`**." >> full-report.md
echo "See [Link Checking and Fixing with Lychee](https://github.com/googleapis/mcp-toolbox/blob/main/DEVELOPER.md#link-checking-and-fixing-with-lychee) for more details." >> full-report.md
echo "" >> full-report.md
sed -E '/(Redirect|Redirects per input)/d' lychee-report.md >> full-report.md
- name: Create Issue From File
if: steps.lychee-check.outcome == 'failure'
uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6
with:
title: Link Checker Report
content-filepath: full-report.md
labels: |
priority: p2
type: process
- name: Display Failure Report
# Run this ONLY if the link checker failed
if: steps.lychee-check.outcome == 'failure'
run: |
# We can now simply output the prepared file to the job summary
cat full-report.md >> $GITHUB_STEP_SUMMARY
# Fail the job
exit 1
+58
View File
@@ -0,0 +1,58 @@
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: lint
on:
pull_request:
paths:
- "**"
- "!docs/**"
- "!**.md"
- "!.github/**"
- ".github/workflows/lint.yaml"
# Declare default permissions as read only.
permissions: read-all
jobs:
lint:
name: lint
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: 'read'
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: 'go.mod'
- name: >
Verify go mod tidy. If you're reading this and the check has
failed, run `goimports -w . && go mod tidy && golangci-lint run`
run: |
go mod tidy && git diff --exit-code
- name: golangci-lint
uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1
with:
version: latest
args: --timeout 10m
+42
View File
@@ -0,0 +1,42 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: lint
# zizmor flags pull_request_target, but this fallback workflow never checks out code.
on: # zizmor: ignore[dangerous-triggers]
pull_request:
paths:
- "docs/**"
- "**.md"
- ".github/**"
- "!.github/workflows/lint.yaml"
pull_request_target:
paths:
- "docs/**"
- "**.md"
- ".github/**"
- "!.github/workflows/lint.yaml"
permissions: read-all
jobs:
lint:
name: lint
runs-on: ubuntu-latest
steps:
- name: Skip Lint
run: |
echo "Skipping lint for documentation/config-only changes."
echo "This job exists to satisfy the required status check."
+109
View File
@@ -0,0 +1,109 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Weekly Server Tier Assessment
on:
schedule:
- cron: '0 6 * * 0' # Runs at 6 AM every Sunday
workflow_dispatch:
permissions:
contents: read
issues: write
jobs:
tier-check:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: 'go.mod'
- name: Start MCP Toolbox Server
run: |
go build -o toolbox
./toolbox --allowed-hosts localhost --config tests/conformance/tools.yaml &
sleep 5 # Give the server a moment to bind to port 5000
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: "22"
- name: Run Server Tier Assessment
id: assessment
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
npx --yes @modelcontextprotocol/conformance@latest tier-check --repo ${{ github.repository }} --output markdown --conformance-server-url "http://localhost:5000/mcp" > tier_report.txt
continue-on-error: true
- name: Report Tier Status
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const report = fs.readFileSync('tier_report.txt', 'utf8');
const title = '[Dashboard: Conformance] Weekly Server Tier Assessment Failure';
const prevIssues = await github.rest.issues.listForRepo({
...context.repo,
state: 'open'
});
// Find any open issue matching the exact dashboard title
let existingIssue = prevIssues.data.find(issue => issue.title === title);
if (report.includes('Tier Assessment: Tier 1')) {
console.log('Tier 1 achieved! Closing open issue if it exists.');
if (existingIssue) {
await github.rest.issues.createComment({
...context.repo,
issue_number: existingIssue.number,
body: "The weekly Server Tier Assessment confirms we are now **Tier 1**! Closing this issue."
});
await github.rest.issues.update({
...context.repo,
issue_number: existingIssue.number,
state: 'closed'
});
}
return;
}
const body = `The weekly Server Tier Assessment found gaps preventing Tier 1 status:\n\n${report}\n\nPlease fix these operational gaps.`;
if (existingIssue) {
console.log(`Found previous issue ${existingIssue.html_url}, updating body`);
await github.rest.issues.update({
...context.repo,
issue_number: existingIssue.number,
body: body
});
} else {
console.log('No previous issue found, creating one');
await github.rest.issues.create({
...context.repo,
title: title,
body: body
});
}
+78
View File
@@ -0,0 +1,78 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Publish to MCP Registry
on:
push:
tags: ["v*"] # Triggers on version tags like v1.0.0
# allow manual triggering with no inputs required
workflow_dispatch:
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC authentication
contents: read
steps:
- name: Delay workflow execution
run: sleep 1200
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- name: Wait for image in Artifact Registry
shell: bash
run: |
MAX_ATTEMPTS=10
VERSION=$(jq -r '.version' server.json)
REGISTRY_URL="https://us-central1-docker.pkg.dev/v2/database-toolbox/toolbox/toolbox/manifests/${VERSION}"
# initially sleep time to wait for the version release
sleep 3m
for i in $(seq 1 ${MAX_ATTEMPTS}); do
echo "Attempt $i: Checking for image ${REGISTRY_URL}..."
# Use curl to check the manifest header
# Using -I to fetch headers only, -s silent, -f fail fast on errors.
curl -Isf "${REGISTRY_URL}" > /dev/null
if [ $? -eq 0 ]; then
echo "✅ Image found! Continuing to next steps."
exit 0
else
echo "❌ Image not found (likely 404 error) on attempt $i."
if [ $i -lt ${MAX_ATTEMPTS} ]; then
echo "Sleeping for 5 minutes before next attempt..."
sleep 2m
else
echo "Maximum attempts reached. Image not found."
exit 1
fi
fi
done
- name: Install MCP Publisher
run: |
curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
- name: Login to MCP Registry
run: ./mcp-publisher login github-oidc
- name: Publish to MCP Registry
run: ./mcp-publisher publish
+70
View File
@@ -0,0 +1,70 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: pypi
on:
pull_request:
paths:
- "pypi/**"
- ".github/workflows/pypi.yml"
permissions: read-all
jobs:
build-and-verify:
name: build & verify wheel
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: go.mod
- name: Setup Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.12"
- name: Install build tooling
run: python -m pip install --upgrade pip build pytest
- name: Build toolbox binary and stage it for the wheel
# setup.py now expects the binary pre-staged in src/toolbox_server/bin/
# instead of downloading from GCS at build time.
run: |
go build -o pypi/src/toolbox_server/bin/toolbox .
chmod +x pypi/src/toolbox_server/bin/toolbox
- name: Build wheel
working-directory: pypi
env:
# setup.py requires this explicitly; matches the Linux x86_64 binary
# built above. Release pipeline sets it per-platform in a loop.
TOOLBOX_PLATFORM: manylinux2014_x86_64
run: python -m build --wheel
- name: Install built wheel
run: pip install pypi/dist/*.whl
- name: Verify console script runs
run: toolbox-server --help
- name: Run wrapper tests
run: pytest pypi/tests/ -v
+29
View File
@@ -0,0 +1,29 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Schedule Reporter
on:
schedule:
- cron: '0 6 * * *' # Runs at 6 AM every morning
jobs:
run_reporter:
permissions:
issues: 'write'
checks: 'read'
contents: 'read'
uses: ./.github/workflows/cloud_build_failure_reporter.yml
with:
trigger_names: "toolbox-test-nightly,toolbox-test-on-merge,toolbox-continuous-release"
+39
View File
@@ -0,0 +1,39 @@
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Sync Labels
on:
push:
branches:
- main
# Declare default permissions as read only.
permissions: read-all
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: 'read'
issues: 'write'
pull-requests: 'write'
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
manifest: .github/labels.yaml
+95
View File
@@ -0,0 +1,95 @@
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: tests
on:
push:
branches:
- "main"
paths:
- "**"
- "!docs/**"
- "!**.md"
- "!.github/**"
- ".github/workflows/tests.yaml"
pull_request:
paths:
- "**"
- "!docs/**"
- "!**.md"
- "!.github/**"
- ".github/workflows/tests.yaml"
# Declare default permissions as read only.
permissions: read-all
jobs:
integration:
name: unit tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-latest, windows-latest, ubuntu-latest]
fail-fast: false
permissions:
contents: "read"
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: 'go.mod'
- name: Install dependencies
run: go get .
- name: Build
run: go build -v ./...
- name: Run tests with coverage
if: ${{ runner.os == 'Linux' }}
env:
GOTOOLCHAIN: go1.25.0+auto
run: |
source_dir="./internal/sources/*"
tool_dir="./internal/tools/*"
prompt_dir="./internal/prompts/*"
auth_dir="./internal/auth/*"
int_test_dir="./tests/*"
included_packages=$(go list ./... | grep -v -e "$source_dir" -e "$tool_dir" -e "$prompt_dir" -e "$auth_dir" -e "$int_test_dir")
go test -race -cover -coverprofile=coverage.out -v $included_packages
go test -race -v ./internal/sources/... ./internal/tools/... ./internal/prompts/... ./internal/auth/...
- name: Run tests without coverage
if: ${{ runner.os != 'Linux' }}
run: |
go test -race -v ./internal/... ./cmd/...
- name: Check coverage
if: ${{ runner.os == 'Linux' }}
run: |
FILE_TO_EXCLUDE="github.com/googleapis/mcp-toolbox/internal/server/config.go"
ESCAPED_PATH=$(echo "$FILE_TO_EXCLUDE" | sed 's/\//\\\//g; s/\./\\\./g')
sed -i "/^${ESCAPED_PATH}:/d" coverage.out
total_coverage=$(go tool cover -func=coverage.out | grep "total:" | awk '{print $3}')
echo "Total coverage: $total_coverage"
coverage_numeric=$(echo "$total_coverage" | sed 's/%//')
if (( $(echo "$coverage_numeric < 40" | bc -l) )); then
echo "Coverage failure: total coverage($total_coverage) is below 40%."
exit 1
fi
+54
View File
@@ -0,0 +1,54 @@
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: tests
# zizmor flags pull_request_target, but this fallback workflow never checks out code.
on: # zizmor: ignore[dangerous-triggers]
push:
branches:
- "main"
paths:
- "docs/**"
- "**.md"
- ".github/**"
- "!.github/workflows/tests.yaml"
pull_request:
paths:
- "docs/**"
- "**.md"
- ".github/**"
- "!.github/workflows/tests.yaml"
pull_request_target:
types: [labeled]
paths:
- "docs/**"
- "**.md"
- ".github/**"
- "!.github/workflows/tests.yaml"
permissions: read-all
jobs:
integration:
name: unit tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-latest, windows-latest, ubuntu-latest]
steps:
- name: Skip Tests
run: |
echo "Skipping unit tests for documentation/config-only changes."
echo "This job exists to satisfy the required status check."