jwt processing removed #142
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Altinity MCP | |
| on: | |
| push: | |
| branches: [ main, master ] | |
| tags: [ 'v*.*.*' ] | |
| pull_request: | |
| branches: [ main, master ] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: altinity/altinity-mcp | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25' | |
| - name: Run go vet | |
| run: go vet ./... | |
| - name: Run tests with coverage | |
| run: go test -v -coverprofile=coverage.out ./... | |
| # todo remove when fix 504 gateway timeout, https://github.com/lemurheavy/coveralls-public/issues/1824 | |
| # - name: Send coverage to Coveralls | |
| # uses: coverallsapp/github-action@v2 | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # file: coverage.out | |
| build-and-push-platforms: | |
| needs: test | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| platform: [amd64, arm64] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25' | |
| - name: Install cross-compilation tools | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu libc6-dev-arm64-cross | |
| - name: Build binary for ${{ matrix.platform }} | |
| run: | | |
| mkdir -p build/linux/${{ matrix.platform }} | |
| CGO_ENABLED=0 GOOS=linux GOARCH=${{ matrix.platform }} go build \ | |
| -ldflags "-X main.version=${{ github.ref_name }} -X main.commit=${{ github.sha }} -X main.date=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ | |
| -o build/linux/${{ matrix.platform }}/altinity-mcp ./cmd/altinity-mcp | |
| CGO_ENABLED=0 GOOS=linux GOARCH=${{ matrix.platform }} go build \ | |
| -ldflags "-X main.version=${{ github.ref_name }} -X main.commit=${{ github.sha }} -X main.date=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \ | |
| -o build/linux/${{ matrix.platform }}/jwe-token-generator ./cmd/jwe_auth | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push platform image | |
| run: | | |
| cp build/linux/${{ matrix.platform }}/altinity-mcp . | |
| cp build/linux/${{ matrix.platform }}/jwe-token-generator . | |
| SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) | |
| IMAGE_NAME_LOWER=$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]') | |
| docker buildx build --platform linux/${{ matrix.platform }} --push -t ${{ env.REGISTRY }}/${IMAGE_NAME_LOWER}:${{ matrix.platform }}-${SHORT_SHA} . | |
| - name: Verify Docker image | |
| run: | | |
| docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
| SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) | |
| IMAGE_NAME_LOWER=$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]') | |
| docker run --rm --platform linux/${{ matrix.platform }} ${{ env.REGISTRY }}/${IMAGE_NAME_LOWER}:${{ matrix.platform }}-${SHORT_SHA} altinity-mcp --help | |
| create-multiplatform-manifest: | |
| needs: build-and-push-platforms | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set image name to lowercase | |
| id: image-name | |
| run: | | |
| IMAGE_NAME_LOWER=$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]') | |
| echo "image_name_lower=${IMAGE_NAME_LOWER}" >> $GITHUB_OUTPUT | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ steps.image-name.outputs.image_name_lower }} | |
| tags: | | |
| type=ref,event=branch | |
| type=match,pattern=v(.*),group=1 | |
| type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }} | |
| type=sha,format=short,prefix=sha-,enable=${{ github.event_name != 'pull_request' }} | |
| - name: Create and push multiplatform manifest | |
| run: | | |
| # Create and push multiplatform manifest | |
| SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7) | |
| IMAGE_NAME_LOWER="${{ steps.image-name.outputs.image_name_lower }}" | |
| # Convert tags to array and iterate | |
| echo "${{ steps.meta.outputs.tags }}" | while IFS= read -r tag; do | |
| if [ -n "$tag" ]; then | |
| echo "Creating manifest for tag: $tag" | |
| docker buildx imagetools create \ | |
| --tag "$tag" \ | |
| "${{ env.REGISTRY }}/${IMAGE_NAME_LOWER}:amd64-${SHORT_SHA}" \ | |
| "${{ env.REGISTRY }}/${IMAGE_NAME_LOWER}:arm64-${SHORT_SHA}" | |
| fi | |
| done | |
| release: | |
| needs: create-multiplatform-manifest | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check Release Tag | |
| id: release_tag | |
| run: | | |
| if [[ "${GITHUB_REF}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "matched=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "matched=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up Go | |
| if: steps.release_tag.outputs.matched == 'true' | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25' | |
| - name: Install nfpm | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list | |
| sudo apt-get update | |
| sudo apt-get install -y rpm nfpm | |
| - name: Build binaries | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| mkdir -p dist | |
| # Linux builds | |
| # Tag versions | |
| VERSION=${GITHUB_REF#refs/tags/v} | |
| DATE=$(date -u '+%Y-%m-%dT%H:%M:%SZ') | |
| # Linux builds | |
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X main.version=$VERSION -X main.commit=$GITHUB_SHA -X main.date=$DATE" -o dist/altinity-mcp-linux-amd64 ./cmd/altinity-mcp | |
| CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-s -w -X main.version=$VERSION -X main.commit=$GITHUB_SHA -X main.date=$DATE" -o dist/altinity-mcp-linux-arm64 ./cmd/altinity-mcp | |
| # Darwin builds | |
| CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="-s -w -X main.version=$VERSION -X main.commit=$GITHUB_SHA -X main.date=$DATE" -o dist/altinity-mcp-darwin-amd64 ./cmd/altinity-mcp | |
| CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -ldflags="-s -w -X main.version=$VERSION -X main.commit=$GITHUB_SHA -X main.date=$DATE" -o dist/altinity-mcp-darwin-arm64 ./cmd/altinity-mcp | |
| # Windows builds | |
| CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -ldflags="-s -w -X main.version=$VERSION -X main.commit=$GITHUB_SHA -X main.date=$DATE" -o dist/altinity-mcp-windows-amd64.exe ./cmd/altinity-mcp | |
| CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -ldflags="-s -w -X main.version=$VERSION -X main.commit=$GITHUB_SHA -X main.date=$DATE" -o dist/altinity-mcp-windows-arm64.exe ./cmd/altinity-mcp | |
| - name: Create nfpm configs | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| # Create nfpm configuration for deb/rpm packages | |
| cat > nfpm.yaml << EOF | |
| name: altinity-mcp | |
| version: ${GITHUB_REF#refs/tags/v} | |
| maintainer: Altinity <[email protected]> | |
| description: Altinity MCP Server for ClickHouse | |
| vendor: Altinity Inc. | |
| homepage: https://altinity.com | |
| license: Apache 2.0 | |
| contents: | |
| - src: dist/altinity-mcp-linux-amd64 | |
| dst: /usr/bin/altinity-mcp | |
| file_info: | |
| mode: 0755 | |
| EOF | |
| - name: Create deb and rpm packages | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| # Linux AMD64 packages | |
| cp nfpm.yaml nfpm-amd64.yaml | |
| nfpm pkg --config nfpm-amd64.yaml --packager deb --target dist/altinity-mcp_${GITHUB_REF#refs/tags/}_linux_amd64.deb | |
| nfpm pkg --config nfpm-amd64.yaml --packager rpm --target dist/altinity-mcp_${GITHUB_REF#refs/tags/}_linux_amd64.rpm | |
| # Linux ARM64 packages | |
| cat nfpm.yaml | sed 's|amd64|arm64|' > nfpm-arm64.yaml | |
| nfpm pkg --config nfpm-arm64.yaml --packager deb --target dist/altinity-mcp_${GITHUB_REF#refs/tags/}_linux_arm64.deb | |
| nfpm pkg --config nfpm-arm64.yaml --packager rpm --target dist/altinity-mcp_${GITHUB_REF#refs/tags/}_linux_arm64.rpm | |
| - name: Create tar.gz archives | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| # Linux archives | |
| tar -czf dist/altinity-mcp_${GITHUB_REF#refs/tags/}_linux_amd64.tar.gz -C dist altinity-mcp-linux-amd64 | |
| tar -czf dist/altinity-mcp_${GITHUB_REF#refs/tags/}_linux_arm64.tar.gz -C dist altinity-mcp-linux-arm64 | |
| # Darwin archives | |
| tar -czf dist/altinity-mcp_${GITHUB_REF#refs/tags/}_darwin_amd64.tar.gz -C dist altinity-mcp-darwin-amd64 | |
| tar -czf dist/altinity-mcp_${GITHUB_REF#refs/tags/}_darwin_arm64.tar.gz -C dist altinity-mcp-darwin-arm64 | |
| - name: Create zip archives | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| # Windows archives | |
| cd dist && zip altinity-mcp_${GITHUB_REF#refs/tags/}_windows_amd64.zip altinity-mcp-windows-amd64.exe && cd - | |
| cd dist && zip altinity-mcp_${GITHUB_REF#refs/tags/}_windows_arm64.zip altinity-mcp-windows-arm64.exe && cd - | |
| - name: Check dist folder | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: ls -la dist | |
| - name: Install helm | |
| if: steps.release_tag.outputs.matched == 'true' | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: 'latest' | |
| - name: Update Helm chart version and package | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| # Switch to main branch to avoid detached HEAD state | |
| git fetch origin main | |
| git checkout main | |
| # Update Chart.yaml with the release version | |
| VERSION=${GITHUB_REF#refs/tags/v} | |
| sed -i "s/^version: .*/version: $VERSION/" helm/altinity-mcp/Chart.yaml | |
| sed -i "s/^appVersion: .*/appVersion: \"$VERSION\"/" helm/altinity-mcp/Chart.yaml | |
| # Commit updated Chart.yaml | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "GitHub Action" | |
| git add helm/altinity-mcp/Chart.yaml | |
| git commit -m "Update Helm chart version to $VERSION" | |
| git push origin main | |
| # Login to GitHub Container Registry | |
| echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin | |
| # Package and push Helm chart | |
| helm package helm/altinity-mcp --version $VERSION | |
| helm push altinity-mcp-$VERSION.tgz oci://ghcr.io/altinity/altinity-mcp/helm | |
| - name: Install Minikube | |
| if: steps.release_tag.outputs.matched == 'true' | |
| uses: medyagh/setup-minikube@master | |
| with: | |
| driver: docker | |
| container-runtime: containerd | |
| cpus: max | |
| memory: max | |
| - name: Verify Helm chart | |
| if: steps.release_tag.outputs.matched == 'true' | |
| run: | | |
| minikube start | |
| helm install altinity-mcp oci://ghcr.io/altinity/altinity-mcp/helm/altinity-mcp | |
| minikube stop | |
| - name: Extract changelog for latest version | |
| if: steps.release_tag.outputs.matched == 'true' | |
| id: changelog | |
| run: | | |
| # Extract changelog for the current version | |
| VERSION=${GITHUB_REF#refs/tags/v} | |
| awk '/^# / {s++} s == 1 {print}' CHANGELOG.md > latest_changelog.md | |
| # Create release notes | |
| cat > release_notes.md << EOF | |
| ## Altinity MCP Server v${VERSION} | |
| ### Release Notes | |
| $(cat latest_changelog.md) | |
| ### Docker | |
| \`\`\`bash | |
| docker run --rm ghcr.io/altinity/altinity-mcp:${VERSION} altinity-mcp --help | |
| \`\`\` | |
| ### Helm | |
| \`\`\`bash | |
| helm install altinity-mcp oci://ghcr.io/altinity/altinity-mcp/helm/altinity-mcp -n <your-namespace> -f <your-values.yaml> | |
| \`\`\` | |
| EOF | |
| - name: Create draft release | |
| if: steps.release_tag.outputs.matched == 'true' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: Release ${{ github.ref_name }} | |
| tag_name: ${{ github.ref_name }} | |
| body_path: release_notes.md | |
| draft: true | |
| fail_on_unmatched_files: true | |
| files: | | |
| dist/altinity-mcp_${{ github.ref_name }}_linux_amd64.deb | |
| dist/altinity-mcp_${{ github.ref_name }}_linux_amd64.rpm | |
| dist/altinity-mcp_${{ github.ref_name }}_linux_amd64.tar.gz | |
| dist/altinity-mcp_${{ github.ref_name }}_linux_arm64.deb | |
| dist/altinity-mcp_${{ github.ref_name }}_linux_arm64.rpm | |
| dist/altinity-mcp_${{ github.ref_name }}_linux_arm64.tar.gz | |
| dist/altinity-mcp_${{ github.ref_name }}_darwin_amd64.tar.gz | |
| dist/altinity-mcp_${{ github.ref_name }}_darwin_arm64.tar.gz | |
| dist/altinity-mcp_${{ github.ref_name }}_windows_amd64.zip | |
| dist/altinity-mcp_${{ github.ref_name }}_windows_arm64.zip | |
| token: ${{ secrets.GITHUB_TOKEN }} |