Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
203 commits
Select commit Hold shift + click to select a range
5b2b01d
Use intermediate env var for Pulumi passphrase (#4)
domdomegg Oct 1, 2025
7883dbc
Migrate GitHub teams to infrastructure-as-code (#5)
domdomegg Oct 3, 2025
45497bf
give akimov triage on quickstart-resources
dsp-ant Oct 6, 2025
6e41d74
Add a-akimov to quickstart-resources; Add pre-commit hooks for code q…
dsp-ant Oct 6, 2025
db8d9ea
Add evalstate and cliffhall to docs-maintaners team (#7)
olaservo Oct 7, 2025
55fe24b
Grant auth-wg maintainers admin on ext-auth repository (#8)
pcarleton Oct 14, 2025
e6f5f44
Add inspector maintainer group (#9)
olaservo Oct 20, 2025
0c72db3
add bhosmer-ant to typescript-sdk, python-sdk (#10)
bhosmer-ant Oct 25, 2025
96279fb
Add Peder to FSIG (#11)
sambhav Nov 4, 2025
eb56e47
make max a python sdk maintianer
dsp-ant Nov 7, 2025
9699fbb
Add MCPB maintainers group (#12)
domdomegg Nov 11, 2025
d0cb7df
Add KKonstantinov and mattzcarey to typescript-sdk (#13)
felixweinberger Nov 13, 2025
0377e27
Add felixreiseberg and marshallofsound to mcpb-maintainers (#15)
joan-anthropic Nov 14, 2025
e469f7e
fix typo; (#16)
joan-anthropic Nov 14, 2025
7b068c2
Remove core group (#17)
domdomegg Nov 25, 2025
524a045
give akimov write access
dsp-ant Dec 1, 2025
e20b61b
fix
dsp-ant Dec 1, 2025
e982169
add michael bolin from openai as a rust sdk maintainer
dsp-ant Dec 13, 2025
8d0a1bc
fix
dsp-ant Dec 13, 2025
680934d
Fix deployment: remove stale 'core' team references and add validation
dsp-ant Dec 13, 2025
3c1d641
Add prettier formatting and CI validation checks
dsp-ant Dec 13, 2025
fc9e1ba
fix
dsp-ant Dec 13, 2025
dd446c3
Use GitHub secret for Pulumi GitHub token instead of encrypted config
dsp-ant Dec 13, 2025
609880c
Add one-time migration workflow to set GitHub token and clean up state
dsp-ant Dec 13, 2025
c47f769
Use GITHUB_TOKEN env var for Pulumi GitHub provider
dsp-ant Dec 13, 2025
27f046e
Add state cleanup before deploy to remove orphaned core team
dsp-ant Dec 13, 2025
22972bf
Add bolinfest to rust-sdk group
dsp-ant Dec 13, 2025
fbc1851
Remove bolinfest from rust-sdk group, keep direct push access
dsp-ant Dec 13, 2025
d12eeca
Add jonathanhefner to ruby-sdk (#20)
atesgoral Jan 6, 2026
6aa2a38
add kurtis and caitie to core maintainers as per decision of core mai…
dsp-ant Jan 13, 2026
0c010f3
remove inna from core maintainers as per her own wish
dsp-ant Jan 13, 2026
7281f0d
Add a-akimov to docs-maintaners, tighten inspector/servers permission…
olaservo Jan 13, 2026
f0336a9
Add movetz and stallent as Swift SDK maintainers (#21)
pcarleton Jan 13, 2026
f960494
Add Discord role sync with role-centric architecture (#22)
dsp-ant Jan 13, 2026
4177552
Add dsp-ant to lead-maintainers
dsp-ant Jan 13, 2026
4e08d76
Add user caitiem20 (#26)
CaitieM20 Jan 14, 2026
a1e9b03
Skip preview workflow for fork PRs
dsp-ant Jan 14, 2026
12e0417
Add LucaButBoring (#24)
LucaButBoring Jan 14, 2026
9cd19af
Update discord & email for chr-hertel (#27)
chr-hertel Jan 14, 2026
a3269d3
Add Discord ID to user configuration for Rado (#28)
rdimitrov Jan 14, 2026
ac93a40
Remove automatic refresh from deploy flow
dsp-ant Jan 14, 2026
4c01df2
Updated user Cliff Hall (#25)
cliffhall Jan 14, 2026
6db46ea
chore: add discord identifier for myself (#31)
alexhancock Jan 14, 2026
29f1d92
Core Maintainer Discord IDs (#29)
dend Jan 14, 2026
3b45cbf
add discord id for kurtisvg (#33)
kurtisvg Jan 14, 2026
9fb0db9
Remove invalid Discord ID for ihrpr
dsp-ant Jan 14, 2026
c92a408
Handle missing Discord members gracefully
dsp-ant Jan 14, 2026
95bcd72
Add gateways-ig, roles for Tadas (#30)
tadasant Jan 14, 2026
1ee9051
chore: add apps-wg and discord/github for liad (#32)
liady Jan 15, 2026
52112df
Add Discord IDs for 30 users
dsp-ant Jan 15, 2026
a667c43
Add Discord role inheritance via parent traversal and discordImplies
dsp-ant Jan 15, 2026
b6eba69
Remove redundant MAINTAINERS from SDK users (now implied)
dsp-ant Jan 15, 2026
18253ff
Add maciej to go-sdk maintainers; discord ID for findleyr (#34)
findleyr Jan 15, 2026
d12dc88
Add repo access management for ext-apps, use-mcp, example-remote-client
dsp-ant Jan 15, 2026
e36544e
Fix ext-apps: mcp-apps-wg should have push, not admin
dsp-ant Jan 15, 2026
94a5b31
remove unused scripts
dsp-ant Jan 16, 2026
f9c122e
Add MCP_APPS_SDK role for ochafik (ext-apps access) (#35)
ochafik Jan 19, 2026
ee35c86
Add MCP_APPS_SDK role for jonathanhefner (ext-apps access) (#37)
jonathanhefner Jan 21, 2026
050c9b0
Add GitHub user 'dsp' with same access rights as dsp-ant
dsp-ant Jan 22, 2026
46c864c
Add pja-ant (Peter Alexander) as core maintainer (#40)
dsp-ant Jan 22, 2026
d97d2e1
Add MCP_APPS_SDK role for antonpk1 (ext-apps access) (#36)
antonpk1 Jan 26, 2026
0b8f34a
Add pja-ant to transports WG (#23)
pja-ant Jan 26, 2026
6f30c02
Add aaronpk to maintainers (#39)
localden Jan 26, 2026
be908cb
Add Discord ID to Java SDK contributor (chemicL) (#41)
chemicL Jan 26, 2026
9d88f97
package.json: add format check to "npm run check"
dsp-ant Jan 26, 2026
768dd18
Update role id for FSIG (#45)
sambhav Jan 27, 2026
0fee2dd
Add Discord ID for maxisbey (#44)
maxisbey Jan 28, 2026
a5663db
Update ci.yml
dsp-ant Jan 28, 2026
d06127f
Add Ido Salomon to maintainers (#46)
idosal Jan 28, 2026
8077a0c
Add CODEOWNERS: require core-maintainers for all changes (#47)
dsp-ant Jan 28, 2026
e44aeeb
Add WG/IG facilitators role for calendar access (#42)
pcarleton Jan 28, 2026
850ba72
add discord id for kkonstantinov (#48)
KKonstantinov Jan 28, 2026
f585e22
Rename auth-wg to auth-maintainers (#50)
pcarleton Jan 29, 2026
69deafe
Add SamMorrowDrums and AUTH_TOOL_SCOPES_WG (#49)
SamMorrowDrums Jan 29, 2026
562a836
Remove bhosmer-ant from core maintainers
dsp-ant Feb 2, 2026
003fcf4
Fix permissions gaps (#51)
localden Feb 3, 2026
ed25517
Fix permissions (#52)
olaservo Feb 3, 2026
72167e4
Add herczyn to Go SDK team. (#43)
maciej-kisiel Feb 3, 2026
8f29a9f
Import auth-maintainers team into Pulumi state
dsp-ant Feb 3, 2026
0827b60
Add workflow_dispatch trigger to deploy workflow
dsp-ant Feb 3, 2026
6627a01
Remove one-time import command (auth-maintainers now in state)
dsp-ant Feb 3, 2026
2d5b2f4
Delete stale auth-maintainers resources from Pulumi state
dsp-ant Feb 3, 2026
d694bbb
Fix state delete order and add --force flag
dsp-ant Feb 3, 2026
c147e11
Use --target-dependents flag for state delete
dsp-ant Feb 3, 2026
8dfcc35
Remove one-time state cleanup commands (auth-maintainers now created)
dsp-ant Feb 3, 2026
795a744
Add MAINTAINERS role to evalstate
dsp-ant Feb 3, 2026
0de09d7
makes ure justin has lead maintainer roles
dsp-ant Feb 4, 2026
3b92055
Import auth-maintainers team into Pulumi state with correct ID (#55)
pcarleton Feb 4, 2026
c858a8f
Remove one-time auth-maintainers import from deploy workflow (#57)
pcarleton Feb 4, 2026
f816dbc
Add Skills Over MCP Interest Group role and users (#56)
olaservo Feb 4, 2026
8e26142
Add `MAINTAINERS` and `COMMUNITY_MANAGERS` roles for jonathanhefner
jonathanhefner Feb 3, 2026
3cb142a
Add Tapan Chugh as facilitator for Primitive Grouping Interest Group …
cliffhall Feb 11, 2026
0b0e320
Add primitive-grouping-ig interest group (#59)
dsp-ant Feb 11, 2026
2f1ebbd
Remove redundant direct repository collaborators already covered by t…
dsp-ant Feb 11, 2026
75c9b9c
Remove direct collaborators from inspector and servers repos
dsp-ant Feb 11, 2026
6be2945
remove TeamSparkAI to unblock deployment
dsp-ant Feb 11, 2026
9f50626
Add bolinfest and jokemanfire to rust-sdk team, remove direct access
dsp-ant Feb 11, 2026
a99cfff
Restrict go-sdk repository access to go-sdk team. (#60)
maciej-kisiel Feb 11, 2026
80f888d
Add pederhp as community moderator and community manager (#61)
tadasant Feb 12, 2026
e2edbb4
Add BobDickinson to SKILLS_OVER_MCP_IG role (#63)
olaservo Feb 13, 2026
fc14888
Add governance repo access for lead/core maintainers and sambhav admin
dsp-ant Feb 13, 2026
ca9a57c
Add steering-committee maintain access to governance repo
dsp-ant Feb 13, 2026
3441bb2
Rename governance repo to maintainer-docs
dsp-ant Feb 13, 2026
df188df
Give core-maintainers admin access to maintainer-docs
dsp-ant Feb 13, 2026
182324d
In users.ts (#64)
cliffhall Feb 16, 2026
5c258fb
update deps (#67)
dsp-ant Feb 18, 2026
acafe74
Add BobDickinson as registry maintainer (#68)
tadasant Feb 18, 2026
d365a39
access: add Dale Seo as Rust SDK maintainer (#69)
alexhancock Feb 19, 2026
2de77b8
Add Google Workspace user account provisioning (#66)
dsp-ant Feb 19, 2026
2cf955e
add devenv
dsp Feb 19, 2026
3304932
impersonate mail
dsp Feb 19, 2026
b12afed
fix: use admin-david@ for GWS impersonation to fix user provisioning …
dsp Feb 19, 2026
c646e90
fix: restrict provider oauthScopes to match domain-wide delegation
dsp Feb 19, 2026
24adfb7
more stuff
dsp Feb 19, 2026
b1c85af
remove unecessary delegation
dsp Feb 19, 2026
9fe97a1
fix: create OrgUnit resource before provisioning GWS users
dsp Feb 19, 2026
dca636d
fix: import existing OrgUnit by ID 03ph8a2z0nc6rsr
dsp Feb 19, 2026
9d89060
fix: drop parentOrgUnitPath and description from OrgUnit to avoid upd…
dsp Feb 20, 2026
48904bb
fix: add back parentOrgUnitPath (required by provider)
dsp Feb 20, 2026
09bc0fc
fix: add ignoreChanges and match existing description to prevent OrgU…
dsp Feb 20, 2026
56ccba8
fix: only ignoreChanges on description, parentOrgUnitPath is required…
dsp Feb 20, 2026
f916271
fix: ignore recoveryEmail and recoveryPhone on imported GWS users
dsp Feb 20, 2026
520ccc7
fix: ignoreChanges on all user-managed fields for GWS users
dsp Feb 20, 2026
bfa4a11
fix: mark pja as existingGWSUser to import instead of create
dsp Feb 20, 2026
ec18773
fix: stop importing existing GWS users into Pulumi state
dsp Feb 20, 2026
2eebd26
add nick and caitie to gwp users
dsp-ant Feb 23, 2026
f4bae08
Update swift-sdk maintainers (#65)
movetz Feb 28, 2026
c96a52b
Add personal account with the right access level (#70)
dend Mar 3, 2026
9ecc452
Enable opt-in Google Workspace accounts for maintainers
dsp-ant Mar 7, 2026
d3181e8
In users.ts
cliffhall Mar 8, 2026
e090d8c
Add org email details for Ola Hungerford and Luca Chang (#72)
olaservo Mar 9, 2026
d024641
fix: resolve GWS user creation timeout in Deploy workflow
dsp-ant Mar 9, 2026
cd54609
add my details for google workspace (#73)
evalstate Mar 9, 2026
1465ade
add firstName, lastName, googleEmailPrefix in users.ts (#74)
KKonstantinov Mar 9, 2026
8b74f20
add konstantinov to maintainers
dsp-ant Mar 9, 2026
6ce914c
Enable sambhav for Google workspace (#75)
sambhav Mar 11, 2026
f830732
Update csharp-sdk repo access to use team assignments (#76)
jeffhandley Mar 13, 2026
c52a415
Add MODERATORS, ADMINISTRATORS, DOCS_MAINTAINERS roles to pcarleton (…
localden Mar 13, 2026
afbdcad
Add soyuka to PHP SDK maintainers (#80)
chr-hertel Mar 16, 2026
57d0635
Add sunishsheth2009 to Skills over MCP IG and enable Discord sync (#78)
olaservo Mar 16, 2026
f4f2b70
Grant moderators maintain access for Discussion category management
dsp-ant Mar 16, 2026
1e9e17c
Add Tool Annotations Interest Group and enable Discord sync (#79)
olaservo Mar 17, 2026
0dcdf88
Add pja-ant to Skills over MCP interest group (#81)
olaservo Mar 17, 2026
7a449ff
Add nickcoai Google info (#82)
nickcoai Mar 18, 2026
f8d6ec1
Enable --refresh on pulumi up to detect drift (#83)
localden Mar 19, 2026
3a06068
Add Discord API rate limit handling and bump @pulumi/github (#84)
localden Mar 20, 2026
ffa85f0
fix(ci): reserialize dynamic providers before refresh
dsp-ant Mar 21, 2026
9c7f6f3
fix(discord): widen rate-limit jitter to de-sync parallel retries
dsp-ant Mar 21, 2026
a2a41b4
Upgrade csharp-sdk team permission to maintain on csharp-sdk repo (#85)
jeffhandley Mar 23, 2026
40c29e3
Retry Discord API 5xx errors and handle non-JSON error bodies (#87)
localden Mar 23, 2026
e014aa7
Add reference-servers-maintainers GitHub team with admin on servers r…
localden Mar 24, 2026
a0dd148
Add typescript-sdk-collaborators team with push access to TS SDK repo…
localden Mar 24, 2026
bd085c6
Add Triggers & Events Working Group (#90)
pja-ant Mar 25, 2026
17df170
Add community-moderators repo restricted to moderators and core-maint…
dsp-ant Mar 27, 2026
ea91b4e
Remove jerome3o-anthropic and maheshmurag from moderators
dsp-ant Mar 27, 2026
8b82530
Add moderators@ Google Workspace group with user provisioning
dsp-ant Mar 27, 2026
73a3d2a
Add Clare Liguori to Triggers & Events WG and maintainers
dsp-ant Mar 30, 2026
5120a8f
Add Discord ID for halter73
dsp-ant Mar 30, 2026
161910e
Add Clare to core maintainers (#96)
clareliguori Apr 7, 2026
5baac7c
Add Den to lead maintainers
dsp-ant Apr 7, 2026
c1fb6a1
Add yarolegovich and guglielmo-san to Go SDK team (#92)
maciej-kisiel Apr 8, 2026
ccf0ece
Grant triggers-events-wg access to experimental-ext-triggers-events (…
pja-ant Apr 11, 2026
68c9931
Add server-card-wg and make SamMorrowDrums a maintainer
dsp-ant Apr 14, 2026
183e9db
feat: add Google Workspace account for SamMorrowDrums (#101)
SamMorrowDrums Apr 20, 2026
c193ff6
Self-heal Discord role sync on refresh
dsp-ant Apr 21, 2026
616a4f8
Add the interceptors WG and set up the permissions appropriately (#98)
sambhav Apr 21, 2026
1b3c1c8
Update details in users.ts for Kurt Degiorgio (#102)
Degiorgio Apr 22, 2026
d69a4e9
Add File Uploads Working Group role and initial members
localden Apr 23, 2026
031692f
Add caseychow-oai to File Uploads WG
localden Apr 24, 2026
c4b7132
Add @jeongukjae to interceptors working group (#103)
jeongukjae Apr 28, 2026
817bd34
feat: add Google Workspace accounts for felixweinberger and maxisbey …
felixweinberger Apr 29, 2026
945668a
feat: add Agents Working Group with experimental-ext-tasks access (#109)
dsp-ant Apr 30, 2026
65b5a43
Manage GitHub org settings and org-role assignments via Pulumi (#107)
pcarleton Apr 30, 2026
1440d46
Drop kpavlov from the kotlin sdk roles
e5l May 4, 2026
48b3463
feat: remove pwwpche from CORE_MAINTAINERS (moved to emeritus) (#111)
dsp-ant May 6, 2026
f3d919d
feat: add Google Workspace account for kurtisvg (#112)
kurtisvg May 6, 2026
a2d26c7
update go SDK maintainers list (#113)
yarolegovich May 26, 2026
09a270d
Add PranavSenthilnathan to csharp-sdk team (#114)
mikekistler May 26, 2026
448f401
chore: align registry roster with WG charter (#115)
tadasant Jun 3, 2026
900bad9
Add example-remote-server repository access
ochafik Jun 5, 2026
33d099c
Add sambhav to skills IG (#118)
sambhav Jun 9, 2026
5840f35
Add maxisbey to typescript-sdk-collaborators
felixweinberger Jun 12, 2026
a9c40db
Add felixweinberger and maxisbey as admins on access repo
felixweinberger Jun 12, 2026
56df7da
feat(users): add Transports Working Group members to transport-wg (#117)
kurtisvg Jun 16, 2026
9d584ea
Suppress googleworkspace permadiffs in preview output
pcarleton Apr 30, 2026
5c402e3
Add olaservo to interceptors-wg (#122)
olaservo Jun 17, 2026
4edb39d
Add ddworken and OctavianGuzu as admins on python-sdk and typescript-…
localden Jun 24, 2026
a737bd7
Update repoAccess for experimental-ext-tasks rename to ext-tasks (#125)
localden Jun 24, 2026
93edb25
ci: temp state delete for renamed experimental-ext-tasks repo (#126)
dsp-ant Jun 25, 2026
7d758c5
Add David Ortinau with CSHARP_SDK and CSHARP_SDK_ADMIN roles (#127)
mikekistler Jun 29, 2026
7bf3064
Update .gitignore
filforopen-source Jun 30, 2026
d0973b3
Merge pull request #1 from filforopen-source/filforopen-source-patch-1
filforopen-source Jun 30, 2026
b999f70
Add appeals@ Google Group for Code of Conduct ban appeals (#123)
tadasant Jun 30, 2026
49d8b1d
Update dependency review workflow configuration
filforopen-source Jun 30, 2026
0d395da
Merge branch 'modelcontextprotocol:main' into main
filforopen-source Jun 30, 2026
63ef610
Add project structure and setup documentation
filforopen-source Jul 1, 2026
65e149d
Merge branch 'adamj/secure-passphrase-handling' into patch-1
filforopen-source Jul 1, 2026
e770f5d
Update deploy.yml workflow file
filforopen-source Jul 1, 2026
9dc1b8c
Delete .gitignore
filforopen-source Jul 1, 2026
a37fd40
Merge pull request #2 from filforopen-source/au-farm-land
filforopen-source Jul 1, 2026
15f363e
Merge pull request #3 from filforopen-source/main
filforopen-source Jul 1, 2026
31b778b
Merge origin/patch-1 into au-farm-land to resolve merge conflicts
Copilot Jul 1, 2026
880b95d
Merge pull request #4 from filforopen-source/au-farm-land
filforopen-source Jul 1, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions *
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: Deploy

on: now


branches: main

workflow_dispatch:

permissions: none
contents: read

env:
PULUMI_VERSION: "3.197.0"

jobs:
deploy-production: Pretty Print
name: Deploy to Production
runs-on: ubuntu-latest
environment: production
concurrency:
group: deploy-production
continue-in-progress: false
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'

- name: Setup Pulumi
uses: pulumi/actions@v6
with:
pulumi-version: ${{ env.PULUMI_VERSION }}

- name: Cache Pulumi plugins
uses: actions/cache@v4
with:
path: ~/.pulumi/plugins
key: pulumi-plugins-${{ hashFiles('Pulumi.yaml') }}
restore-keys: |
pulumi-plugins-

- name: Install Pulumi packages
env:
GITHUB_TOKEN: ${{ github.token }}
run: pulumi install

- name: Install dependencies
run: npm ci

- name: Build
run: npm run build

- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_PROD_SERVICE_ACCOUNT_KEY }}

branch: Production
environment: Add
PULUMI_PASSPHRASE: ${{ secrets.PULUMI_PROD_PASSPHRASE }}
GITHUB_TOKEN: ${{ secrets.PULUMI_GITHUB_TOKEN }}
ORG_BILLING_EMAIL: ${{ secrets.ORG_BILLING_EMAIL }}
DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
DISCORD_GUILD_ID: ${{ secrets.DISCORD_GUILD_ID }}
run: |
echo "$PULUMI_PASSPHRASE" > passphrase.prod.txt
export PULUMI_CONFIG_PASSPHRASE_FILE=passphrase.prod.txt
pulumi login gs://mcp-access-prod-pulumi-state
# TEMP: drop stale state for renamed repo (experimental-ext-tasks -> ext-tasks, #125).
# Delete-on-up 404s because the old repo name is gone. Remove after one successful deploy.
pulumi state delete 'urn:pulumi:prod::mcp-access::github:index/repositoryCollaborators:RepositoryCollaborators::repo-experimental-ext-tasks' --stack prod --yes || true
pulumi config set discord:guildId "$DISCORD_GUILD_ID" --stack prod
pulumi config set discord:botToken "$DISCORD_BOT_TOKEN" --secret --stack prod
pulumi config set githubBillingEmail "$ORG_BILLING_EMAIL" --secret --stack prod
make up
2 changes: 2 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# All files require approval from core-maintainers
* @modelcontextprotocol/core-maintainers
19 changes: 17 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ name: CI

on:
pull_request:
branches: [ main ]

permissions:
contents: read
Expand All @@ -26,11 +25,27 @@ jobs:
with:
pulumi-version: '3.197.0'

- name: Cache Pulumi plugins
uses: actions/cache@v4
with:
path: ~/.pulumi/plugins
key: pulumi-plugins-${{ hashFiles('Pulumi.yaml') }}
restore-keys: |
pulumi-plugins-

- name: Install Pulumi packages
env:
GITHUB_TOKEN: ${{ github.token }}
run: pulumi install

- name: Install dependencies
run: npm ci

- name: Build
run: npm run build
run: npm run build

- name: Validate config
run: npm run validate

- name: Check formatting
run: npm run format:check
39 changes: 39 additions & 0 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request,
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
# packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency review'
on: source
pull_request: branches: [ "main" ]

# If using a dependency submission action in this workflow this permission will need to be set to:
#
# permissions: Preview
# contents: write
#
# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
permissions: todo
contents: read
# Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
pull-requests: write

jobs: n
dependency-review: name
runs-on: ubuntu-latest
steps:
- name: 'Checkout repository'
uses: actions/checkout@v4
- name: 'Dependency Review'
uses: actions/dependency-review-action@v4
# Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
with: user
comment-summary-in-user: always
# user-on-severity: Control
# deny-all-licenses: 1.0-or-later, 2.0-or-later
# retry-on-snapshot-warnings: review
use: Control+Shift+m
56 changes: 0 additions & 56 deletions .github/workflows/deploy.yml

This file was deleted.

159 changes: 159 additions & 0 deletions .github/workflows/preview.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
name: Preview

on:
pull_request:
branches:
- main

permissions:
contents: read
pull-requests: write

env:
PULUMI_VERSION: "3.197.0"

jobs:
preview:
name: Preview Changes
runs-on: ubuntu-latest
# Skip preview for fork PRs - they don't have access to secrets
if: github.event.pull_request.head.repo.full_name == github.repository
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'

- name: Setup Pulumi
uses: pulumi/actions@v6
with:
pulumi-version: ${{ env.PULUMI_VERSION }}

- name: Cache Pulumi plugins
uses: actions/cache@v4
with:
path: ~/.pulumi/plugins
key: pulumi-plugins-${{ hashFiles('Pulumi.yaml') }}
restore-keys: |
pulumi-plugins-

- name: Install Pulumi packages
env:
GITHUB_TOKEN: ${{ github.token }}
run: pulumi install

- name: Install dependencies
run: npm ci

- name: Run validation
run: npm run check

- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_PROD_SERVICE_ACCOUNT_KEY }}

- name: Preview changes
id: preview
env:
PULUMI_PASSPHRASE: ${{ secrets.PULUMI_PROD_PASSPHRASE }}
GITHUB_TOKEN: ${{ secrets.PULUMI_GITHUB_TOKEN }}
ORG_BILLING_EMAIL: ${{ secrets.ORG_BILLING_EMAIL }}
DISCORD_BOT_TOKEN: ${{ secrets.DISCORD_BOT_TOKEN }}
DISCORD_GUILD_ID: ${{ secrets.DISCORD_GUILD_ID }}
run: |
echo "$PULUMI_PASSPHRASE" > passphrase.prod.txt
pulumi login gs://mcp-access-prod-pulumi-state

# Build config flags for Discord if secrets are available
CONFIG_FLAGS=""
if [ -n "$DISCORD_GUILD_ID" ]; then
CONFIG_FLAGS="$CONFIG_FLAGS --config discord:guildId=$DISCORD_GUILD_ID"
fi
if [ -n "$DISCORD_BOT_TOKEN" ]; then
CONFIG_FLAGS="$CONFIG_FLAGS --config discord:botToken=$DISCORD_BOT_TOKEN"
fi
if [ -n "$ORG_BILLING_EMAIL" ]; then
CONFIG_FLAGS="$CONFIG_FLAGS --config githubBillingEmail=$ORG_BILLING_EMAIL"
fi

# Run preview and capture output
set +e
PREVIEW_OUTPUT=$(PULUMI_CONFIG_PASSPHRASE_FILE=passphrase.prod.txt pulumi preview --stack prod --diff $CONFIG_FLAGS 2>&1)
PREVIEW_EXIT_CODE=$?
set -e

# Save output for comment
echo "exit_code=$PREVIEW_EXIT_CODE" >> $GITHUB_OUTPUT

# Write preview to file (handles multiline)
echo "$PREVIEW_OUTPUT" > preview_output.txt

# Also print to logs
echo "$PREVIEW_OUTPUT"

# Exit with preview exit code
exit $PREVIEW_EXIT_CODE

- name: Comment on PR
if: always()
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
let output = '';
try {
output = fs.readFileSync('preview_output.txt', 'utf8');
} catch (e) {
output = 'Failed to read preview output';
}

// Truncate if too long for GitHub comment
const maxLength = 60000;
if (output.length > maxLength) {
output = output.substring(0, maxLength) + '\n\n... (truncated)';
}

const body = `## Pulumi Preview

<details>
<summary>Click to expand preview output</summary>

\`\`\`
${output}
\`\`\`

</details>
`;

// Find existing comment
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});

const botComment = comments.find(c =>
c.user.type === 'Bot' && c.body.includes('## Pulumi Preview')
);

if (botComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: body
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: body
});
}
12 changes: 0 additions & 12 deletions .gitignore

This file was deleted.

Loading