cli_release #101
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release Snyk DXT | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| cli_version: | |
| description: 'Snyk CLI version to use for the build and release (e.g., v1.0.0)' | |
| required: true | |
| type: string | |
| repository_dispatch: | |
| types: [ cli_release ] | |
| jobs: | |
| build-and-release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| if: ${{ !contains(github.event.client_payload.cli_version || inputs.cli_version, '-') }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| - name: Make build script executable | |
| run: chmod +x build-dxt.sh | |
| - name: Run build script | |
| env: | |
| CLI_VERSION: ${{ github.event.client_payload.cli_version || inputs.cli_version }} | |
| run: ./build-dxt.sh "$CLI_VERSION" "./dist" | |
| - name: Verify build artifacts | |
| run: | | |
| ls -la ./dist/ | |
| echo "snyk.dxt size: $(stat -c%s ./dist/snyk.dxt) bytes" | |
| echo "SHA256 from file:" | |
| cat ./dist/snyk.dxt.sha256 | |
| echo "" | |
| echo "Verifying SHA256 checksum..." | |
| cd ./dist | |
| if sha256sum -c snyk.dxt.sha256; then | |
| echo "✅ SHA256 verification passed" | |
| else | |
| echo "❌ SHA256 verification failed" | |
| exit 1 | |
| fi | |
| - name: Create Release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| CLI_VERSION: ${{ github.event.client_payload.cli_version || inputs.cli_version }} | |
| run: | | |
| # Create release with GitHub CLI | |
| gh release create "$CLI_VERSION" \ | |
| --title "$CLI_VERSION" \ | |
| --notes "Snyk DXT built with CLI version $CLI_VERSION" \ | |
| ./dist/snyk.dxt \ | |
| ./dist/snyk.dxt.sha256 | |
| - name: Install MCP Publisher | |
| run: | | |
| curl -L "https://github.com/modelcontextprotocol/registry/releases/download/v1.0.0/mcp-publisher_1.0.0_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher | |
| - name: Login to MCP Registry | |
| env: | |
| KEY_PEM: ${{ secrets.MCP_PRIVATE_KEY }} | |
| run: | | |
| printf '%s' "$KEY_PEM" > key.pem | |
| ./mcp-publisher login dns --domain snyk.io --private-key $(openssl pkey -in key.pem -noout -text | grep -A3 "priv:" | tail -n +2 | tr -d ' :\n') | |
| rm key.pem | |
| - name: Publish to MCP Registry | |
| env: | |
| CLI_VERSION: ${{ github.event.client_payload.cli_version || inputs.cli_version }} | |
| run: | | |
| # Inject version into server.json before publishing | |
| jq --arg v "$CLI_VERSION" '.version=$v | .packages[0].version=$v' server.json > server.json.tmp && mv server.json.tmp server.json | |
| ./mcp-publisher publish |