deps: bump axios from 1.13.2 to 1.13.4 in /src/web #100
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ${{ vars.ACR_LOGIN_SERVER }} | |
| API_IMAGE_NAME: mcp-api | |
| WEB_IMAGE_NAME: mcp-web | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '9.0.x' | |
| - name: Restore dependencies | |
| run: dotnet restore | |
| - name: Build | |
| run: dotnet build --no-restore --configuration Release | |
| - name: Check for vulnerable packages | |
| run: | | |
| dotnet list package --vulnerable --include-transitive 2>&1 | tee vulnerability-report.txt | |
| if grep -q "has the following vulnerable packages" vulnerability-report.txt; then | |
| echo "::warning::Vulnerable packages detected. Review vulnerability-report.txt" | |
| fi | |
| - name: Test with coverage | |
| run: | | |
| dotnet test --no-build --configuration Release \ | |
| --collect:"XPlat Code Coverage" \ | |
| --results-directory ./coverage | |
| - name: Generate coverage report | |
| uses: danielpalme/ReportGenerator-GitHub-Action@5 | |
| with: | |
| reports: coverage/**/coverage.cobertura.xml | |
| targetdir: coverage/report | |
| reporttypes: Cobertura;MarkdownSummaryGithub | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| files: coverage/**/coverage.cobertura.xml | |
| fail_ci_if_error: false | |
| verbose: true | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Add coverage PR comment | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| if: github.event_name == 'pull_request' | |
| continue-on-error: true # Dependabot PRs don't have permission to post comments | |
| with: | |
| recreate: true | |
| path: coverage/report/SummaryGithub.md | |
| build-web: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: src/web | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'npm' | |
| cache-dependency-path: src/web/package-lock.json | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Lint | |
| run: npm run lint | |
| - name: Build | |
| run: npm run build | |
| env: | |
| NEXT_PUBLIC_API_URL: ${{ vars.NEXT_PUBLIC_API_URL || 'http://localhost:5000' }} | |
| docker-build: | |
| needs: [build-and-test, build-web] | |
| runs-on: ubuntu-latest | |
| # Only run if on main branch AND secrets are configured | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' && vars.ACR_LOGIN_SERVER != '' | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Azure Container Registry | |
| uses: azure/docker-login@v2 | |
| with: | |
| login-server: ${{ vars.ACR_LOGIN_SERVER }} | |
| username: ${{ secrets.ACR_USERNAME }} | |
| password: ${{ secrets.ACR_PASSWORD }} | |
| - name: Extract metadata for API image | |
| id: meta-api | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.API_IMAGE_NAME }} | |
| tags: | | |
| type=sha,format=long | |
| type=raw,value=latest | |
| - name: Build and push API image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta-api.outputs.tags }} | |
| labels: ${{ steps.meta-api.outputs.labels }} | |
| - name: Extract metadata for Web image | |
| id: meta-web | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.WEB_IMAGE_NAME }} | |
| tags: | | |
| type=sha,format=long | |
| type=raw,value=latest | |
| - name: Build and push Web image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./src/web | |
| file: ./src/web/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta-web.outputs.tags }} | |
| labels: ${{ steps.meta-web.outputs.labels }} | |
| build-args: | | |
| NEXT_PUBLIC_API_URL=${{ vars.NEXT_PUBLIC_API_URL }} | |
| deploy: | |
| needs: docker-build | |
| runs-on: ubuntu-latest | |
| # Only run if docker-build succeeded (not skipped) | |
| if: needs.docker-build.result == 'success' | |
| environment: production | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Login to Azure | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Deploy API to Azure Container Apps | |
| run: | | |
| az containerapp update \ | |
| --name ${{ vars.API_CONTAINER_APP_NAME }} \ | |
| --resource-group ${{ vars.AZURE_RESOURCE_GROUP }} \ | |
| --image ${{ vars.ACR_LOGIN_SERVER }}/mcp-api:${{ github.sha }} | |
| - name: Deploy Web to Azure Container Apps | |
| run: | | |
| az containerapp update \ | |
| --name ${{ vars.WEB_CONTAINER_APP_NAME }} \ | |
| --resource-group ${{ vars.AZURE_RESOURCE_GROUP }} \ | |
| --image ${{ vars.ACR_LOGIN_SERVER }}/mcp-web:${{ github.sha }} |