chore: warn about insecure httpHost usage - MCP-184 (#541) #252
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| outputs: | |
| VERSION_EXISTS: ${{ steps.check-version.outputs.VERSION_EXISTS }} | |
| VERSION: ${{ steps.get-version.outputs.VERSION }} | |
| RELEASE_CHANNEL: ${{ steps.npm-tag.outputs.RELEASE_CHANNEL }} | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version-file: package.json | |
| registry-url: "https://registry.npmjs.org" | |
| cache: "npm" | |
| - name: Get version | |
| id: get-version | |
| shell: bash | |
| run: | | |
| set +e | |
| VERSION=v$(jq -r '.version' < package.json) | |
| echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT" | |
| - name: Check if version already exists | |
| id: check-version | |
| shell: bash | |
| run: | | |
| set +e | |
| git rev-parse "${{ steps.get-version.outputs.VERSION }}" >/dev/null 2>&1 | |
| if [[ $? -eq 0 ]]; then | |
| echo "VERSION_EXISTS=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "VERSION_EXISTS=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Get npm tag | |
| id: npm-tag | |
| shell: bash | |
| run: | | |
| set -e | |
| VERSION="${{ steps.get-version.outputs.VERSION }}" | |
| # Extract the release channel (latest, alpha, beta, rc) | |
| if [[ $VERSION =~ ^v?[0-9]+\.[0-9]+\.[0-9]+(-(.+))?$ ]]; then | |
| if [[ -n "${BASH_REMATCH[2]}" ]]; then | |
| CAPTURED_CHANNEL="${BASH_REMATCH[2]}" | |
| # The captured channel might have more dots, cases like | |
| # v1.2.3-alpha.1 For such cases we only want the channel relevant | |
| # part which is alpha. | |
| RELEASE_CHANNEL="${CAPTURED_CHANNEL%%.*}" | |
| else | |
| RELEASE_CHANNEL="latest" | |
| fi | |
| else | |
| echo "::error title=Invalid Version::Encountered unexpected version ${{ steps.get-version.outputs.VERSION }}, cannot proceed!" | |
| exit 1 | |
| fi | |
| echo "RELEASE_CHANNEL=${RELEASE_CHANNEL}" >> "$GITHUB_OUTPUT" | |
| - name: Output deployment info | |
| run: echo "::notice title=Deployment Info::Deploying version ${{ steps.get-version.outputs.VERSION }} to channel ${{ steps.npm-tag.outputs.RELEASE_CHANNEL }}" | |
| publish: | |
| runs-on: ubuntu-latest | |
| environment: Production | |
| permissions: | |
| contents: write | |
| needs: | |
| - check | |
| if: needs.check.outputs.VERSION_EXISTS == 'false' | |
| steps: | |
| - uses: GitHubSecurityLab/actions-permissions/monitor@v1 | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version-file: package.json | |
| registry-url: "https://registry.npmjs.org" | |
| cache: "npm" | |
| - name: Build package | |
| run: | | |
| npm ci | |
| npm run build | |
| - name: Publish to NPM | |
| run: npm publish --tag ${{ needs.check.outputs.RELEASE_CHANNEL }} | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish git release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release create ${{ needs.check.outputs.VERSION }} --title "${{ needs.check.outputs.VERSION }}" --generate-notes --target ${{ github.sha }} ${{ (steps.npm-tag.outputs.RELEASE_CHANNEL != 'latest' && '--prerelease') || ''}} |