chore: auto-publish to MCP Registry on release#13
Conversation
|
Warning Review limit reached
Next review available in: 46 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds a new GitHub Actions workflow file that publishes server.json to the MCP Registry upon release publication or manual dispatch, deriving version info, updating server.json with jq, and using mcp-publisher for OIDC-authenticated publishing. ChangesRelease Publishing Workflow
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant GitHubRelease as GitHub Release
participant Workflow as CI Workflow
participant ServerJson as server.json
participant McpPublisher as mcp-publisher
participant MCPRegistry as MCP Registry
GitHubRelease->>Workflow: release published / manual dispatch
Workflow->>Workflow: derive version from tag or git describe
Workflow->>ServerJson: update version via jq
Workflow->>McpPublisher: install binary
Workflow->>McpPublisher: login github-oidc
McpPublisher->>MCPRegistry: publish server.json
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #13 +/- ##
=======================================
Coverage 66.02% 66.02%
=======================================
Files 2 2
Lines 209 209
=======================================
Hits 138 138
Misses 71 71 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
fe6f6bd to
8eb05f0
Compare
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
.github/workflows/update-server-json.yml (1)
40-42: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick winUnpinned "latest" binary download without checksum verification.
mcp-publisheris fetched from thelatestrelease tag and piped straight intotarwith no checksum/signature check. A future release change or compromised asset would silently affect this workflow. Consider pinning to a specific version and verifying a checksum if the registry publishes one.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/update-server-json.yml around lines 40 - 42, The Install mcp-publisher step downloads an unpinned “latest” binary and extracts it without any integrity check. Update the workflow step to use a specific mcp-publisher release version instead of latest, and add checksum or signature verification if the registry provides one. Keep the change localized to the Install mcp-publisher run block in update-server-json.yml so the download is deterministic and verifiable.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/update-server-json.yml:
- Around line 17-18: The checkout step in the workflow is missing two required
options: disable persisted GitHub credentials and fetch full history/tags.
Update the actions/checkout usage in the Checkout repo step to set
persist-credentials to false and fetch-depth to 0 so later git describe fallback
logic can find tags during workflow_dispatch runs and no unnecessary token is
left available.
- Around line 20-29: The version-extraction step in the workflow is
interpolating github.event.release.tag_name directly inside the shell script,
which is the template-injection issue. Update the “Extract version from release
tag” step to read the tag from an env variable instead of embedding the GitHub
expression in the run block, and keep the existing TAG/VERSION logic in that
step using the env-provided value. Use the step’s id version and the existing
tag/version output handling to preserve behavior while removing the untrusted
direct template expansion.
- Around line 31-38: The Set version in server.json step is using direct
template interpolation for steps.version.outputs.version, which triggers the
template-injection warning. Update the workflow to pass that value through env:
instead of embedding it directly in the run script, then reference the
environment variable inside the jq update in the Set version in server.json
step. Keep the change consistent with the surrounding version-handling logic in
this job.
---
Nitpick comments:
In @.github/workflows/update-server-json.yml:
- Around line 40-42: The Install mcp-publisher step downloads an unpinned
“latest” binary and extracts it without any integrity check. Update the workflow
step to use a specific mcp-publisher release version instead of latest, and add
checksum or signature verification if the registry provides one. Keep the change
localized to the Install mcp-publisher run block in update-server-json.yml so
the download is deterministic and verifiable.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 6a62cbee-b5ea-4127-8048-0b94625e7deb
📒 Files selected for processing (1)
.github/workflows/update-server-json.yml
| - name: Checkout repo | ||
| uses: actions/checkout@v7 |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Checkout doesn't set persist-credentials: false or fetch-depth.
Two related gaps in the checkout step:
- This workflow never pushes back to the repo (publishing is done via
mcp-publisher), so persisting the token viapersist-credentials(defaulttrue) is unnecessary credential exposure — flagged by zizmor asartipacked. - Default
fetch-depth: 1fetches only the triggering commit with no tags, which breaks thegit describe --tags --abbrev=0fallback used later (see lines 24-26) whenever the workflow runs viaworkflow_dispatch— the git command will fail on a shallow clone with no tags.
🔧 Proposed fix
- name: Checkout repo
uses: actions/checkout@v7
+ with:
+ fetch-depth: 0
+ persist-credentials: falseAs per static analysis hints, zizmor flagged "credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false" for these lines.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Checkout repo | |
| uses: actions/checkout@v7 | |
| - name: Checkout repo | |
| uses: actions/checkout@v7 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false |
🧰 Tools
🪛 zizmor (1.26.1)
[warning] 17-18: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false
(artipacked)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/update-server-json.yml around lines 17 - 18, The checkout
step in the workflow is missing two required options: disable persisted GitHub
credentials and fetch full history/tags. Update the actions/checkout usage in
the Checkout repo step to set persist-credentials to false and fetch-depth to 0
so later git describe fallback logic can find tags during workflow_dispatch runs
and no unnecessary token is left available.
Source: Linters/SAST tools
| - name: Extract version from release tag | ||
| id: version | ||
| run: | | ||
| TAG="${{ github.event.release.tag_name }}" | ||
| if [ -z "$TAG" ]; then | ||
| TAG="$(git describe --tags --abbrev=0)" | ||
| fi | ||
| VERSION="${TAG#v}" | ||
| echo "tag=$TAG" >> "$GITHUB_OUTPUT" | ||
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Untrusted template expansion into shell (github.event.release.tag_name).
Interpolating ${{ github.event.release.tag_name }} directly into the run: script is a code-injection risk if the tag contains shell metacharacters. Pass it via env: instead.
🛡️ Proposed fix
- name: Extract version from release tag
id: version
+ env:
+ RELEASE_TAG: ${{ github.event.release.tag_name }}
run: |
- TAG="${{ github.event.release.tag_name }}"
+ TAG="$RELEASE_TAG"
if [ -z "$TAG" ]; then
TAG="$(git describe --tags --abbrev=0)"
fi
VERSION="${TAG#v}"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"As per static analysis hints, zizmor flagged "code injection via template expansion (template-injection): may expand into attacker-controllable code" at line 23.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Extract version from release tag | |
| id: version | |
| run: | | |
| TAG="${{ github.event.release.tag_name }}" | |
| if [ -z "$TAG" ]; then | |
| TAG="$(git describe --tags --abbrev=0)" | |
| fi | |
| VERSION="${TAG#v}" | |
| echo "tag=$TAG" >> "$GITHUB_OUTPUT" | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Extract version from release tag | |
| id: version | |
| env: | |
| RELEASE_TAG: ${{ github.event.release.tag_name }} | |
| run: | | |
| TAG="$RELEASE_TAG" | |
| if [ -z "$TAG" ]; then | |
| TAG="$(git describe --tags --abbrev=0)" | |
| fi | |
| VERSION="${TAG#v}" | |
| echo "tag=$TAG" >> "$GITHUB_OUTPUT" | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" |
🧰 Tools
🪛 zizmor (1.26.1)
[error] 23-23: code injection via template expansion (template-injection): may expand into attacker-controllable code
(template-injection)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/update-server-json.yml around lines 20 - 29, The
version-extraction step in the workflow is interpolating
github.event.release.tag_name directly inside the shell script, which is the
template-injection issue. Update the “Extract version from release tag” step to
read the tag from an env variable instead of embedding the GitHub expression in
the run block, and keep the existing TAG/VERSION logic in that step using the
env-provided value. Use the step’s id version and the existing tag/version
output handling to preserve behavior while removing the untrusted direct
template expansion.
Source: Linters/SAST tools
| - name: Set version in server.json | ||
| run: | | ||
| VERSION="${{ steps.version.outputs.version }}" | ||
| echo "Setting server.json version to $VERSION" | ||
| jq --arg v "$VERSION" '.version = $v | .packages[0].version = $v' server.json > server.json.tmp | ||
| mv server.json.tmp server.json | ||
| echo "=== Updated server.json ===" | ||
| cat server.json |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
Same template-injection pattern for steps.version.outputs.version.
Prefer env: over direct interpolation here as well, consistent with the fix above.
🛡️ Proposed fix
- name: Set version in server.json
+ env:
+ VERSION: ${{ steps.version.outputs.version }}
run: |
- VERSION="${{ steps.version.outputs.version }}"
echo "Setting server.json version to $VERSION"
jq --arg v "$VERSION" '.version = $v | .packages[0].version = $v' server.json > server.json.tmp
mv server.json.tmp server.json
echo "=== Updated server.json ==="
cat server.jsonAs per static analysis hints, zizmor flagged "code injection via template expansion (template-injection)" at line 33.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Set version in server.json | |
| run: | | |
| VERSION="${{ steps.version.outputs.version }}" | |
| echo "Setting server.json version to $VERSION" | |
| jq --arg v "$VERSION" '.version = $v | .packages[0].version = $v' server.json > server.json.tmp | |
| mv server.json.tmp server.json | |
| echo "=== Updated server.json ===" | |
| cat server.json | |
| - name: Set version in server.json | |
| env: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| run: | | |
| echo "Setting server.json version to $VERSION" | |
| jq --arg v "$VERSION" '.version = $v | .packages[0].version = $v' server.json > server.json.tmp | |
| mv server.json.tmp server.json | |
| echo "=== Updated server.json ===" | |
| cat server.json |
🧰 Tools
🪛 zizmor (1.26.1)
[info] 33-33: code injection via template expansion (template-injection): may expand into attacker-controllable code
(template-injection)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/update-server-json.yml around lines 31 - 38, The Set
version in server.json step is using direct template interpolation for
steps.version.outputs.version, which triggers the template-injection warning.
Update the workflow to pass that value through env: instead of embedding it
directly in the run script, then reference the environment variable inside the
jq update in the Set version in server.json step. Keep the change consistent
with the surrounding version-handling logic in this job.
Source: Linters/SAST tools
Summary
Add a GitHub Actions workflow that automatically publishes the updated
server.jsonto the official MCP Registry when a new release is published.Changes
.github/workflows/update-server-json.yml— new workflowWorkflow steps
vfrom the release tag (v0.1.6→0.1.6)server.json.versionand.packages[0].versionlocally viajqmcp-publisher./mcp-publisher login github-oidc— no secrets needed./mcp-publisher publish— submits the updatedserver.jsonPermissions
contents: read— checkout only (server.json is not committed back to the repo)id-token: write— required for OIDC authentication with the registryOwnership verification
The README already contains the required
mcp-name:marker for PyPI ownership verification (line 3):Best practices followed
Based on the official MCP Registry Quickstart and GitHub Actions guide:
mcp-publisherCLI (not rawcurl)server.jsonlocally before publish (no unnecessary commit)mcp-name:ownership marker for PyPIserver.jsonschema already valid (matching"registryType": "pypi")Relation to existing workflows
publish.ymlupdate-server-json.ymlSeparate concerns, separate workflows.
Summary by CodeRabbit