Merge branch 'main' into natagdunbar/add-repo-nav-tool

Author: natagdunbar

.github/workflows/close-inactive-issues.yml

@@ -7,8 +7,8 @@ jobs:
   close-issues:
     runs-on: ubuntu-latest
     env:
-      PR_DAYS_BEFORE_STALE: 60
-      PR_DAYS_BEFORE_CLOSE: 120
+      PR_DAYS_BEFORE_STALE: 30
+      PR_DAYS_BEFORE_CLOSE: 60
       PR_STALE_LABEL: stale
     permissions:
       issues: write
@@ -21,8 +21,8 @@ jobs:
           stale-issue-label: ${{ env.PR_STALE_LABEL }}
           stale-issue-message: "This issue is stale because it has been open for ${{ env.PR_DAYS_BEFORE_STALE }} days with no activity. Leave a comment to avoid closing this issue in ${{ env.PR_DAYS_BEFORE_CLOSE }} days."
           close-issue-message: "This issue was closed because it has been inactive for ${{ env.PR_DAYS_BEFORE_CLOSE }} days since being marked as stale."
-          days-before-pr-stale: -1
-          days-before-pr-close: -1
+          days-before-pr-stale: ${{ env.PR_DAYS_BEFORE_STALE }}
+          days-before-pr-close: ${{ env.PR_DAYS_BEFORE_STALE }}
           # Start with the oldest items first
           ascending: true
           repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/code-scanning.yml

@@ -38,7 +38,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -52,28 +52,28 @@ jobs:
             threat-models: [  ]
       - name: Setup proxy for registries
         id: proxy
-        uses: github/codeql-action/start-proxy@v3
+        uses: github/codeql-action/start-proxy@v4
         with:
           registries_credentials: ${{ secrets.GITHUB_REGISTRIES_PROXY }}
           language: ${{ matrix.language }}
 
       - name: Configure
-        uses: github/codeql-action/resolve-environment@v3
+        uses: github/codeql-action/resolve-environment@v4
         id: resolve-environment
         with:
           language: ${{ matrix.language }}
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         if: matrix.language == 'go' && fromJSON(steps.resolve-environment.outputs.environment).configuration.go.version
         with:
           go-version: ${{ fromJSON(steps.resolve-environment.outputs.environment).configuration.go.version }}
           cache: false
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         env:
           CODEQL_PROXY_HOST: ${{ steps.proxy.outputs.proxy_host }}
           CODEQL_PROXY_PORT: ${{ steps.proxy.outputs.proxy_port }}

.github/workflows/docker-publish.yml

@@ -46,7 +46,7 @@ jobs:
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad #v4.0.0
         with:
           cosign-release: "v2.2.4"
 
@@ -60,7 +60,7 @@ jobs:
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -101,7 +101,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
@@ -127,3 +127,4 @@ jobs:
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+        

.github/workflows/docs-check.yml

@@ -17,7 +17,7 @@ jobs:
       uses: actions/checkout@v5
 
     - name: Set up Go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@v6
       with:
         go-version-file: 'go.mod'
 

.github/workflows/go.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
 

.github/workflows/goreleaser.yml

@@ -17,15 +17,15 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
 
       - name: Download dependencies
         run: go mod download
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
         with:
           distribution: goreleaser
           # GoReleaser version

.github/workflows/license-check.yml

@@ -14,7 +14,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
       - name: check licenses

.github/workflows/lint.yml

@@ -14,10 +14,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version: stable
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v8
         with:
-          version: v2.1
+          version: v2.5

.github/workflows/moderator.yml

@@ -0,0 +1,28 @@
+name: AI Moderator
+on:
+  issues:
+    types: [opened]
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  spam-detection:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+      models: read
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/ai-moderator@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          spam-label: 'spam'
+          ai-label: 'ai-generated'
+          minimize-detected-comments: true
+          enable-spam-detection: true
+          enable-link-spam-detection: true
+          enable-ai-detection: true

.github/workflows/registry-releaser.yml

@@ -16,33 +16,67 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
 
-      - name: Install jq
-        run: sudo apt-get update && sudo apt-get install -y jq
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "stable"
+        
+      - name: Fetch tags
+        run: |
+          if [[ "${{ github.ref_type }}" != "tag" ]]; then
+            git fetch --tags
+          else
+            echo "Skipping tag fetch - already on tag ${{ github.ref_name }}"
+          fi
+
+      - name: Wait for Docker image
+        run: |
+          if [[ "${{ github.ref_type }}" == "tag" ]]; then
+            TAG="${{ github.ref_name }}"
+          else
+            TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n1)
+          fi
+          IMAGE="ghcr.io/github/github-mcp-server:$TAG"
+          
+          for i in {1..10}; do
+            if docker manifest inspect "$IMAGE" &>/dev/null; then
+              echo "✅ Docker image ready: $TAG"
+              break
+            fi
+            [ $i -eq 10 ] && { echo "❌ Timeout waiting for $TAG after 5 minutes"; exit 1; }
+            echo "⏳ Waiting for Docker image ($i/10)..."
+            sleep 30
+          done
 
       - name: Install MCP Publisher
         run: |
-          curl -L "https://github.com/modelcontextprotocol/registry/releases/download/v1.0.0/mcp-publisher_1.0.0_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
+          git clone --quiet https://github.com/modelcontextprotocol/registry publisher-repo
+          cd publisher-repo && make publisher > /dev/null && cd ..
+          cp publisher-repo/bin/mcp-publisher . && chmod +x mcp-publisher
 
       - name: Update server.json version
         run: |
           if [[ "${{ github.ref_type }}" == "tag" ]]; then
-            # Use the tag that triggered the workflow
             TAG_VERSION=$(echo "${{ github.ref_name }}" | sed 's/^v//')
-            echo "Using triggered tag: ${{ github.ref_name }}"
           else
-            # Fallback to latest tag (for manual triggers)
-            LATEST_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+(-.*)?$' | head -n 1)
-            if [ -z "$LATEST_TAG" ]; then
-              echo "❌ No release tag found. Cannot determine version."
-              exit 1
-            fi
+            LATEST_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1)
+            [ -z "$LATEST_TAG" ] && { echo "No release tag found"; exit 1; }
             TAG_VERSION=$(echo "$LATEST_TAG" | sed 's/^v//')
             echo "Using latest tag: $LATEST_TAG"
           fi
-          jq ".version = \"$TAG_VERSION\" | .packages[].version = \"$TAG_VERSION\"" server.json > server.json.tmp && mv server.json.tmp server.json
-          echo "Updated server.json version to $TAG_VERSION"
+          sed -i "s/\${VERSION}/$TAG_VERSION/g" server.json
+          echo "Version: $TAG_VERSION"
+
+      - name: Validate configuration
+        run: |
+          python3 -m json.tool server.json > /dev/null && echo "Configuration valid" || exit 1
+
+      - name: Display final server.json
+        run: |
+          echo "Final server.json contents:"
+          cat server.json
 
-      - name: Login to MCP Registry
+      - name: Login to MCP Registry (OIDC)
         run: ./mcp-publisher login github-oidc
 
       - name: Publish to MCP Registry