Documentation Index
Fetch the complete documentation index at: https://mcp-server-langgraph.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
GitHub Actions Workflows
Main CI Workflow
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
Test Job
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install dependencies
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
uv sync
- name: Run unit tests
run: |
ENABLE_TRACING=false \
ENABLE_METRICS=false \
ENABLE_CONSOLE_EXPORT=false \
pytest -m unit --tb=line -q
ENABLE_TRACING=false: Disables OpenTelemetry tracingENABLE_METRICS=false: Disables metrics collectionENABLE_CONSOLE_EXPORT=false: Disables console export
Lint Job
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install dependencies
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
uv pip install flake8 mypy
- name: Run flake8
run: |
flake8 . --count --select=E9,F63,F7,F82 \
--show-source --statistics --exclude=.venv,tests
- name: Run mypy
run: mypy src/ --ignore-missing-imports
continue-on-error: true
flake8: Python syntax errors and undefined namesmypy: Type checking (non-blocking)
Security Check Job
security-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Bandit
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
uv pip install bandit
- name: Run Bandit
run: bandit -r src/ -ll
Deployment Validation
Validate Deployments Job
validate-deployments:
name: Validate Deployment Configurations
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install dependencies
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
uv pip install pyyaml jsonschema
- name: Run deployment validation script
run: python3 scripts/validation/validate_deployments.py
- name: Validate Docker Compose
run: docker compose -f docker-compose.yml config --quiet
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: 'v3.13.0'
- name: Validate Helm chart
run: |
helm lint deployments/helm/mcp-server-langgraph
helm template test-release deployments/helm/mcp-server-langgraph --dry-run > /dev/null
- name: Install kubectl
uses: azure/setup-kubectl@v3
with:
version: 'v1.28.0'
- name: Validate Kustomize overlays
run: |
for env in dev staging production; do
echo "Validating $env overlay..."
kubectl kustomize deployments/kustomize/overlays/$env > /dev/null
done
- Python Validation Script: Comprehensive YAML and configuration checks
- Docker Compose: Syntax and structure validation
- Helm Chart: Linting and template rendering
- Kustomize Overlays: Validation for dev, staging, and production
Validation Script
Location: scripts/validation/validate_deployments.py
Features:
- YAML syntax validation
- Kubernetes manifest validation
- Cross-platform configuration consistency
- Resource specifications validation
- Environment variable completeness
- Probe configuration validation
Usage:
python3 scripts/validation/validate_deployments.py
✓ Validating YAML syntax...
✓ Validating Kubernetes manifests...
✓ Validating Docker Compose...
✓ Validating Helm chart...
✓ Validating configuration consistency...
All validations passed!
Build and Push
Docker Image Build
build-and-push:
needs: [test, lint, security-check, validate-deployments]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- Multi-architecture builds: amd64 and arm64
- Automatic tagging: Branch names, PRs, semantic versions, commit SHAs
- Layer caching: GitHub Actions cache for faster builds
- Dependency: Only runs after all validation jobs pass
- SBOM generation: Automatic Software Bill of Materials creation
Image Tags:
main: Latest stable versiondevelop: Development versionv2.1.0: Semantic version tagssha-abc1234: Commit SHA tags
Software Bill of Materials (SBOM)
Every release automatically generates an SBOM for supply chain security:
Format: SPDX JSON
Tool: Anchore SBOM Action
Location: Attached to GitHub release
Usage:
## Download SBOM from latest release
gh release download v2.1.0 --pattern 'sbom-*.spdx.json'
## Analyze with tools
grype sbom:sbom-linux-amd64.spdx.json
syft sbom-linux-amd64.spdx.json -o table
- Supply chain transparency
- Vulnerability tracking
- License compliance
- Security audits
Next Steps
Testing Strategy
Learn about testing procedures
Deployment
Deploy to environments
Back to Overview
Return to CI/CD overview
