chore: add a temporary OIDC-based registry publish workflow #682
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR addresses authentication issues with the MCP registry publishing by introducing an OIDC-based workflow as an alternative to the currently non-functional token-based authentication. The change splits registry publishing into a separate workflow to enable iteration on OIDC authentication while maintaining the existing release process.
Key changes:
- Created a new dedicated workflow for MCP registry publishing using OIDC authentication
- Removed MCP registry publishing steps from the main publish workflow
- Replaced GitHub token-based authentication with OIDC authentication method
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.github/workflows/registry-publish.yml |
New workflow implementing OIDC-based authentication for MCP registry publishing |
.github/workflows/publish.yml |
Removed MCP registry publishing steps and bot token setup that relied on token-based auth |
|
|
||
| - name: Install MCP Publisher | ||
| run: | | ||
| curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher |
There was a problem hiding this comment.
The tar command is missing the '-C' flag or output directory specification. The current command 'tar xz mcp-publisher' will attempt to extract all files from the archive but won't correctly extract to 'mcp-publisher'. It should be 'tar xz' without the filename argument, or use 'tar xzf -' to explicitly read from stdin.
| curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher | |
| curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz |
There was a problem hiding this comment.
I don't think this is true at all lol
Pull Request Test Coverage Report for Build 18775801527Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
gagik
force-pushed
the
gagik/marketplace
branch
from
a62a498 to
e6d9d81
Compare
Since the token-based auth seems to be either buggy or unsupported at the moment (see modelcontextprotocol/registry#698), this adds a separate workflow for us to iterate on with regards to OIDC auth.
I tried this locally and I don't have the permissions for it but either a) in actions context the permissions can apply to our CI or b) someone else in our team might have all the necessary permissions for publishing as a temporary solution.