This repository uses GitHub Actions for automated CI/CD with comprehensive quality gates, automated releases, and dependency management.
- Overview
- Workflows
- Setup Instructions
- Status Checks
- Release Process
- Secrets and Variables
- Troubleshooting
Our CI/CD pipeline includes:
- Continuous Integration: Automated testing, linting, and quality checks on every PR
- Quality Gates: Bundle size tracking, security audits, license compliance
- Automated Releases: Semantic versioning and npm publishing
- Dependency Management: Automated dependency updates via Dependabot
Triggers: Pull requests and pushes to master
Jobs:
- Runs ESLint on TypeScript files
- Checks Prettier formatting
- Validates package.json
- Runtime: ~2-3 minutes
- Node Version: 20
- Compiles TypeScript to JavaScript
- Verifies build artifacts (dist/)
- Uploads build artifacts for use in other jobs
- Runtime: ~2-3 minutes
- Node Version: 20
- Runs unit tests across multiple Node versions (18, 20, 22)
- Generates code coverage reports
- Uploads coverage to Codecov
- Enforces 80% coverage threshold
- Runtime: ~5-8 minutes per Node version
- Matrix Strategy: Parallel execution across Node versions
- Runs performance benchmark suite
- Compares results against baseline
- Fails if performance regression >10%
- Posts results as PR comment
- Runtime: ~3-5 minutes
- Node Version: 20
- Starts MCP server
- Runs integration tests against live server
- Uploads logs on failure
- Runtime: ~3-5 minutes
- Node Version: 20
- Depends On:
buildjob
- Aggregates all job results
- Final gate before PR can be merged
- Runtime: <1 minute
- Depends On: All other jobs
Total CI Runtime: ~10-15 minutes (with parallelization)
Triggers: Push to master (after PR merge)
Jobs:
- Analyzes commits using conventional commit format
- Determines version bump (major/minor/patch)
- Generates CHANGELOG.md
- Creates Git tag
- Creates GitHub Release
- Runtime: ~3-5 minutes
- Node Version: 20
- Publishes package to npm
- Verifies publication
- Only runs if new release was created
- Runtime: ~2-3 minutes
- Node Version: 20
- Depends On:
releasejob
- Posts release announcement (Discord/Slack if configured)
- Comments on related issues
- Updates release summary
- Runtime: ~1-2 minutes
- Depends On:
release,publishjobs
Total Release Runtime: ~6-10 minutes
Triggers: Pull requests and pushes to master
Jobs:
- Analyzes compiled bundle size
- Compares against baseline
- Fails if size increases >5%
- Posts size comparison as PR comment
- Runtime: ~2-3 minutes
- Runs
npm audit - Fails on critical vulnerabilities
- Warns on high vulnerabilities
- Posts audit results as PR comment
- Runtime: ~2-3 minutes
- Checks all dependency licenses
- Warns about copyleft licenses (GPL, AGPL, LGPL)
- Generates license report
- Runtime: ~2-3 minutes
- Runs Snyk scan (if configured)
- Checks for outdated dependencies
- Generates vulnerability report
- Runtime: ~2-3 minutes
- Analyzes code complexity
- Counts lines of code
- Identifies TODO/FIXME comments
- Runtime: ~1-2 minutes
Total Quality Gates Runtime: ~9-14 minutes (parallel execution)
Triggers: Pull requests
Jobs:
- Validates all PR commits follow Conventional Commits format
- Posts format guide as PR comment on failure
- Runtime: ~1-2 minutes
Schedule: Weekly (Monday 9:00 AM UTC)
Features:
- Groups minor/patch updates for dev dependencies
- Groups patch updates for production dependencies
- Separate PRs for major version updates
- Auto-assigns to @ooples
- Labels:
dependencies,automated
-
Clone the repository
git clone https://github.com/ooples/token-optimizer-mcp.git cd token-optimizer-mcp -
Install dependencies
npm install
-
Install semantic-release and commitlint globally (optional)
npm install -g semantic-release @commitlint/cli
Navigate to: Settings > Secrets and variables > Actions > New repository secret
Add the following secrets:
| Secret Name | Description | How to Get |
|---|---|---|
NPM_TOKEN |
npm authentication token | https://www.npmjs.com/settings/YOUR_USERNAME/tokens |
CODECOV_TOKEN |
Codecov upload token (optional) | https://codecov.io/ |
| Secret Name | Description | Use Case |
|---|---|---|
SNYK_TOKEN |
Snyk authentication token | Advanced security scanning |
Navigate to: Settings > Secrets and variables > Actions > Variables tab
| Variable Name | Description | Example |
|---|---|---|
DISCORD_WEBHOOK_URL |
Discord webhook for release notifications | https://discord.com/api/webhooks/... |
SLACK_WEBHOOK_URL |
Slack webhook for release notifications | https://hooks.slack.com/services/... |
Follow instructions in BRANCH_PROTECTION.md
After first successful CI run:
- Download the benchmark results artifact
- Copy to
.github/performance-baseline.json - Commit and push:
git add .github/performance-baseline.json git commit -m "chore: add performance baseline" git push
After first successful build:
- Run:
du -sb dist | cut -f1 > .github/bundle-size-baseline.txt - Commit and push:
git add .github/bundle-size-baseline.txt git commit -m "chore: add bundle size baseline" git push
All PRs must pass the following status checks before merging:
- ✅
lint-and-format- Code style and linting - ✅
build- TypeScript compilation - ✅
test (18)- Tests on Node 18 - ✅
test (20)- Tests on Node 20 - ✅
test (22)- Tests on Node 22 - ✅
commitlint- Commit message format
- ✅
bundle-size- Bundle size within limits - ✅
security-audit- No critical vulnerabilities - ✅
license-compliance- License compatibility
⚠️ performance-benchmarks- Performance metrics⚠️ integration-test- Integration test suite⚠️ code-quality- Code metrics and analysis
-
Developer creates PR with conventional commits
- Format:
type(scope): description - Examples:
feat(auth): add OAuth,fix(api): resolve race condition
- Format:
-
CI runs on PR
- All status checks must pass
- Code review required
- Conversations must be resolved
-
PR is merged to master
- Release workflow triggers automatically
- Semantic-release analyzes commits
-
Version determination
fix:commits → Patch version (0.0.X)feat:commits → Minor version (0.X.0)BREAKING CHANGE:→ Major version (X.0.0)
-
Automatic actions
- CHANGELOG.md updated
- Version bumped in package.json
- Git tag created (e.g., v0.2.1)
- GitHub Release created
- npm package published
- Related issues commented
If automated release fails:
# Ensure you're on master with latest changes
git checkout master
git pull
# Create version and tag
npm version patch -m "chore(release): %s" # or minor/major
# Push changes and tags
git push && git push --tags
# Publish to npm
npm publish
# Create GitHub release manually
gh release create v0.2.1 --generate-notes- Log in to npm: https://www.npmjs.com/
- Click your profile → "Access Tokens"
- Click "Generate New Token" → "Classic Token"
- Select "Automation" type
- Copy token and add to GitHub Secrets as
NPM_TOKEN
- Visit https://codecov.io/
- Sign in with GitHub
- Add your repository
- Copy the upload token
- Add to GitHub Secrets as
CODECOV_TOKEN
- Go to your Discord server settings
- Navigate to "Integrations" → "Webhooks"
- Create a new webhook
- Copy the webhook URL
- Add to GitHub Variables as
DISCORD_WEBHOOK_URL
- Go to https://api.slack.com/apps
- Create a new app or select existing
- Enable "Incoming Webhooks"
- Add webhook to workspace
- Copy the webhook URL
- Add to GitHub Variables as
SLACK_WEBHOOK_URL
Solution: Add more unit tests to reach 80% coverage
npm run test:coverage
# Check coverage/index.html for uncovered linesSolution: Optimize bundle or update baseline
# Check what's causing size increase
npm run build
du -h dist/
# If increase is justified, update baseline:
du -sb dist | cut -f1 > .github/bundle-size-baseline.txt
git add .github/bundle-size-baseline.txt
git commit -m "chore: update bundle size baseline"Cause: No conventional commits since last release
Solution: Ensure commits follow format:
feat:for featuresfix:for bug fixesBREAKING CHANGE:for breaking changes
Solution: Verify NPM_TOKEN secret
- Check token is still valid: https://www.npmjs.com/settings/YOUR_USERNAME/tokens
- Regenerate token if needed
- Update GitHub secret
Solution: Review and fix issues
# Checkout Dependabot branch
git fetch origin
git checkout dependabot/npm_and_yarn/...
# Fix any breaking changes
npm install
npm test
# Commit fixes
git commit -am "fix: resolve dependency conflicts"
git pushSolution: Investigate performance regression
- Download benchmark artifacts from failed run
- Compare with baseline
- Profile the code to find bottleneck
- Optimize or update baseline if acceptable
✅ Good
feat(api): add token refresh endpoint
fix(cache): resolve memory leak in LRU cache
docs(readme): update installation instructions
refactor(core): simplify optimization logic
❌ Bad
Update code
Fix bug
WIP
changes
- Create feature branch:
git checkout -b feat/my-feature - Make changes with conventional commits
- Push and create PR
- Wait for all checks to pass
- Get code review approval
- Squash and merge (if needed)
- Write unit tests for all new features
- Maintain 80%+ coverage
- Add integration tests for critical flows
- Update benchmarks for performance-sensitive code
- Review Dependabot PRs weekly
- Test major version updates thoroughly
- Group minor/patch updates when possible
- Keep dependencies up to date for security
For issues with CI/CD:
- Check GitHub Actions logs
- Review this documentation
- Open an issue: https://github.com/ooples/token-optimizer-mcp/issues