Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix: harden get_issue parsing and surface real errors (#27); align CI image publish

Browse Source 
get_issue raised 'NoneType' object is not iterable on issues whose
labels/assignees Gitea returns as null or with non-dict elements (the #13
class), which reached clients as an opaque JSON-RPC -32603 with no detail.

- read_tools: skip non-dict label/assignee entries in get_issue_tool
- server: detect a wrapped GiteaNotFoundError via the __cause__ chain and
  return 404 / JSON-RPC -32000 with a clear message; include the exception
  type name in masked internal errors so future masked failures are
  diagnosable without exposing messages or stack traces
- tests: cover non-dict collection elements and the not-found / typed-error
  responses
- ci: rewrite docker.yml to build, smoke-test and push the image to the
  Gitea container registry on merge to main/dev, matching the hiddenden.cafe
  pattern (only REGISTRY_TOKEN required)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Latte
2026-06-25 16:51:58 +02:00
parent 026f3a654f
commit 41749fd7b4
5 changed files with 295 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/docker.yml
+112 -144
View File
@@ -1,157 +1,125 @@
name: docker
on:
push:
branches:
- main
- dev
pull_request:
branches:
- main
- dev
pull_request_review:
types:
- submitted
# Test on every branch push; registry push is gated per-step to main/dev.
push:
branches:
- '**'
pull_request:
branches:
- main
- dev
jobs:
lint:
if: ${{ github.event_name != 'pull_request_review' || github.event.review.state == 'approved' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Run lint
run: |
ruff check src tests
ruff format --check src tests
black --check src tests
mypy src
# ---------------------------------------------------------------------------
# 1. Lint: ruff + black + mypy.
# ---------------------------------------------------------------------------
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Run lint
run: |
ruff check src tests
ruff format --check src tests
black --check src tests
mypy src
test:
if: ${{ github.event_name != 'pull_request_review' || github.event.review.state == 'approved' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Run tests
run: pytest --cov=aegis_gitea_mcp --cov-report=term-missing --cov-fail-under=80
# ---------------------------------------------------------------------------
# 2. Test: pytest with coverage gate.
# ---------------------------------------------------------------------------
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements-dev.txt
- name: Run tests
run: pytest --cov=aegis_gitea_mcp --cov-report=term-missing --cov-fail-under=80
docker-test:
if: ${{ github.event_name != 'pull_request_review' || github.event.review.state == 'approved' }}
runs-on: ubuntu-latest
needs: [lint, test]
env:
IMAGE_NAME: aegis-gitea-mcp
steps:
- name: Checkout
uses: actions/checkout@v4
# ---------------------------------------------------------------------------
# 3. Build the Docker image, smoke-test it, push to Gitea (push events to
# main/dev only), then clean up so nothing lingers on the self-hosted
# runner.
# ---------------------------------------------------------------------------
docker:
needs: [lint, test]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build candidate image
run: |
SHA_TAG="${GITHUB_SHA:-${CI_COMMIT_SHA:-local}}"
docker build -f docker/Dockerfile -t ${IMAGE_NAME}:${SHA_TAG} .
- name: Compute image name & tags
id: meta
shell: bash
run: |
IMAGE="git.hiddenden.cafe/${GITHUB_REPOSITORY,,}"
echo "image=${IMAGE}" >> "$GITHUB_OUTPUT"
echo "sha_tag=${IMAGE}:sha-${GITHUB_SHA::12}" >> "$GITHUB_OUTPUT"
if [ "${GITHUB_REF_NAME}" = "main" ]; then
# Production: stable :latest + :main
echo "branch_tags=${IMAGE}:latest ${IMAGE}:main" >> "$GITHUB_OUTPUT"
else
# dev (and any other branch): tag with the branch name
echo "branch_tags=${IMAGE}:${GITHUB_REF_NAME}" >> "$GITHUB_OUTPUT"
fi
- name: Smoke-test image
run: |
SHA_TAG="${GITHUB_SHA:-${CI_COMMIT_SHA:-local}}"
docker run --rm --entrypoint python ${IMAGE_NAME}:${SHA_TAG} -c "import aegis_gitea_mcp"
- name: Build image
shell: bash
run: docker build -f docker/Dockerfile -t "${{ steps.meta.outputs.sha_tag }}" .
docker-publish:
runs-on: ubuntu-latest
needs: [lint, test, docker-test]
if: >-
(github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'dev')) ||
(github.event_name == 'pull_request_review' &&
github.event.review.state == 'approved' &&
(github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'dev'))
env:
IMAGE_NAME: aegis-gitea-mcp
REGISTRY_IMAGE: ${{ vars.REGISTRY_IMAGE }}
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Smoke-test image
shell: bash
run: |
docker run --rm --entrypoint python "${{ steps.meta.outputs.sha_tag }}" \
-c "import aegis_gitea_mcp"
echo "Image imports cleanly."
- name: Resolve tags
id: tags
run: |
EVENT_NAME="${GITHUB_EVENT_NAME:-${CI_EVENT_NAME:-}}"
REF_NAME="${GITHUB_REF_NAME:-${CI_COMMIT_REF_NAME:-}}"
BASE_REF="${PR_BASE_REF:-${GITHUB_BASE_REF:-${CI_BASE_REF:-}}}"
SHA_TAG="${GITHUB_SHA:-${CI_COMMIT_SHA:-local}}"
- name: Log in to Gitea Container Registry
if: github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'dev')
uses: docker/login-action@v3
with:
registry: git.hiddenden.cafe
username: ${{ github.actor }}
# PAT with write:package scope, stored as the REGISTRY_TOKEN secret.
# The auto-provided GITEA_TOKEN lacks package-write permission on
# this instance, so we use a dedicated token here.
password: ${{ secrets.REGISTRY_TOKEN }}
if [ "${EVENT_NAME}" = "pull_request_review" ]; then
TARGET_BRANCH="${BASE_REF}"
SHA_TAG="${PR_HEAD_SHA:-$SHA_TAG}"
else
TARGET_BRANCH="${REF_NAME}"
fi
- name: Tag & push
if: github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'dev')
shell: bash
run: |
for tag in ${{ steps.meta.outputs.branch_tags }} ${{ steps.meta.outputs.sha_tag }}; do
docker tag "${{ steps.meta.outputs.sha_tag }}" "$tag"
docker push "$tag"
echo "Pushed $tag"
done
if [ "${TARGET_BRANCH}" = "main" ]; then
STABLE_TAG="latest"
elif [ "${TARGET_BRANCH}" = "dev" ]; then
STABLE_TAG="dev"
else
echo "Unsupported target branch '${TARGET_BRANCH}'"
exit 1
fi
echo "sha_tag=${SHA_TAG}" >> "${GITHUB_OUTPUT}"
echo "stable_tag=${STABLE_TAG}" >> "${GITHUB_OUTPUT}"
- name: Build releasable image
id: image
run: |
IMAGE_REF="${REGISTRY_IMAGE:-${IMAGE_NAME}}"
echo "image_ref=${IMAGE_REF}" >> "${GITHUB_OUTPUT}"
docker build -f docker/Dockerfile -t ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }} .
docker tag ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }} ${IMAGE_REF}:${{ steps.tags.outputs.stable_tag }}
- name: Login to registry
if: ${{ vars.PUSH_IMAGE == 'true' }}
run: |
if [ -z "${REGISTRY_USER}" ] || [ -z "${REGISTRY_TOKEN}" ]; then
echo "REGISTRY_USER and REGISTRY_TOKEN secrets are required when PUSH_IMAGE=true"
exit 1
fi
IMAGE_REF="${{ steps.image.outputs.image_ref }}"
LOGIN_HOST="${REGISTRY_HOST}"
if [ -z "${LOGIN_HOST}" ]; then
FIRST_PART="${IMAGE_REF%%/*}"
case "${FIRST_PART}" in
*.*|*:*|localhost) LOGIN_HOST="${FIRST_PART}" ;;
*) LOGIN_HOST="docker.io" ;;
esac
fi
printf "%s" "${REGISTRY_TOKEN}" | docker login "${LOGIN_HOST}" --username "${REGISTRY_USER}" --password-stdin
- name: Optional registry push
if: ${{ vars.PUSH_IMAGE == 'true' }}
run: |
IMAGE_REF="${{ steps.image.outputs.image_ref }}"
docker push ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }}
docker push ${IMAGE_REF}:${{ steps.tags.outputs.stable_tag }}
# Always runs — removes exactly what this run created, even on failure.
# Scoped on purpose: if the runner shares the host Docker daemon, a global
# prune would also wipe other homelab services. We never create volumes
# here, so only dangling images + build cache are swept.
- name: Cleanup
if: always()
shell: bash
run: |
docker rmi -f ${{ steps.meta.outputs.sha_tag }} ${{ steps.meta.outputs.branch_tags }} || true
docker image prune -f || true
docker builder prune -f || true