diff --git a/.github/workflows/nightly-mcp-stress-test.lock.yml b/.github/workflows/nightly-mcp-stress-test.lock.yml index d61eaeb6..0c3bb8b2 100644 --- a/.github/workflows/nightly-mcp-stress-test.lock.yml +++ b/.github/workflows/nightly-mcp-stress-test.lock.yml @@ -21,12 +21,12 @@ # # Load 20 MCP servers, discover and summarize the tools exported by each server, test tool invocations, and post a comprehensive report as a GitHub issue # -# frontmatter-hash: 3caa0d8bb7bef63f0e4dfb80a30fb5350bb337fc44f72d1849aaf3a2729d9f42 +# frontmatter-hash: a7e674ab406e676d6cf5834db6c4aa1f2001269ef3ee6de2239da1310c58d81e name: "Nightly MCP Server Stress Test" "on": schedule: - - cron: "32 1 * * *" + - cron: "33 2 * * *" # Friendly format: daily (scattered) workflow_dispatch: @@ -143,7 +143,7 @@ jobs: const determineAutomaticLockdown = require('/opt/gh-aw/actions/determine_automatic_lockdown.cjs'); await determineAutomaticLockdown(github, context, core); - name: Download container images - run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-mcpg:v0.0.98 ghcr.io/github/github-mcp-server:v0.30.2 ghcr.io/github/github-mcp-server:v0.30.3 mcp/brave-search mcp/duckduckgo mcp/everart mcp/fetch mcp/filesystem mcp/gdrive mcp/git mcp/google-maps mcp/hackernews-mcp mcp/kubernetes mcp/memory mcp/playwright mcp/puppeteer mcp/sentry mcp/sequentialthinking mcp/slack mcp/sqlite mcp/time mcp/wikipedia-mcp mcp/youtube-transcript mcr.microsoft.com/playwright/mcp node:lts-alpine + run: bash /opt/gh-aw/actions/download_docker_images.sh ghcr.io/github/gh-aw-mcpg:v0.0.98 ghcr.io/github/github-mcp-server:v0.30.2 ghcr.io/github/github-mcp-server:v0.30.3 mcp/brave-search mcp/duckduckgo mcp/everart mcp/fetch mcp/filesystem mcp/gdrive mcp/git mcp/google-maps mcp/hackernews-mcp mcp/kubernetes mcp/memory mcp/puppeteer mcp/sentry mcp/sequentialthinking mcp/slack mcp/sqlite mcp/time mcp/wikipedia-mcp mcp/youtube-transcript mcr.microsoft.com/playwright/mcp mcr.microsoft.com/playwright:v1.49.1-noble node:lts-alpine - name: Write Safe Outputs Config run: | mkdir -p /opt/gh-aw/safeoutputs @@ -376,6 +376,7 @@ jobs: - name: Start MCP gateway id: start-mcp-gateway env: + BRAVE_API_KEY: ${{ secrets.BRAVE_API_KEY }} EVERART_API_KEY: ${{ secrets.EVERART_API_KEY }} GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} GH_AW_SAFE_OUTPUTS_API_KEY: ${{ steps.safe-outputs-start.outputs.api_key }} @@ -383,6 +384,12 @@ jobs: GITHUB_MCP_LOCKDOWN: ${{ steps.determine-automatic-lockdown.outputs.lockdown == 'true' && '1' || '0' }} GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN || secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} + GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }} + KUBECONFIG: ${{ secrets.KUBECONFIG || '/dev/null' }} + KUBERNETES_CLUSTER_URL: ${{ secrets.KUBERNETES_CLUSTER_URL || '' }} + SENTRY_DSN: ${{ secrets.SENTRY_DSN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SLACK_TEAM_ID: ${{ secrets.SLACK_TEAM_ID }} run: | set -eo pipefail mkdir -p /tmp/gh-aw/mcp-config @@ -398,7 +405,7 @@ jobs: # Register API key as secret to mask it from logs echo "::add-mask::${MCP_GATEWAY_API_KEY}" export GH_AW_ENGINE="copilot" - export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e EVERART_API_KEY -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.98' + export MCP_GATEWAY_DOCKER_COMMAND='docker run -i --rm --network host -v /var/run/docker.sock:/var/run/docker.sock -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY -e DEBUG -e MCP_GATEWAY_LOG_DIR -e GH_AW_MCP_LOG_DIR -e GH_AW_SAFE_OUTPUTS -e GH_AW_SAFE_OUTPUTS_CONFIG_PATH -e GH_AW_SAFE_OUTPUTS_TOOLS_PATH -e GH_AW_ASSETS_BRANCH -e GH_AW_ASSETS_MAX_SIZE_KB -e GH_AW_ASSETS_ALLOWED_EXTS -e DEFAULT_BRANCH -e GITHUB_MCP_SERVER_TOKEN -e GITHUB_MCP_LOCKDOWN -e GITHUB_REPOSITORY -e GITHUB_SERVER_URL -e GITHUB_SHA -e GITHUB_WORKSPACE -e GITHUB_TOKEN -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RUN_ATTEMPT -e GITHUB_JOB -e GITHUB_ACTION -e GITHUB_EVENT_NAME -e GITHUB_EVENT_PATH -e GITHUB_ACTOR -e GITHUB_ACTOR_ID -e GITHUB_TRIGGERING_ACTOR -e GITHUB_WORKFLOW -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY -e BRAVE_API_KEY -e EVERART_API_KEY -e GOOGLE_APPLICATION_CREDENTIALS -e GOOGLE_MAPS_API_KEY -e KUBECONFIG -e KUBERNETES_CLUSTER_URL -e SENTRY_DSN -e SLACK_BOT_TOKEN -e SLACK_TEAM_ID -v /opt:/opt:ro -v /tmp:/tmp:rw -v '"${GITHUB_WORKSPACE}"':'"${GITHUB_WORKSPACE}"':rw ghcr.io/github/gh-aw-mcpg:v0.0.98' mkdir -p /home/runner/.copilot cat << MCPCONFIG_EOF | bash /opt/gh-aw/actions/start_mcp_gateway.sh @@ -409,7 +416,10 @@ jobs: "container": "mcp/brave-search", "tools": [ "*" - ] + ], + "env": { + "BRAVE_API_KEY": "${{ secrets.BRAVE_API_KEY }}" + } }, "duckduckgo": { "type": "stdio", @@ -443,7 +453,10 @@ jobs: ], "tools": [ "*" - ] + ], + "env": { + "ALLOWED_PATHS": "/workspace" + } }, "gdrive": { "type": "stdio", @@ -477,7 +490,10 @@ jobs: "container": "mcp/google-maps", "tools": [ "*" - ] + ], + "env": { + "GOOGLE_MAPS_API_KEY": "${{ secrets.GOOGLE_MAPS_API_KEY }}" + } }, "hackernews": { "type": "stdio", @@ -491,7 +507,11 @@ jobs: "container": "mcp/kubernetes", "tools": [ "*" - ] + ], + "env": { + "KUBECONFIG": "${{ secrets.KUBECONFIG || '/dev/null' }}", + "KUBERNETES_CLUSTER_URL": "${{ secrets.KUBERNETES_CLUSTER_URL || '' }}" + } }, "memory": { "type": "stdio", @@ -512,7 +532,10 @@ jobs: "container": "mcp/puppeteer", "tools": [ "*" - ] + ], + "env": { + "PUPPETEER_SKIP_CHROMIUM_DOWNLOAD": "false" + } }, "safeoutputs": { "type": "http", @@ -526,7 +549,10 @@ jobs: "container": "mcp/sentry", "tools": [ "*" - ] + ], + "env": { + "SENTRY_DSN": "${{ secrets.SENTRY_DSN }}" + } }, "sequential-thinking": { "type": "stdio", @@ -540,7 +566,11 @@ jobs: "container": "mcp/slack", "tools": [ "*" - ] + ], + "env": { + "SLACK_BOT_TOKEN": "${{ secrets.SLACK_BOT_TOKEN }}", + "SLACK_TEAM_ID": "${{ secrets.SLACK_TEAM_ID }}" + } }, "sqlite": { "type": "stdio", @@ -807,13 +837,20 @@ jobs: const { main } = require('/opt/gh-aw/actions/redact_secrets.cjs'); await main(); env: - GH_AW_SECRET_NAMES: 'COPILOT_GITHUB_TOKEN,EVERART_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN' + GH_AW_SECRET_NAMES: 'BRAVE_API_KEY,COPILOT_GITHUB_TOKEN,EVERART_API_KEY,GH_AW_GITHUB_MCP_SERVER_TOKEN,GH_AW_GITHUB_TOKEN,GITHUB_TOKEN,GOOGLE_APPLICATION_CREDENTIALS,GOOGLE_MAPS_API_KEY,KUBECONFIG,KUBERNETES_CLUSTER_URL,SENTRY_DSN,SLACK_BOT_TOKEN,SLACK_TEAM_ID' + SECRET_BRAVE_API_KEY: ${{ secrets.BRAVE_API_KEY }} SECRET_COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} SECRET_EVERART_API_KEY: ${{ secrets.EVERART_API_KEY }} SECRET_GH_AW_GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }} SECRET_GH_AW_GITHUB_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }} SECRET_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SECRET_GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} + SECRET_GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }} + SECRET_KUBECONFIG: ${{ secrets.KUBECONFIG }} + SECRET_KUBERNETES_CLUSTER_URL: ${{ secrets.KUBERNETES_CLUSTER_URL }} + SECRET_SENTRY_DSN: ${{ secrets.SENTRY_DSN }} + SECRET_SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + SECRET_SLACK_TEAM_ID: ${{ secrets.SLACK_TEAM_ID }} - name: Upload Safe Outputs if: always() uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0