@iflow-mcp/shell-command-mcp 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.dockleignore +15 -0
- package/.eslintrc.json +23 -0
- package/.github/workflows/docker-build.yaml +102 -0
- package/.prettierignore +2 -0
- package/.prettierrc +7 -0
- package/.prompt.yaml +542 -0
- package/Dockerfile +120 -0
- package/LICENSE +21 -0
- package/Makefile +8 -0
- package/README.md +96 -0
- package/build/execute-bash-script-async.js +255 -0
- package/build/execute-bash-script-sync.js +111 -0
- package/build/index.js +26 -0
- package/client-sequence-example.json +9 -0
- package/docker-compose.yaml +17 -0
- package/entrypoint.sh +31 -0
- package/package.json +43 -0
- package/src/execute-bash-script-async.ts +300 -0
- package/src/execute-bash-script-sync.ts +141 -0
- package/src/index.ts +28 -0
- package/tsconfig.json +17 -0
package/.dockleignore
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# Create a user for the container
|
|
2
|
+
## Run as root to map host user to container user.
|
|
3
|
+
CIS-DI-0001
|
|
4
|
+
|
|
5
|
+
# TODO
|
|
6
|
+
# Avoid sudo command
|
|
7
|
+
DKL-DI-0001
|
|
8
|
+
## Enable Content trust for Docker
|
|
9
|
+
CIS-DI-0005
|
|
10
|
+
## Add HEALTHCHECK instruction to the container image
|
|
11
|
+
CIS-DI-0006
|
|
12
|
+
## Confirm safety of setuid/setgid files
|
|
13
|
+
CIS-DI-0008
|
|
14
|
+
## Only put necessary files
|
|
15
|
+
DKL-LI-0003
|
package/.eslintrc.json
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"parser": "@typescript-eslint/parser",
|
|
3
|
+
"extends": [
|
|
4
|
+
"eslint:recommended",
|
|
5
|
+
"plugin:@typescript-eslint/recommended",
|
|
6
|
+
"plugin:prettier/recommended"
|
|
7
|
+
],
|
|
8
|
+
"plugins": ["@typescript-eslint", "prettier"],
|
|
9
|
+
"env": {
|
|
10
|
+
"node": true,
|
|
11
|
+
"es6": true
|
|
12
|
+
},
|
|
13
|
+
"parserOptions": {
|
|
14
|
+
"ecmaVersion": 2022,
|
|
15
|
+
"sourceType": "module"
|
|
16
|
+
},
|
|
17
|
+
"rules": {
|
|
18
|
+
"prettier/prettier": "error",
|
|
19
|
+
"@typescript-eslint/no-unused-vars": ["error", { "argsIgnorePattern": "^_" }],
|
|
20
|
+
"@typescript-eslint/explicit-function-return-type": "off",
|
|
21
|
+
"@typescript-eslint/explicit-module-boundary-types": "off"
|
|
22
|
+
}
|
|
23
|
+
}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
name: Build and Push Docker Image
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
release:
|
|
5
|
+
types: [published]
|
|
6
|
+
push:
|
|
7
|
+
branches:
|
|
8
|
+
- main
|
|
9
|
+
workflow_dispatch:
|
|
10
|
+
inputs:
|
|
11
|
+
tag:
|
|
12
|
+
description: 'Git tag to build from'
|
|
13
|
+
required: false
|
|
14
|
+
default: ''
|
|
15
|
+
|
|
16
|
+
env:
|
|
17
|
+
REGISTRY: ghcr.io
|
|
18
|
+
IMAGE_NAME: ${{ github.repository }}
|
|
19
|
+
|
|
20
|
+
jobs:
|
|
21
|
+
build-and-push:
|
|
22
|
+
runs-on: ubuntu-latest
|
|
23
|
+
permissions:
|
|
24
|
+
contents: read
|
|
25
|
+
packages: write
|
|
26
|
+
security-events: write
|
|
27
|
+
|
|
28
|
+
steps:
|
|
29
|
+
- name: Get tag to build
|
|
30
|
+
id: get-tag
|
|
31
|
+
run: |
|
|
32
|
+
if [ "${{ github.event_name }}" = "release" ]; then
|
|
33
|
+
echo "tag=${{ github.event.release.tag_name }}"
|
|
34
|
+
elif [ -n "${{ github.event.inputs.tag }}" ]; then
|
|
35
|
+
echo "tag=${{ github.event.inputs.tag }}"
|
|
36
|
+
elif [ "${{ github.event_name }}" = "push" ] && [ "${{ github.ref }}" = "refs/heads/main" ]; then
|
|
37
|
+
echo "tag=main"
|
|
38
|
+
else
|
|
39
|
+
# Get latest release tag if no tag is specified
|
|
40
|
+
LATEST_TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name)
|
|
41
|
+
echo "tag=${LATEST_TAG}"
|
|
42
|
+
fi \
|
|
43
|
+
| tee -a $GITHUB_OUTPUT
|
|
44
|
+
|
|
45
|
+
- name: Checkout repository
|
|
46
|
+
uses: actions/checkout@v4
|
|
47
|
+
with:
|
|
48
|
+
ref: ${{ steps.get-tag.outputs.tag }}
|
|
49
|
+
|
|
50
|
+
- name: Set up Docker Buildx
|
|
51
|
+
uses: docker/setup-buildx-action@v3
|
|
52
|
+
|
|
53
|
+
- name: Log in to container registry
|
|
54
|
+
uses: docker/login-action@v3
|
|
55
|
+
with:
|
|
56
|
+
registry: ${{ env.REGISTRY }}
|
|
57
|
+
username: ${{ github.actor }}
|
|
58
|
+
password: ${{ secrets.GITHUB_TOKEN }}
|
|
59
|
+
|
|
60
|
+
- name: Extract Docker metadata
|
|
61
|
+
id: meta
|
|
62
|
+
uses: docker/metadata-action@v5
|
|
63
|
+
with:
|
|
64
|
+
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
65
|
+
tags: |
|
|
66
|
+
type=raw,value=${{ steps.get-tag.outputs.tag }}
|
|
67
|
+
type=raw,value=latest,enable=${{ github.event_name == 'release' || steps.get-tag.outputs.tag == github.event.repository.default_branch }}
|
|
68
|
+
|
|
69
|
+
- name: Build Docker image (for scanning)
|
|
70
|
+
uses: docker/build-push-action@v5
|
|
71
|
+
with:
|
|
72
|
+
context: .
|
|
73
|
+
push: false
|
|
74
|
+
load: true
|
|
75
|
+
tags: ${{ env.IMAGE_NAME }}:test
|
|
76
|
+
labels: ${{ steps.meta.outputs.labels }}
|
|
77
|
+
cache-from: type=gha
|
|
78
|
+
cache-to: type=gha,mode=max
|
|
79
|
+
|
|
80
|
+
- name: Scan image with Dockle
|
|
81
|
+
uses: erzz/dockle-action@v1
|
|
82
|
+
with:
|
|
83
|
+
image: ${{ env.IMAGE_NAME }}:test
|
|
84
|
+
exit-code: 1
|
|
85
|
+
failure-threshold: fatal
|
|
86
|
+
report-format: sarif
|
|
87
|
+
|
|
88
|
+
- name: Upload Dockle scan results
|
|
89
|
+
uses: github/codeql-action/upload-sarif@v3
|
|
90
|
+
with:
|
|
91
|
+
sarif_file: dockle-report.sarif
|
|
92
|
+
category: dockle
|
|
93
|
+
|
|
94
|
+
- name: Push Docker image
|
|
95
|
+
uses: docker/build-push-action@v5
|
|
96
|
+
with:
|
|
97
|
+
context: .
|
|
98
|
+
push: true
|
|
99
|
+
tags: ${{ steps.meta.outputs.tags }}
|
|
100
|
+
labels: ${{ steps.meta.outputs.labels }}
|
|
101
|
+
cache-from: type=gha
|
|
102
|
+
cache-to: type=gha,mode=max
|
package/.prettierignore
ADDED