qa-mcp 1.0.0__tar.gz

qa_mcp-1.0.0/.dockerignore

@@ -0,0 +1,64 @@
+# Git
+.git
+.gitignore
+
+# Python
+__pycache__
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual environments
+.venv
+venv/
+ENV/
+env/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.nox/
+
+# Documentation
+docs/_build/
+*.md
+!README.md
+
+# CI/CD
+.github/
+
+# Docker
+Dockerfile*
+docker-compose*.yml
+.dockerignore
+
+# Misc
+.DS_Store
+*.log
+.env
+.env.*

qa_mcp-1.0.0/.github/RELEASE_TEMPLATE.md

@@ -0,0 +1,53 @@
+# QA-MCP v{VERSION} Release
+
+## 🎉 Highlights
+
+{Brief summary of key features/improvements in this release}
+
+## 📦 Installation
+
+### Using pip
+```bash
+pip install qa-mcp=={VERSION}
+```
+
+### Using uv (recommended)
+```bash
+uv pip install qa-mcp=={VERSION}
+```
+
+### Using Docker
+```bash
+docker pull atakanemree/qa-mcp:{VERSION}
+docker run -i --rm atakanemree/qa-mcp:{VERSION}
+```
+
+### From source
+```bash
+git clone --branch v{VERSION} https://github.com/Atakan-Emre/McpTestGenerator.git
+cd McpTestGenerator
+pip install -e .
+```
+
+## 🔄 Changes
+
+See the [CHANGELOG](https://github.com/Atakan-Emre/McpTestGenerator/blob/main/CHANGELOG.md#v{VERSION_ANCHOR}) for detailed changes.
+
+## ⚠️ Breaking Changes
+
+{List any breaking changes, or write "None" if there are no breaking changes}
+
+## 📚 Documentation
+
+- [README](https://github.com/Atakan-Emre/McpTestGenerator#readme)
+- [Usage Guide](https://github.com/Atakan-Emre/McpTestGenerator/blob/main/USAGE.md)
+- [Contributing](https://github.com/Atakan-Emre/McpTestGenerator/blob/main/CONTRIBUTING.md)
+- [Docker Hub](https://hub.docker.com/r/atakanemree/qa-mcp)
+
+## 🙏 Contributors
+
+Thanks to all contributors who made this release possible!
+
+---
+
+**Full Changelog**: https://github.com/Atakan-Emre/McpTestGenerator/compare/v{PREV_VERSION}...v{VERSION}

qa_mcp-1.0.0/.github/workflows/ci.yml

@@ -0,0 +1,130 @@
+# QA-MCP Continuous Integration
+# Runs on every push and pull request
+
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+
+env:
+  PYTHON_VERSION: "3.11"
+
+jobs:
+  # ==========================================================================
+  # Code Quality
+  # ==========================================================================
+  lint:
+    name: Lint & Type Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ruff mypy
+          pip install -e .
+
+      - name: Run Ruff (linting)
+        run: ruff check src/
+
+      - name: Run Ruff (formatting)
+        run: ruff format --check src/
+
+      - name: Run MyPy (type checking)
+        run: mypy src/qa_mcp --ignore-missing-imports
+        continue-on-error: true
+
+  # ==========================================================================
+  # Tests
+  # ==========================================================================
+  test:
+    name: Test (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Run tests
+        run: |
+          pytest tests/ -v --cov=qa_mcp --cov-report=xml --cov-report=html
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        if: matrix.python-version == '3.11'
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: false
+
+  # ==========================================================================
+  # Security Scan
+  # ==========================================================================
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install bandit safety
+
+      - name: Run Bandit (security linter)
+        run: bandit -r src/qa_mcp -ll
+
+      - name: Check dependencies for vulnerabilities
+        run: |
+          pip install -e .
+          safety check --full-report || true
+
+  # ==========================================================================
+  # Docker Build Test
+  # ==========================================================================
+  docker-build:
+    name: Docker Build Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          load: true
+          tags: atakanemree/qa-mcp:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Test Docker image
+        run: |
+          docker run --rm atakanemree/qa-mcp:test --help

qa_mcp-1.0.0/.github/workflows/dockerhub-description.yml

@@ -0,0 +1,28 @@
+# Docker Hub Description Sync
+# Syncs DOCKERHUB.md to Docker Hub repository description
+
+name: Docker Hub Description
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'DOCKERHUB.md'
+  workflow_dispatch:
+
+jobs:
+  update-description:
+    name: Update Docker Hub Description
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: atakanemree/qa-mcp
+          readme-filepath: ./DOCKERHUB.md
+          short-description: "QA-MCP: Test Standardization & Orchestration MCP Server for LLM clients"

qa_mcp-1.0.0/.github/workflows/publish-pypi.yml

@@ -0,0 +1,90 @@
+# Publish to PyPI
+# This workflow automatically publishes the package to PyPI when a new release is created
+
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      publish_target:
+        description: "Publish destination"
+        required: true
+        default: testpypi
+        type: choice
+        options:
+          - testpypi
+          - pypi
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-publish:
+    name: Build and publish to PyPI
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install build dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build twine
+
+      - name: Build package
+        run: python -m build
+
+      - name: Check package
+        run: twine check dist/*
+
+      - name: Resolve package version
+        run: |
+          python - <<'PY'
+          import tomllib
+          from pathlib import Path
+
+          pyproject = Path("pyproject.toml")
+          version = tomllib.loads(pyproject.read_text())["project"]["version"]
+          print(f"PACKAGE_VERSION={version}")
+          with open("/tmp/package_version.env", "w") as f:
+              f.write(f"PACKAGE_VERSION={version}\n")
+          PY
+          cat /tmp/package_version.env >> "$GITHUB_ENV"
+
+      - name: Resolve publish target
+        run: |
+          if [ "${{ github.event_name }}" = "release" ]; then
+            echo "PUBLISH_TARGET=pypi" >> "$GITHUB_ENV"
+          else
+            echo "PUBLISH_TARGET=${{ github.event.inputs.publish_target }}" >> "$GITHUB_ENV"
+          fi
+
+      - name: Publish to Test PyPI
+        if: env.PUBLISH_TARGET == 'testpypi'
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.TEST_PYPI_API_TOKEN }}
+        run: |
+          twine upload --repository testpypi dist/* --skip-existing
+
+      - name: Publish to PyPI
+        if: env.PUBLISH_TARGET == 'pypi'
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+        run: |
+          twine upload dist/*
+
+      - name: Verify PyPI upload
+        if: env.PUBLISH_TARGET == 'pypi'
+        run: |
+          sleep 60  # Wait for PyPI to process
+          pip install qa-mcp==${PACKAGE_VERSION} || echo "Package may still be processing on PyPI"

qa_mcp-1.0.0/.github/workflows/release.yml

@@ -0,0 +1,133 @@
+# QA-MCP Release Pipeline
+# Builds and publishes multi-arch Docker images to Docker Hub
+# Triggered on version tags (v*.*.*)
+
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: atakanemree/qa-mcp
+
+jobs:
+  # ==========================================================================
+  # Build and Push Multi-Arch Docker Image
+  # ==========================================================================
+  docker-publish:
+    name: Build & Push Docker Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write  # For SBOM signing
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU (for multi-arch)
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # Semantic versioning tags
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            # Latest tag for newest release
+            type=raw,value=latest
+
+      - name: Extract version from tag
+        id: version
+        run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT
+
+      - name: Build and push multi-arch image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          # SBOM and provenance for supply chain security
+          sbom: true
+          provenance: mode=max
+
+      - name: Generate SBOM
+        uses: anchore/sbom-action@v0
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.VERSION }}
+          format: spdx-json
+          output-file: sbom.spdx.json
+
+      - name: Upload SBOM artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom
+          path: sbom.spdx.json
+
+  # ==========================================================================
+  # Create GitHub Release
+  # ==========================================================================
+  github-release:
+    name: Create GitHub Release
+    needs: docker-publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download SBOM
+        uses: actions/download-artifact@v4
+        with:
+          name: sbom
+
+      - name: Extract version from tag
+        id: version
+        run: echo "VERSION=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: QA-MCP v${{ steps.version.outputs.VERSION }}
+          body: |
+            ## QA-MCP v${{ steps.version.outputs.VERSION }}
+            
+            ### Docker Image
+            ```bash
+            docker pull atakanemree/qa-mcp:${{ steps.version.outputs.VERSION }}
+            ```
+            
+            ### Multi-arch Support
+            - `linux/amd64` (Intel/AMD)
+            - `linux/arm64` (Apple Silicon, ARM servers)
+            
+            ### Changelog
+            See [CHANGELOG.md](CHANGELOG.md) for details.
+            
+            ### Supply Chain Security
+            - SBOM included (SPDX format)
+            - Provenance attestation enabled
+          files: |
+            sbom.spdx.json
+          generate_release_notes: true
+

qa_mcp-1.0.0/.github/workflows/security.yml

@@ -0,0 +1,122 @@
+# QA-MCP Security Scanning
+# Weekly security scans and on push to main
+
+name: Security
+
+on:
+  push:
+    branches: [main]
+  schedule:
+    # Run weekly on Monday at 00:00 UTC
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
+
+jobs:
+  # ==========================================================================
+  # Dependency Vulnerability Scan
+  # ==========================================================================
+  dependency-scan:
+    name: Dependency Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install safety pip-audit
+          pip install -e .
+
+      - name: Run Safety check
+        run: safety check --full-report
+        continue-on-error: true
+
+      - name: Run pip-audit
+        run: pip-audit
+        continue-on-error: true
+
+  # ==========================================================================
+  # Container Security Scan
+  # ==========================================================================
+  container-scan:
+    name: Container Security Scan
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image for scanning
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          load: true
+          tags: atakanemree/qa-mcp:scan
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'atakanemree/qa-mcp:scan'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+        continue-on-error: true
+
+      - name: Upload Trivy scan results
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+        continue-on-error: true
+
+  # ==========================================================================
+  # Code Security Analysis (CodeQL)
+  # ==========================================================================
+  codeql:
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: python
+          queries: security-and-quality
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:python"
+
+  # ==========================================================================
+  # Secret Scanning
+  # ==========================================================================
+  secret-scan:
+    name: Secret Scanning
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        continue-on-error: true