ci: correct Trivy action repository reference format

- Update Trivy action reference to use the correct repository format Signed-off-by: appleboy <appleboy.tw@gmail.com>
ci: update Trivy action to use full GitHub URL reference
2025-08-24 14:53:06 +00:00 · 2025-07-31 22:03:12 +08:00 · 2025-07-31 21:57:34 +08:00 · 2025-07-31 21:23:55 +08:00 · 2025-07-27 06:23:38 +00:00 · 2025-07-21 09:04:37 +00:00
6 changed files with 108 additions and 68 deletions
--- a/.gitea/workflows/test-pr.yml
+++ b/.gitea/workflows/test-pr.yml
@@ -24,3 +24,18 @@ jobs:
        with:
          go-version-file: 'go.mod'
          go-package: ./...
  code-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@0.28.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          output: 'trivy-results.sarif'
          exit-code: '1'
          severity: 'CRITICAL,HIGH'
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.24.0
 require (
 	code.gitea.io/sdk/gitea v0.21.0
-	github.com/mark3labs/mcp-go v0.30.0
+	github.com/mark3labs/mcp-go v0.35.0
 	go.uber.org/zap v1.27.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 )
@@ -15,9 +15,9 @@ require (
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
-	github.com/spf13/cast v1.8.0 // indirect
+	github.com/spf13/cast v1.9.2 // indirect
 	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.38.0 // indirect
+	golang.org/x/crypto v0.40.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -20,14 +20,14 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mark3labs/mcp-go v0.30.0 h1:Taz7fiefkxY/l8jz1nA90V+WdM2eoMtlvwfWforVYbo=
+github.com/mark3labs/mcp-go v0.35.0 h1:eh5bJGGVkNEaehCbPmAFqFgk/SB18YvxmsR2rnPm8BQ=
-github.com/mark3labs/mcp-go v0.30.0/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=
+github.com/mark3labs/mcp-go v0.35.0/go.mod h1:rXqOudj/djTORU/ThxYx8fqEVj/5pvTuuebQ2RC7uk4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/spf13/cast v1.8.0 h1:gEN9K4b8Xws4EX0+a0reLmhq8moKn7ntRlQYgjPeCDk=
+github.com/spf13/cast v1.9.2 h1:SsGfm7M8QOFtEzumm7UZrZdLLquNdzFYfIbEXntcFbE=
-github.com/spf13/cast v1.8.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cast v1.9.2/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=
@@ -41,18 +41,18 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
-golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
--- a/operation/operation.go
+++ b/operation/operation.go
@@ -2,6 +2,7 @@ package operation
 import (
 	"fmt"
 	"time"
 	"gitea.com/gitea/gitea-mcp/operation/issue"
 	"gitea.com/gitea/gitea-mcp/operation/pull"
@@ -44,17 +45,25 @@ func Run() error {
 	RegisterTool(mcpServer)
 	switch flag.Mode {
 	case "stdio":
-		if err := server.ServeStdio(mcpServer); err != nil {
+		if err := server.ServeStdio(
 			mcpServer,
 		); err != nil {
 			return err
 		}
 	case "sse":
-		sseServer := server.NewSSEServer(mcpServer)
+		sseServer := server.NewSSEServer(
 			mcpServer,
 		)
 		log.Infof("Gitea MCP SSE server listening on :%d", flag.Port)
 		if err := sseServer.Start(fmt.Sprintf(":%d", flag.Port)); err != nil {
 			return err
 		}
 	case "http":
-		httpServer := server.NewStreamableHTTPServer(mcpServer)
+		httpServer := server.NewStreamableHTTPServer(
 			mcpServer,
 			server.WithLogger(log.New()),
 			server.WithHeartbeatInterval(30*time.Second),
 		)
 		log.Infof("Gitea MCP HTTP server listening on :%d", flag.Port)
 		if err := httpServer.Start(fmt.Sprintf(":%d", flag.Port)); err != nil {
 			return err
--- a/pkg/log/log.go
+++ b/pkg/log/log.go
@@ -19,53 +19,55 @@ var (
 func Default() *zap.Logger {
 	defaultLoggerOnce.Do(func() {
-		if defaultLogger == nil {
+		if defaultLogger != nil {
-			ec := zap.NewProductionEncoderConfig()
+			return
 			ec.EncodeTime = zapcore.TimeEncoderOfLayout(time.DateTime)
 			ec.EncodeLevel = zapcore.CapitalLevelEncoder
 			var ws zapcore.WriteSyncer
 			var wss []zapcore.WriteSyncer
 			home, _ := os.UserHomeDir()
 			if home == "" {
 				home = os.TempDir()
 			}
 			logDir := fmt.Sprintf("%s/.gitea-mcp", home)
 			if err := os.MkdirAll(logDir, 0o700); err != nil {
 				// Fallback to temp directory if creation fails
 				logDir = os.TempDir()
 			}
 			wss = append(wss, zapcore.AddSync(&lumberjack.Logger{
 				Filename:   fmt.Sprintf("%s/gitea-mcp.log", logDir),
 				MaxSize:    100,
 				MaxBackups: 10,
 				MaxAge:     30,
 			}))
 			if flag.Mode == "http" || flag.Mode == "sse" {
 				wss = append(wss, zapcore.AddSync(os.Stdout))
 			}
 			ws = zapcore.NewMultiWriteSyncer(wss...)
 			enc := zapcore.NewConsoleEncoder(ec)
 			var level zapcore.Level
 			if flag.Debug {
 				level = zapcore.DebugLevel
 			} else {
 				level = zapcore.InfoLevel
 			}
 			core := zapcore.NewCore(enc, ws, level)
 			options := []zap.Option{
 				zap.AddStacktrace(zapcore.DPanicLevel),
 				zap.AddCaller(),
 				zap.AddCallerSkip(1),
 			}
 			defaultLogger = zap.New(core, options...)
 		}
 		ec := zap.NewProductionEncoderConfig()
 		ec.EncodeTime = zapcore.TimeEncoderOfLayout(time.DateTime)
 		ec.EncodeLevel = zapcore.CapitalLevelEncoder
 		var ws zapcore.WriteSyncer
 		var wss []zapcore.WriteSyncer
 		home, _ := os.UserHomeDir()
 		if home == "" {
 			home = os.TempDir()
 		}
 		logDir := fmt.Sprintf("%s/.gitea-mcp", home)
 		if err := os.MkdirAll(logDir, 0o700); err != nil {
 			// Fallback to temp directory if creation fails
 			logDir = os.TempDir()
 		}
 		wss = append(wss, zapcore.AddSync(&lumberjack.Logger{
 			Filename:   fmt.Sprintf("%s/gitea-mcp.log", logDir),
 			MaxSize:    100,
 			MaxBackups: 10,
 			MaxAge:     30,
 		}))
 		if flag.Mode == "http" || flag.Mode == "sse" {
 			wss = append(wss, zapcore.AddSync(os.Stdout))
 		}
 		ws = zapcore.NewMultiWriteSyncer(wss...)
 		enc := zapcore.NewConsoleEncoder(ec)
 		var level zapcore.Level
 		if flag.Debug {
 			level = zapcore.DebugLevel
 		} else {
 			level = zapcore.InfoLevel
 		}
 		core := zapcore.NewCore(enc, ws, level)
 		options := []zap.Option{
 			zap.AddStacktrace(zapcore.DPanicLevel),
 			zap.AddCaller(),
 			zap.AddCallerSkip(1),
 		}
 		defaultLogger = zap.New(core, options...)
 	})
 	return defaultLogger
@@ -77,8 +79,22 @@ func SetDefault(logger *zap.Logger) {
 	}
 }
-func Logger() *zap.Logger {
+func New() *Logger {
-	return defaultLogger
+	return &Logger{
 		defaultLogger: Default(),
 	}
 }
 type Logger struct {
 	defaultLogger *zap.Logger
 }
 func (l *Logger) Infof(msg string, args ...any) {
 	l.defaultLogger.Sugar().Infof(msg, args...)
 }
 func (l *Logger) Errorf(msg string, args ...any) {
 	l.defaultLogger.Sugar().Errorf(msg, args...)
 }
 func Debug(msg string, fields ...zap.Field) {
--- a/pkg/tool/tool.go
+++ b/pkg/tool/tool.go
@@ -12,8 +12,8 @@ type Tool struct {
 func New() *Tool {
 	return &Tool{
-		write: make([]server.ServerTool, 100),
+		write: make([]server.ServerTool, 0, 100),
-		read:  make([]server.ServerTool, 100),
+		read:  make([]server.ServerTool, 0, 100),
 	}
 }
Author	SHA1	Message	Date
appleboy	9000494a63	ci: correct Trivy action repository reference format - Update Trivy action reference to use the correct repository format Signed-off-by: appleboy <appleboy.tw@gmail.com>	2025-07-31 22:03:12 +08:00
appleboy	3d44b2f8d6	ci: update Trivy action to use full GitHub URL reference - Change Trivy action reference to use the full Git URL for aquasecurity/trivy-action Signed-off-by: appleboy <appleboy.tw@gmail.com>	2025-07-31 21:57:34 +08:00
appleboy	7ce07265b9	ci: integrate Trivy code scanning in PR workflows - Add a code scanning job using Trivy to check for CRITICAL and HIGH severity vulnerabilities during PR workflows Signed-off-by: appleboy <appleboy.tw@gmail.com>	2025-07-31 21:23:55 +08:00
appleboy	eb6b5a8f92	chore: upgrade Go dependencies to latest stable versions (#73 ) - Bump github.com/mark3labs/mcp-go dependency to v0.35.0 - Update github.com/spf13/cast to v1.9.2 - Upgrade golang.org/x/crypto to v0.40.0 - Upgrade golang.org/x/sys to v0.34.0 Signed-off-by: appleboy <appleboy.tw@gmail.com> Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/73 Co-authored-by: appleboy <appleboy.tw@gmail.com> Co-committed-by: appleboy <appleboy.tw@gmail.com>	2025-07-27 06:23:38 +00:00
hiifong	1d9bdb5b44	fix bug	2025-07-21 09:04:37 +00:00
Bo-Yi Wu	093cddbcb6	feat: configure HTTP server heartbeat interval to 30 seconds - Import the time package to support time-based configuration - Set the HTTP server's heartbeat interval to 30 seconds using a new option in its initialization Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-07-18 10:12:26 +08:00
appleboy	5dbfe21127	refactor: refactor logging and server setup for clarity and structure (#64 ) - Refactor server initialization calls in Run to use multiline construction style and explicitly pass options in HTTP mode - Fix logic in Default to prevent redundant logger initialization - Remove unused Logger function and introduce a Logger struct with Infof and Errorf methods for structured logging - Add a New function for creating instances of the Logger struct Signed-off-by: appleboy <appleboy.tw@gmail.com> Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/64 Co-authored-by: appleboy <appleboy.tw@gmail.com> Co-committed-by: appleboy <appleboy.tw@gmail.com>	2025-06-22 10:27:09 +00:00
Alex Kirhenshtein	b85a523983	Bump go-mcp version to 0.32.0 to mitigate Claude desktop connectivity issue (#63 ) Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/63 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Bo-Yi Wu (吳柏毅) <appleboy.tw@gmail.com> Co-authored-by: Alex Kirhenshtein <alk@netxms.org> Co-committed-by: Alex Kirhenshtein <alk@netxms.org>	2025-06-21 03:34:17 +00:00