Skip to content

Upgrade deps, improve CI and release process#8

Open
jamiew wants to merge 4 commits intomainfrom
upgrades
Open

Upgrade deps, improve CI and release process#8
jamiew wants to merge 4 commits intomainfrom
upgrades

Conversation

@jamiew
Copy link
Copy Markdown
Owner

@jamiew jamiew commented Feb 2, 2026

Modernize the repo with updated dependencies and better CI/DX tooling.

  • Update MCP SDK from 1.12 to 1.26 (latest)
  • Bump dev deps: ruff, pytest, mypy, bandit
  • Add test coverage reporting to CI (Codecov)
  • Add automated release workflow for tag pushes
  • Add pre-commit hooks config for local dev
  • Bump version to 0.3.0

jamiew added 3 commits February 2, 2026 11:19
@jamiew
Upgrade dependencies and improve CI/release process
434f26e 
- Update MCP SDK from 1.12.0 to 1.26.0 (resource metadata, better errors)
- Update dev dependencies: ruff 0.9+, pytest 8.3+, mypy 1.14+, bandit 1.8+
- Add test coverage reporting with Codecov integration
- Add automated release workflow for tag-based releases
- Add pre-commit hooks for local development (ruff, mypy, bandit)
- Fix code formatting in fastmcp_server.py
- Bump version to 0.3.0
@jamiew
Remove Codecov, keep CI simple
a6e84c9
@jamiew
Add pytest to pre-commit, add mypy to release workflow
16d55cc
@claude
Copy link
Copy Markdown

claude Bot commented Feb 2, 2026

🔍 Comprehensive PR Review: Upgrade deps, improve CI and release process

Overall Assessment: Request Changes ⚠️

This PR brings valuable infrastructure improvements, but has two critical gaps that violate the project's documented quality standards in CLAUDE.md.

🎯 Executive Summary

Key Changes:

  • ✅ MCP SDK: 1.12.0 → 1.26.0 (14 minor versions)
  • ✅ Dev dependencies: Updated to latest versions
  • ✅ New automated release workflow for tag pushes
  • ✅ Pre-commit hooks for local development
  • ✅ Version bump: 0.2.0 → 0.3.0

Critical Findings: 2 blocking issues, 1 discrepancy, 3 recommendations

🚨 Critical Issues (Must Fix)

1. Release Workflow Missing Type Checking

Issue: .github/workflows/release.yml runs tests but skips mypy entirely.

CLAUDE.md violation:

Quality Gates: Before any commit, ALWAYS run:

  • uv run mypy src/ - Type checking must pass
  • uv run pytest - All tests must pass

Fix Required:
Add after line 33 in .github/workflows/release.yml:

  • name: Run type checking
    run: uv run mypy src/

2. Pre-commit Hooks Missing pytest

Issue: .pre-commit-config.yaml includes mypy but omits pytest.

CLAUDE.md violation: Same as above - both mypy AND pytest must run before commits.

Fix Required:
Add after the mypy hook (after line 16) in .pre-commit-config.yaml:

  • repo: local
    hooks:
    • id: pytest
      name: pytest
      entry: uv run pytest
      language: system
      types: [python]
      pass_filenames: false

⚠️ Non-Blocking Issues

3. PR Description Discrepancy

Issue: Description claims "Add test coverage reporting to CI (Codecov)" but I don't see any Codecov integration in the diff.

Recommendation: Either add the missing Codecov integration or update the PR description.

4. Major Version Jump: pytest-cov

Issue: pytest-cov jumped from 4.0.0 to 6.0.0, skipping an entire major version.

Recommendation: Test coverage reporting locally before merge:
uv run pytest --cov=src/spotify_mcp --cov-report=xml --cov-report=term-missing

✅ What's Good

Dependency Updates

  • All updates are from trusted sources with no known CVEs
  • MCP SDK 14-version jump appears backward compatible (only formatting changes in code)
  • Dev dependencies are sensible updates

Release Workflow

  • ✅ Proper permissions (contents: write)
  • ✅ Runs tests before building
  • ✅ Generates changelog from git commits
  • ✅ Creates GitHub release with build artifacts
  • ✅ Includes helpful installation instructions
  • ✅ No hardcoded credentials (uses GITHUB_TOKEN correctly)

Pre-commit Hooks

  • ✅ Ruff for linting and formatting (auto-fix enabled)
  • ✅ MyPy for type checking
  • ✅ Bandit for security scanning
  • ✅ Standard pre-commit hooks (trailing whitespace, YAML checks, etc.)

Code Changes

  • ✅ Purely cosmetic formatting improvements in fastmcp_server.py
  • ✅ No functional changes introduced
  • ✅ Consistent with ruff configuration

Security

  • ✅ No credentials or API keys in code
  • ✅ Proper secret handling in workflows
  • ✅ Bandit security scanner included
  • ✅ Docker security check preserved

🧪 Pre-merge Testing Checklist

Before merging, verify:

  • uv run mypy src/ passes with new mypy version
  • uv run pytest -v passes with new pytest versions
  • uv run pytest --cov=src/spotify_mcp --cov-report=term-missing works with pytest-cov 6.0
  • Manual testing of all 13 MCP tools with SDK 1.26.0
  • pre-commit run --all-files passes (after installing pre-commit)
  • Release workflow tested with a test tag (e.g., v0.3.0-rc1)

📋 Optional Improvements

  1. Document pre-commit hook installation - Add to CLAUDE.md or README
  2. Consider ruff formatting config - Line 907 change reduces readability (multi-line arithmetic compressed to one line)
  3. Add .codecov.yml - If/when Codecov is added, configure coverage thresholds

🎯 Recommendation

Request Changes - Fix the two critical issues (add mypy to release workflow, add pytest to pre-commit hooks) to maintain the project's quality gates per CLAUDE.md.

After these fixes, this will be an excellent enhancement to the repository! 🚀

🤖 Generated with Claude Code

Repository owner deleted a comment from claude Bot Feb 2, 2026
Repository owner deleted a comment from claude Bot Feb 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jamiew