A Deno-based MCP (Model Context Protocol) service that helps you securely reference GitHub Actions by providing:
- Latest version lookup for any GitHub Action
- Commit SHA retrieval for specific version tags
- Immutability status checking for releases
- Ready-to-use SHA-pinned references
- Workflow analysis with update level detection (major/minor/patch)
- Safe update suggestions that avoid breaking changes
GitHub Actions referenced by tag (e.g., actions/checkout@v4) can be vulnerable
to supply chain attacks if the tag is moved to point to malicious code. This MCP
service helps you:
- Find the commit SHA for any action version
- Check if a release is immutable (protected from modification)
- Get secure references in the format
owner/repo@sha # version
- Deno 2.x or later
Add to your Claude Desktop configuration (claude_desktop_config.json):
{
"mcpServers": {
"github-actions": {
"command": "deno",
"args": [
"run",
"--allow-net",
"--allow-env",
"--allow-run=gh",
"/path/to/mcp-github-actions/main.ts"
],
"env": {
"GITHUB_TOKEN": "your-github-token-optional"
}
}
}
}claude mcp add github-actions -- deno run --allow-net --allow-env --allow-run=gh /path/to/mcp-github-actions/main.tsThe service is available as a Docker image using stdio transport.
Pull the image:
docker pull ghcr.io/tripletex/mcp-github-action:latestRun directly:
docker run --rm -i -e GITHUB_TOKEN ghcr.io/tripletex/mcp-github-action:latestClaude Desktop configuration:
{
"mcpServers": {
"github-actions": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e",
"GITHUB_TOKEN",
"ghcr.io/tripletex/mcp-github-action:latest"
],
"env": {
"GITHUB_TOKEN": "your-github-token-optional"
}
}
}
}Once configured, ask Claude to look up GitHub Actions:
Example prompts:
- "Look up the latest version of actions/checkout"
- "Get the secure reference for actions/setup-node@v4"
- "Check if actions/cache@v4.2.0 is immutable"
- "List all versions of actions/upload-artifact"
- "Analyze my workflow file for outdated actions"
- "Suggest safe updates for my CI workflow"
- "What's the latest v4.x version of actions/checkout?"
| Parameter | Type | Required | Description |
|---|---|---|---|
action |
string | Yes | Action reference (e.g., actions/checkout or actions/checkout@v4) |
include_all_versions |
boolean | No | List all available versions (default: false) |
Action: actions/checkout
Latest Version: v6.0.1
Commit SHA: 8e8c483db84b4bee98b60c0593521ed34d9990e8
Immutable: No
Published: 2025-12-02T16:38:59Z
Recommended Usage (SHA-pinned):
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
Security Notes:
- WARNING: This release is NOT immutable. The tag could potentially be moved to a different commit.
- Using the SHA-pinned reference provides protection against tag tampering.
- SHA-pinned references prevent supply chain attacks by ensuring you always use the exact same code.
Analyze a GitHub Actions workflow file and show version status for all actions. Reports current vs latest versions, update levels (major/minor/patch), and risk assessment.
| Parameter | Type | Required | Description |
|---|---|---|---|
workflow_content |
string | Yes | The workflow YAML content to analyze |
only_updates |
boolean | No | Only show actions that need updates (default: false) |
## Summary
Total actions: 6
Up to date: 1
Major updates available: 2 β οΈ
Minor updates available: 2
Patch updates available: 1
## Actions
| Action | Current | Latest | Update | Risk |
|--------|---------|--------|--------|------|
| actions/checkout | v4.2.2 | v6.0.1 | β οΈ Major | π΄ High |
| actions/setup-node | v4.1.0 | v6.2.0 | β οΈ Major | π΄ High |
| docker/login-action | v3.3.0 | v3.6.0 | π¦ Minor | π‘ Medium |
| docker/build-push-action | v6.9.0 | v6.18.0 | π¦ Minor | π‘ Medium |
| appleboy/ssh-action | v1.2.0 | v1.2.4 | π§ Patch | π’ Low |
## Safe Updates (Minor/Patch)
...
## Major Updates (Review Required)
...
Suggest safe updates for GitHub Actions in a workflow. Returns only safe updates (minor/patch) and suggestions to stay current within major versions.
| Parameter | Type | Required | Description |
|---|---|---|---|
workflow_content |
string | Yes | The workflow YAML content to analyze |
risk_tolerance |
string | No | "patch" = only patches, "minor" = patch + minor (default), "all" = all |
## Summary
Total actions analyzed: 6
Already up to date: 1
Safe updates available: 3
Actions with major updates: 2 (staying on current major)
## Safe Updates
These updates are safe to apply:
### π¦ docker/login-action: v3.3.0 β v3.6.0
Minor version update - new features, backwards compatible
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.6.0
### π§ appleboy/ssh-action: v1.2.0 β v1.2.4
Patch version update - bug fixes only
uses: appleboy/ssh-action@2ead5e36573714d0d3cfcbac3646c3e0f09ec849 # v1.2.4
## Updates Within Current Major
These actions have major updates available, but you can safely update within your current major version:
### actions/checkout: v4.2.2 β v4.2.2
Safe update within v4.x (latest overall is v6.0.1)
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Get the latest version of a GitHub Action within the same major version. Useful for safe updates that avoid breaking changes.
| Parameter | Type | Required | Description |
|---|---|---|---|
action |
string | Yes | Action reference with version (e.g., actions/checkout@v4 or @v4.1.0) |
Action: actions/checkout
Current Version: v4
Major Version: v4
Latest in v4.x: v4.2.2
Commit SHA: 11bd71901bbe5b1630ceea73d27597364c9af683
Immutable: Yes
Note: Latest overall is v6.0.1
Recommended Usage (SHA-pinned):
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
The service supports multiple authentication methods, checked in the following order:
- Org-specific tokens (
GITHUB_TOKEN_<ORG>) - For multi-org scenarios - Environment variable (
GITHUB_TOKEN) - Explicit token configuration - GitHub CLI (
gh auth token) - Automatic token from logged-inghCLI - Unauthenticated - Public repositories only with rate limits
- Works for public repositories only
- Rate limit: 60 requests/hour
- No setup required
If you have the GitHub CLI installed and authenticated:
gh auth loginThe service will automatically use your gh CLI token when no explicit token is
configured. This is convenient for local development and doesn't require
managing separate tokens.
Permissions note: The service needs --allow-run=gh permission to execute
the gh command.
Set the GITHUB_TOKEN environment variable:
- Works for private repositories
- Rate limit: 5,000 requests/hour
- Required for organization private actions
- Recommended for production deployments
For accessing private repositories across multiple organizations, configure org-specific tokens:
# Org-specific tokens (format: GITHUB_TOKEN_<ORG_NAME>)
# Hyphens in org names become underscores, all uppercase
GITHUB_TOKEN_MY_ORG=ghp_xxx... # For My-Org
GITHUB_TOKEN_OTHER_ORG=ghp_yyy... # For Other-Org
GITHUB_TOKEN=ghp_zzz... # Fallback for public reposToken resolution order:
- Org-specific token (
GITHUB_TOKEN_<ORG>) - Fallback token (
GITHUB_TOKEN) - GitHub CLI token (
gh auth token) - Unauthenticated (public repos only)
Supported token types and required permissions:
| Token Type | Required Permissions | Notes |
|---|---|---|
| Fine-grained PAT | Contents: Read + Metadata: Read |
Recommended - scoped to specific repos/orgs |
| Classic PAT | repo scope |
Broader access - use only if fine-grained isn't suitable |
| GitHub App | Contents: Read |
Recommended for organizations |
Note: For private repositories, the token must have read access to repository contents. Without proper permissions, you'll receive a 404 error when looking up private actions.
Example Claude Desktop config with multi-org:
{
"mcpServers": {
"github-actions": {
"command": "deno",
"args": [
"run",
"--allow-net",
"--allow-env",
"--allow-run=gh",
"/path/to/mcp-github-actions/main.ts"
],
"env": {
"GITHUB_TOKEN_MY_ORG": "ghs_xxx...",
"GITHUB_TOKEN_OTHER_ORG": "ghs_yyy...",
"GITHUB_TOKEN": "ghp_zzz..."
}
}
}
}To avoid using releases that are too new (which may contain undiscovered bugs or be part of a supply chain attack), you can configure a minimum age requirement:
# Skip releases published within the last 5 days
MIN_RELEASE_AGE_DAYS=5When set, the service will:
- Skip the absolute latest release if it's newer than the threshold
- Return the most recent release that meets the age requirement
- Display the release age in the output
- Add a note in security notes when filtering is active
Example with minimum age:
Action: actions/checkout
Latest Version: v6.0.1
Commit SHA: 8e8c483db84b4bee98b60c0593521ed34d9990e8
Immutable: No
Published: 2025-12-02T16:38:59Z (52 days ago)
Security Notes:
- Minimum release age filter active: only considering releases at least 5 days old.
If no release meets the age requirement, an error will be returned indicating the latest release's age.
Claude Desktop config with minimum age:
{
"mcpServers": {
"github-actions": {
"command": "deno",
"args": [
"run",
"--allow-net",
"--allow-env",
"--allow-run=gh",
"/path/to/mcp-github-actions/main.ts"
],
"env": {
"GITHUB_TOKEN": "ghp_xxx...",
"MIN_RELEASE_AGE_DAYS": "5"
}
}
}
}# Run the server
deno task start
# Run with watch mode (auto-reload)
deno task dev
# Type check
deno task check
# Lint
deno task lint
# Format
deno task fmt
# Compile to binary
deno task compile- Always use SHA-pinned references in production workflows
- Check immutability status - immutable releases cannot be modified
- Add version comments for maintainability:
@sha # v4.2.0 - Use Dependabot/Renovate to keep SHA references updated
MIT