Configures MCP servers in GitHub Actions workflows with tool permissions, environment variables, and multi-server setups using Node.js, Python/uvx examples. Use for MCP integration in CI/CD.
npx claudepluginhub laurigates/claude-plugins --plugin github-actions-pluginThis skill is limited to using the following tools:
Expert knowledge for configuring MCP (Model Context Protocol) servers in GitHub Actions workflows, including tool permissions and multi-server coordination.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Expert knowledge for configuring MCP (Model Context Protocol) servers in GitHub Actions workflows, including tool permissions and multi-server coordination.
MCP Server Configuration
Tool Access Control
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '{"mcpServers":{"github":{"command":"node","args":["/path/to/server.js"]}}}'
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '{
"mcpServers": {
"github": {
"command": "node",
"args": ["./github-mcp/dist/index.js"],
"env": {"GITHUB_TOKEN": "${{ secrets.GITHUB_TOKEN }}"}
},
"postgres": {
"command": "uvx",
"args": ["mcp-server-postgres", "--connection-string", "${{ secrets.DB_URL }}"]
}
}
}'
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '{
"mcpServers": {
"data-processor": {
"command": "uvx",
"args": ["--from", "my-mcp-package", "run-server"],
"env": {
"API_KEY": "${{ secrets.API_KEY }}"
}
}
}
}'
claude_args: |
--allowedTools 'Bash(npm *)' 'Bash(pytest *)' 'Bash(cargo *)'
permissions:
actions: read # Required for CI/CD tools
claude_args: |
--allowedTools 'Bash(gh run *)' 'Bash(gh workflow *)'
claude_args: |
--allowedTools 'Bash(npm test *)' 'Bash(npm run lint *)' 'Bash(pre-commit *)'
claude_args: |
--allowedTools 'Bash(make *)' 'Bash(docker build *)'
--disallowedTools 'Bash(docker push *)' 'Bash(rm -rf *)'
claude_args: |
--allowedTools 'Bash(docker build *)'
--disallowedTools 'Bash(docker push *)' 'Bash(rm -rf *)' 'Bash(curl *)' 'Bash(wget *)'
Read, Write, Edit, Glob, Grep - File operationsmcp__github - GitHub operations| Pattern | Purpose | Example |
|---|---|---|
'Bash(npm *)' | All npm commands | npm test, npm run build |
'Bash(pytest *)' | Python testing | pytest, pytest --cov |
'Bash(cargo *)' | Rust commands | cargo test, cargo build |
'Bash(go test *)' | Go testing | go test ./... |
'Bash(git *)' | All git commands | git status, git commit |
'Bash(pre-commit *)' | Pre-commit hooks | pre-commit run --all-files |
'Bash(actionlint *)' | Action linting | actionlint .github/workflows/ |
'Bash(gh *)' | GitHub CLI | gh pr create, gh issue list |
| Pattern | Purpose | Use Case |
|---|---|---|
'Bash(make *)' | Make commands | Build automation |
'Bash(docker build *)' | Docker build only | Container creation |
'Bash(kubectl *)' | Kubernetes CLI | K8s operations |
'Bash(terraform *)' | Infrastructure as Code | Terraform operations |
Configuration
Error Handling
# Verify server availability
- run: node ./mcp-server/index.js --version
# Check environment variables
- run: env | grep API_KEY
# Test server locally
- run: |
cd mcp-server
npm install
npm test
Security
# development.yml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--max-turns 20
--allowedTools 'Bash(npm *)' 'Bash(git *)'
# production.yml
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--max-turns 10
--allowedTools 'Bash(npm test *)' 'Bash(npm run lint *)'
--disallowedTools 'Bash(npm publish *)'
# .github/workflows/claude-template.yml
name: Claude Code Template
on:
workflow_call:
secrets:
ANTHROPIC_API_KEY:
required: true
MCP_SECRETS:
required: false
jobs:
claude:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
issues: write
steps:
- uses: actions/checkout@v5
- uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
claude_args: |
--mcp-config '${{ secrets.MCP_SECRETS }}'
# Verify server availability
node ./mcp-server/index.js --version
# Check environment variables
env | grep API_KEY
# Test server locally
cd mcp-server && npm install && npm test
# Enable specific tools
claude_args: |
--allowedTools 'Bash(npm *)' 'Bash(git *)'
# Check tool syntax
# Correct: 'Bash(npm *)'
# Wrong: 'Bash(npm *)'
# Verify additional_permissions
additional_permissions:
actions: read
# Validate workflow syntax
actionlint .github/workflows/claude.yml
# Test locally (with act)
act -j claude
# Check workflow logs
gh run list --workflow=claude.yml
| Option | Purpose | Example |
|---|---|---|
--mcp-config | Configure MCP servers | --mcp-config '{...}' |
--allowedTools | Permit specific tools | 'Bash(npm *)' |
--disallowedTools | Block specific tools | 'Bash(rm -rf *)' |
--max-turns | Limit conversation length | --max-turns 10 |
| Secret | Purpose | Format |
|---|---|---|
ANTHROPIC_API_KEY | Claude API access | sk-ant-api03-... |
GITHUB_TOKEN | GitHub operations | Auto-provided by Actions |
DB_URL | Database connection | Custom format |
API_KEY | Custom MCP server auth | Service-specific |
For authentication methods and security best practices, see the github-actions-auth-security skill. For workflow design patterns, see the claude-code-github-workflows skill.