diff --git a/.github/workflows/docker-build-mcp-sse-server.yml b/.github/workflows/docker-build-mcp-sse-server.yml new file mode 100644 index 00000000..dc787bfd --- /dev/null +++ b/.github/workflows/docker-build-mcp-sse-server.yml @@ -0,0 +1,103 @@ +# Docker Build for MCP SSE Server - Build and push image to GitHub Container Registry +# +# This workflow validates Docker builds for container-related changes and +# publishes release/manual images to GitHub Container Registry (ghcr.io). +# +# Required secrets: +# - GITHUB_TOKEN (auto-provided): Used to authenticate with GHCR + +name: Docker Build (MCP SSE Server) + +on: + push: + branches: [main] + tags: ["v*"] + paths: + - "mcp-sse-server/Dockerfile" + - "mcp-sse-server/package.json" + - "mcp-sse-server/package-lock.json" + - ".github/workflows/docker-build-mcp-sse-server.yml" + pull_request: + branches: [main] + paths: + - "mcp-sse-server/Dockerfile" + - "mcp-sse-server/package.json" + - "mcp-sse-server/package-lock.json" + - ".github/workflows/docker-build-mcp-sse-server.yml" + workflow_dispatch: + inputs: + tag: + description: "Custom tag for the image (optional)" + required: false + default: "" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}/mcp-sse-server + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Container Registry + if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha,prefix=sha-,suffix=,format=short + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }} + + - name: Build and optionally push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: ./mcp-sse-server + push: ${{ startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + platforms: ${{ (startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch') && 'linux/amd64,linux/arm64' || 'linux/amd64' }} + + - name: Generate artifact attestation + if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + - name: Print image digest + if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' + run: | + echo "MCP SSE Server image pushed successfully!" + echo "Digest: ${{ steps.push.outputs.digest }}" + echo "Tags:" + echo "${{ steps.meta.outputs.tags }}" diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 00000000..aab0af57 --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,105 @@ +# Docker Build - Build and push image to GitHub Container Registry +# +# This workflow validates Docker builds for container-related changes and +# publishes release/manual images to GitHub Container Registry (ghcr.io). +# +# Usage: +# - Release images are tagged from git refs/semver metadata +# - Access packages at: https://github.com/OWNER/REPOSITORY/pkgs/container/REPO_NAME +# +# Required secrets: +# - GITHUB_TOKEN (auto-provided): Used to authenticate with GHCR + +name: Docker Build + +on: + push: + branches: [main] + tags: ["v*"] + paths: + - Dockerfile + - requirements.txt + - ".github/workflows/docker-build.yml" + pull_request: + branches: [main] + paths: + - Dockerfile + - requirements.txt + - ".github/workflows/docker-build.yml" + workflow_dispatch: + inputs: + tag: + description: "Custom tag for the image (optional)" + required: false + default: "" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Container Registry + if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha,prefix=sha-,suffix=,format=short + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }} + + - name: Build and optionally push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: . + push: ${{ startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + platforms: ${{ (startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch') && 'linux/amd64,linux/arm64' || 'linux/amd64' }} + + - name: Generate artifact attestation + if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + - name: Print image digest + if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' + run: | + echo "Image pushed successfully!" + echo "Digest: ${{ steps.push.outputs.digest }}" + echo "Tags:" + echo "${{ steps.meta.outputs.tags }}"