ci: improve github workflows

.github/workflows/cd.yaml

@@ -3,6 +3,19 @@ name: Publish to container registries
 on:
   release:
     types: [published]
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - src/**
+      - Dockerfile
+      - pyproject.toml
+  pull_request:
+    paths:
+      - src/**
+      - Dockerfile
+      - pyproject.toml
 
 jobs:
   docker-hub:
@@ -20,8 +33,23 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca #v3.9.0
 
+      - name: Extract tags and labels for Docker
+        id: meta
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        with:
+          images: ${{ github.repository }}
+          tags: |
+            type=sha,format=short,prefix=commit-
+            type=ref,event=tag
+          labels: |
+            maintainer="Sergey Parfenyuk"
+            org.opencontainers.image.source=https://github.com/sparfenyuk/mcp-proxy
+            org.opencontainers.image.description="Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server."
+            org.opencontainers.image.licenses=MIT
+
       - name: Log in to Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        if: github.event_name != 'pull_request'
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
@@ -31,11 +59,17 @@ jobs:
         with:
           context: .
           platforms: linux/amd64,linux/arm64
-          push: true
-          tags: "${{ github.repository }}:${{ github.event.release.tag_name }}-alpine"
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server.
+
+      - name: Clean Docker cache
+        if: github.event_name != 'pull_request'
+        run: |
+          docker system prune --force
 
   ghcr-io:
     name: Push multi-arch Docker image to ghcr.io
@@ -53,8 +87,23 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca #v3.9.0
 
+      - name: Extract tags and labels for Docker
+        id: meta
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=sha,format=short,prefix=commit-
+            type=ref,event=tag
+          labels: |
+            maintainer="Sergey Parfenyuk"
+            org.opencontainers.image.source=https://github.com/sparfenyuk/mcp-proxy
+            org.opencontainers.image.description="Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server."
+            org.opencontainers.image.licenses=MIT
+
       - name: Log in to GHCR
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -65,7 +114,14 @@ jobs:
         with:
           context: .
           platforms: linux/amd64,linux/arm64
-          push: true
-          tags: "ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}-alpine"
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      - name: Clean Docker cache
+        if: github.event_name != 'pull_request'
+        run: |
+          docker system prune --force

.github/workflows/ci.yaml

@@ -107,26 +107,6 @@ jobs:
 
       - run: uv run --frozen coverage report --fail-under 83
 
-  docker:
-    runs-on: ubuntu-latest
-    needs: [lint, coverage, mypy]
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 #v3.4.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca #v3.9.0
-
-      - name: Build Docker image
-        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: false
-          tags: "${{ github.repository }}:devel"
-
   # https://github.com/marketplace/actions/alls-green#why used for branch protection checks
   check:
     if: always()

Dockerfile

@@ -1,5 +1,5 @@
 # Build stage with explicit platform specification
-FROM --platform=$TARGETPLATFORM ghcr.io/astral-sh/uv:python3.12-alpine AS uv
+FROM ghcr.io/astral-sh/uv:python3.12-alpine AS uv
 
 # Install the project into /app
 WORKDIR /app
@@ -23,11 +23,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
     uv sync --frozen --no-dev --no-editable
 
 # Final stage with explicit platform specification
-FROM --platform=$TARGETPLATFORM python:3.12-alpine
-
-LABEL org.opencontainers.image.source=https://github.com/sparfenyuk/mcp-proxy
-LABEL org.opencontainers.image.description="Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server."
-LABEL org.opencontainers.image.licenses=MIT
+FROM python:3.12-alpine
 
 COPY --from=uv --chown=app:app /app/.venv /app/.venv