diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 6ceffc1..4239ba2 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -3,6 +3,19 @@ name: Publish to container registries on: release: types: [published] + workflow_dispatch: + push: + branches: + - main + paths: + - src/** + - Dockerfile + - pyproject.toml + pull_request: + paths: + - src/** + - Dockerfile + - pyproject.toml jobs: docker-hub: @@ -20,8 +33,23 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca #v3.9.0 + - name: Extract tags and labels for Docker + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: ${{ github.repository }} + tags: | + type=sha,format=short,prefix=commit- + type=ref,event=tag + labels: | + maintainer="Sergey Parfenyuk" + org.opencontainers.image.source=https://github.com/sparfenyuk/mcp-proxy + org.opencontainers.image.description="Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server." + org.opencontainers.image.licenses=MIT + - name: Log in to Docker Hub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + if: github.event_name != 'pull_request' with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -31,11 +59,17 @@ jobs: with: context: . platforms: linux/amd64,linux/arm64 - push: true - tags: "${{ github.repository }}:${{ github.event.release.tag_name }}-alpine" + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} cache-from: type=gha cache-to: type=gha,mode=max - outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server. + + - name: Clean Docker cache + if: github.event_name != 'pull_request' + run: | + docker system prune --force ghcr-io: name: Push multi-arch Docker image to ghcr.io @@ -53,8 +87,23 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca #v3.9.0 + - name: Extract tags and labels for Docker + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=sha,format=short,prefix=commit- + type=ref,event=tag + labels: | + maintainer="Sergey Parfenyuk" + org.opencontainers.image.source=https://github.com/sparfenyuk/mcp-proxy + org.opencontainers.image.description="Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server." + org.opencontainers.image.licenses=MIT + - name: Log in to GHCR uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + if: github.event_name != 'pull_request' with: registry: ghcr.io username: ${{ github.actor }} @@ -65,7 +114,14 @@ jobs: with: context: . platforms: linux/amd64,linux/arm64 - push: true - tags: "ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}-alpine" + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} cache-from: type=gha cache-to: type=gha,mode=max + + - name: Clean Docker cache + if: github.event_name != 'pull_request' + run: | + docker system prune --force diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b5d0706..2f3e3e5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -107,26 +107,6 @@ jobs: - run: uv run --frozen coverage report --fail-under 83 - docker: - runs-on: ubuntu-latest - needs: [lint, coverage, mypy] - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up QEMU - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 #v3.4.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca #v3.9.0 - - - name: Build Docker image - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: false - tags: "${{ github.repository }}:devel" - # https://github.com/marketplace/actions/alls-green#why used for branch protection checks check: if: always() diff --git a/Dockerfile b/Dockerfile index b0091dc..ff2bcdb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build stage with explicit platform specification -FROM --platform=$TARGETPLATFORM ghcr.io/astral-sh/uv:python3.12-alpine AS uv +FROM ghcr.io/astral-sh/uv:python3.12-alpine AS uv # Install the project into /app WORKDIR /app @@ -23,11 +23,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \ uv sync --frozen --no-dev --no-editable # Final stage with explicit platform specification -FROM --platform=$TARGETPLATFORM python:3.12-alpine - -LABEL org.opencontainers.image.source=https://github.com/sparfenyuk/mcp-proxy -LABEL org.opencontainers.image.description="Connect to MCP servers that run on SSE transport, or expose stdio servers as an SSE server using the MCP Proxy server." -LABEL org.opencontainers.image.licenses=MIT +FROM python:3.12-alpine COPY --from=uv --chown=app:app /app/.venv /app/.venv