Skip to content

12 feature software disripution via docker #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
maximedogawa merged 10 commits into from
Apr 13, 2026
Merged

12 feature software disripution via docker #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
612c6ed
feat: introduce software distribution via Docker with a decoupled cat…
maximedogawa Apr 12, 2026
0a27520
chore: remove deprecated Docker software distribution document and ad…
maximedogawa Apr 12, 2026
49b02d4
Merge remote-tracking branch 'origin/main' into 12-feature-software-d…
maximedogawa Apr 12, 2026
1c27921
docs: update README and add manual publish guide for tool images
maximedogawa Apr 12, 2026
912d5bd
refactor: clear mcp_server_cmd entries across tool configurations
maximedogawa Apr 12, 2026
e548272
feat: enhance tool image publishing with upstream MCP npm support
maximedogawa Apr 12, 2026
6f486cd
chore: remove deprecated tool catalog and related workflows
maximedogawa Apr 13, 2026
3856c16
feat: migrate to centralized tool registry and enhance catalog loading
maximedogawa Apr 13, 2026
db88aa5
feat: add custom MCP tools documentation and API support
maximedogawa Apr 13, 2026
0825a7d
feat: add scripts for tool image publishing and management
maximedogawa Apr 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/scripts/tools-publish/compute-image-tags.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/usr/bin/env bash
# Writes multiline "tags" to GITHUB_OUTPUT for docker/build-push-action.
# Env: IMAGE, VERSION, REF_TYPE (github.ref_type: branch|tag), GITHUB_REF.
set -euo pipefail

TAGS="${IMAGE}:${VERSION}"
LATEST=false
if [[ "${REF_TYPE}" == "branch" && "${GITHUB_REF}" == "refs/heads/main" ]]; then
LATEST=true
elif [[ "${REF_TYPE}" == "tag" ]]; then
T="${GITHUB_REF#refs/tags/}"
T="${T#v}"
if [[ "$T" == "$VERSION" ]]; then
LATEST=true
fi
fi
if [[ "$LATEST" == "true" ]]; then
TAGS="${TAGS}"$'\n'"${IMAGE}:latest"
fi
{
echo 'tags<<EOF'
echo "$TAGS"
echo 'EOF'
} >> "$GITHUB_OUTPUT"
52 changes: 52 additions & 0 deletions .github/scripts/tools-publish/detect-matrix.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
#!/usr/bin/env bash
# Outputs: skip, matrix (JSON array of slugs) to GITHUB_OUTPUT.
# Env: GITHUB_EVENT_NAME, INPUT_TOOL (workflow_dispatch tool input; empty on push).
set -euo pipefail

REGISTRY="tools/mcp-tools.json"

all=""
while IFS= read -r slug; do
[ -z "$slug" ] && continue
[ -f "tools/${slug}/Dockerfile" ] && all="$all $slug"
done < <(jq -r '.tools[].id | split("/")[1]' "$REGISTRY")

slugs=""
if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then
input="${INPUT_TOOL:-}"
if [[ "$input" == "all" || -z "$input" ]]; then
slugs="$all"
else
slugs="$input"
fi
else
changed=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || true)
for s in $all; do
if echo "$changed" | grep -q "^tools/${s}/"; then
slugs="$slugs $s"
continue
fi
if echo "$changed" | grep -q "^tools/mcp-tools.json$"; then
old_ver=$(git show HEAD~1:tools/mcp-tools.json 2>/dev/null \
| jq -r --arg s "$s" '.tools[] | select(.id | endswith("/" + $s)) | .current // ""' 2>/dev/null || echo "")
new_ver=$(jq -r --arg s "$s" '.tools[] | select(.id | endswith("/" + $s)) | .current' "$REGISTRY")
if [[ -n "$old_ver" && "$old_ver" != "$new_ver" ]]; then
slugs="$slugs $s"
fi
fi
done
fi

json="["
for s in $slugs; do
[ -f "tools/${s}/Dockerfile" ] && json="$json\"$s\","
done
json="${json%,}]"

if [[ "$json" == "[]" ]]; then
echo "skip=true" >> "$GITHUB_OUTPUT"
else
echo "skip=false" >> "$GITHUB_OUTPUT"
fi
echo "matrix=$json" >> "$GITHUB_OUTPUT"
echo "Tools: $json"
25 changes: 25 additions & 0 deletions .github/scripts/tools-publish/read-tool-manifest.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/usr/bin/env bash
# Writes image, version, npm_pkg, npm_ver to GITHUB_OUTPUT for one tool slug.
# Usage: TOOL_SLUG=file-manager (env) or first argument.
set -euo pipefail

REGISTRY="tools/mcp-tools.json"
SUFFIX="${1:-${TOOL_SLUG:-}}"
if [[ -z "$SUFFIX" ]]; then
echo "::error::TOOL_SLUG (or \$1) is required" >&2
exit 1
fi

IMAGE=$(jq -r --arg s "$SUFFIX" '.tools[] | select(.id | endswith("/" + $s)) | .image' "$REGISTRY")
VERSION=$(jq -r --arg s "$SUFFIX" '.tools[] | select(.id | endswith("/" + $s)) | .current' "$REGISTRY")
echo "image=$IMAGE" >> "$GITHUB_OUTPUT"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"

PKG=$(jq -r --arg s "$SUFFIX" '.tools[] | select(.id | endswith("/" + $s)) | .upstream_mcp_npm.package // ""' "$REGISTRY")
NPM_VER=$(jq -r --arg s "$SUFFIX" '.tools[] | select(.id | endswith("/" + $s)) | .upstream_mcp_npm.version // ""' "$REGISTRY")
if [[ -z "$PKG" || -z "$NPM_VER" ]]; then
echo "::error::${REGISTRY}: tool '${SUFFIX}' must define non-empty upstream_mcp_npm.package and upstream_mcp_npm.version" >&2
exit 1
fi
echo "npm_pkg=$PKG" >> "$GITHUB_OUTPUT"
echo "npm_ver=$NPM_VER" >> "$GITHUB_OUTPUT"
16 changes: 16 additions & 0 deletions .github/scripts/tools-publish/smoke-test-mcp.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/usr/bin/env bash
# Pull image by digest and run one MCP initialize JSON-RPC round-trip.
# Env: IMAGE_WITH_DIGEST (e.g. ghcr.io/org/img@sha256:...).
set -euo pipefail

if [[ -z "${IMAGE_WITH_DIGEST:-}" ]]; then
echo "::error::IMAGE_WITH_DIGEST is required" >&2
exit 1
fi

docker pull "$IMAGE_WITH_DIGEST"
RESP=$(echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"smoke","version":"0.0.1"}}}' \
| timeout 15 docker run --rm -i --network=none "$IMAGE_WITH_DIGEST" /tmp \
| head -1)
echo "$RESP" | jq -e '.result.serverInfo' > /dev/null \
|| { echo "::error::MCP init failed: $RESP"; exit 1; }
16 changes: 16 additions & 0 deletions .github/scripts/tools-publish/write-publish-summary.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/usr/bin/env bash
# Appends a job summary section for one published tool.
# Env: TOOL_SLUG, TOOL_VERSION, IMAGE_REF, IMAGE_DIGEST.
set -euo pipefail

cat >> "$GITHUB_STEP_SUMMARY" <<EOF
### ${TOOL_SLUG} v${TOOL_VERSION}
- **Image:** \`${IMAGE_REF}\`
- **Platforms:** linux/amd64, linux/arm64
- **Signed:** cosign keyless

Digest for mcp-tools.json:
\`\`\`
${IMAGE_DIGEST}
\`\`\`
EOF
105 changes: 105 additions & 0 deletions .github/workflows/tools-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
name: Publish tool images

# Build and push tool container images to GHCR.
#
# tools/mcp-tools.json is the registry — one entry per tool.
# tools/<slug>/Dockerfile is the build context.
#
# Triggers:
# - Push to main touching tools/** → build only changed tools
# - Manual dispatch → pick one slug or "all"
#
# Shell logic lives in .github/scripts/tools-publish/*.sh

on:
workflow_dispatch:
inputs:
tool:
description: 'Tool slug (e.g. "file-manager") or "all"'
required: false
default: "all"
push:
branches: [main]
paths: ["tools/**"]

permissions:
contents: read
packages: write
id-token: write

jobs:
detect:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.detect.outputs.matrix }}
skip: ${{ steps.detect.outputs.skip }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2

- name: Find tools to publish
id: detect
env:
INPUT_TOOL: ${{ github.event.inputs.tool }}
run: bash .github/scripts/tools-publish/detect-matrix.sh

publish:
needs: detect
if: needs.detect.outputs.skip == 'false'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
slug: ${{ fromJson(needs.detect.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@v3

- name: Read manifest
id: cfg
env:
TOOL_SLUG: ${{ matrix.slug }}
run: bash .github/scripts/tools-publish/read-tool-manifest.sh

- name: Compute image tags
id: img_tags
env:
IMAGE: ${{ steps.cfg.outputs.image }}
VERSION: ${{ steps.cfg.outputs.version }}
REF_TYPE: ${{ github.ref_type }}
run: bash .github/scripts/tools-publish/compute-image-tags.sh

- name: Build and push
id: build
uses: docker/build-push-action@v6
with:
context: tools/${{ matrix.slug }}/
platforms: linux/amd64,linux/arm64
push: true
build-args: |
UPSTREAM_MCP_NPM_PACKAGE=${{ steps.cfg.outputs.npm_pkg }}
UPSTREAM_MCP_NPM_VERSION=${{ steps.cfg.outputs.npm_ver }}
tags: ${{ steps.img_tags.outputs.tags }}

- name: Sign image
run: cosign sign --yes "${{ steps.cfg.outputs.image }}@${{ steps.build.outputs.digest }}"

- name: Smoke test (MCP init handshake)
env:
IMAGE_WITH_DIGEST: ${{ steps.cfg.outputs.image }}@${{ steps.build.outputs.digest }}
run: bash .github/scripts/tools-publish/smoke-test-mcp.sh

- name: Summary
env:
TOOL_SLUG: ${{ matrix.slug }}
TOOL_VERSION: ${{ steps.cfg.outputs.version }}
IMAGE_REF: ${{ steps.cfg.outputs.image }}@${{ steps.build.outputs.digest }}
IMAGE_DIGEST: ${{ steps.build.outputs.digest }}
run: bash .github/scripts/tools-publish/write-publish-summary.sh
Loading