Merge pull request #58 from Azure/docker-build-fix

chore: add multiarch image for mcp-kubernetes image

Author: feiskyer

.github/workflows/ci.yml

@@ -67,10 +67,29 @@ jobs:
           path: coverage.txt
           retention-days: 14
 
+  args:
+    runs-on: ubuntu-latest
+    outputs:
+      commit-date: ${{ steps.ldflags.outputs.commit-date }}
+      commit: ${{ steps.ldflags.outputs.commit }}
+      version: ${{ steps.ldflags.outputs.version }}
+      tree-state: ${{ steps.ldflags.outputs.tree-state }}
+    steps:
+      - id: checkout
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # tag=v2.3.4
+        with:
+          fetch-depth: 0
+      - id: ldflags
+        run: |
+          echo "commit-date=$(git log --date=iso8601-strict -1 --pretty=%ct)" >> "$GITHUB_OUTPUT"
+          echo "commit=$GITHUB_SHA" >> "$GITHUB_OUTPUT"
+          echo "version=$(git describe --tags --always --dirty | cut -c2-)" >> "$GITHUB_OUTPUT"
+          echo "tree-state=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi)" >> "$GITHUB_OUTPUT"
+
   build:
-    name: Build
+    name: Build Linux
     runs-on: ubuntu-latest
-    needs: [lint, test]
+    needs: [lint, test, args]
     steps:
       - name: Checkout code
         uses: actions/checkout@v4.2.2
@@ -86,16 +105,35 @@ jobs:
 
       - name: Build binary
         run: |
-          go build -v -ldflags="-X github.com/Azure/mcp-kubernetes/pkg/version.GitCommit=$(git rev-parse HEAD) -X github.com/Azure/mcp-kubernetes/pkg/version.BuildMetadata=$(date +%Y%m%d)" -o mcp-kubernetes ./cmd/mcp-kubernetes
+          go build -v -o mcp-kubernetes ./cmd/mcp-kubernetes
 
       - name: Build Docker image
-        run: docker build -t mcp-kubernetes:test --build-arg VERSION=$(git describe --tags --always --dirty | cut -c2-),GIT_COMMIT=$(git rev-parse HEAD),BUILD_DATE=$(date +%Y%m%d),GIT_TREE_STATE=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi) .
+        run: docker build -t mcp-kubernetes:test --build-arg VERSION=${{ needs.args.outputs.version }} --build-arg GIT_COMMIT=${{ needs.args.outputs.commit }} --build-arg BUILD_DATE=${{ needs.args.outputs.commit-date }} --build-arg GIT_TREE_STATE=${{ needs.args.outputs.tree-state }} .
 
       - name: Check Docker image
         run: |
           docker images mcp-kubernetes:test
           docker run --rm mcp-kubernetes:test --version || true
 
+  build-windows:
+    name: Build Windows
+    runs-on: windows-latest
+    needs: [lint, test, args]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Build Windows Docker image
+        run: |
+          docker build --platform windows/amd64 -f Dockerfile.windows -t mcp-kubernetes:windows-test --build-arg VERSION=${{ needs.args.outputs.version }} --build-arg GIT_COMMIT=${{ needs.args.outputs.commit }} --build-arg BUILD_DATE=${{ needs.args.outputs.commit-date }} --build-arg GIT_TREE_STATE=${{ needs.args.outputs.tree-state }} .
+
+      - name: Validate Windows Docker image
+        run: |
+          docker images mcp-kubernetes:windows-test
+          docker run --rm mcp-kubernetes:windows-test --help || true
+
   security:
     name: Security Scan
     runs-on: ubuntu-latest

.github/workflows/go-ossf-slsa3-publish.yml

@@ -68,14 +68,14 @@ jobs:
       #     Optional: For more options, see https://github.com/slsa-framework/slsa-github-generator#golang-projects
       # =============================================================================================================
 
-  build-image:
+  build-linux-image:
     permissions:
       contents: read
       packages: write
     needs: args
     outputs:
       image: ${{ steps.image.outputs.image }}
-      digest: ${{ steps.build.outputs.digest }}
+      digest: ${{ steps.image.outputs.digest }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
@@ -101,6 +101,7 @@ jobs:
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         id: build
         with:
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -109,25 +110,64 @@ jobs:
             GIT_COMMIT=${{ needs.args.outputs.commit }}
             BUILD_DATE=${{ needs.args.outputs.commit-date }}
             GIT_TREE_STATE=${{ needs.args.outputs.tree-state }}
+
       - name: Output image
         id: image
         run: |
           # NOTE: Set the image as an output because the `env` context is not
           # available to the inputs of a reusable workflow call.
           image_name=$(echo "${IMAGE_REGISTRY}/${IMAGE_NAME}"| tr '[:upper:]' '[:lower:]')
           echo "image=$image_name" >> "$GITHUB_OUTPUT"
+
+  build-windows-image:
+    permissions:
+      contents: read
+      packages: write
+    needs: args
+    runs-on: windows-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v2.3.4
+
+      - name: Authenticate Docker
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: ${{ env.IMAGE_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        with:
+          images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Windows Docker image
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          platforms: windows/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          file: ./Dockerfile.windows
+          build-args: |
+            VERSION=${{ needs.args.outputs.version }}
+            GIT_COMMIT=${{ needs.args.outputs.commit }}
+            BUILD_DATE=${{ needs.args.outputs.commit-date }}
+            GIT_TREE_STATE=${{ needs.args.outputs.tree-state }}
+
   # This step calls the container workflow to generate provenance and push it to
   # the container registry.
   provenance:
-    needs: build-image
+    needs: build-linux-image
     permissions:
       actions: read # for detecting the Github Actions environment.
       id-token: write # for creating OIDC tokens for signing.
       packages: write # for uploading attestations.
     uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
     with:
-      image: ${{ needs.build-image.outputs.image }}
-      digest: ${{ needs.build-image.outputs.digest }}
+      image: ${{ needs.build-linux-image.outputs.image }}
+      digest: ${{ needs.build-linux-image.outputs.digest }}
       registry-username: ${{ github.actor }}
       private-repository: true
     secrets:

Dockerfile

@@ -4,6 +4,9 @@ ARG VERSION
 ARG GIT_COMMIT
 ARG BUILD_DATE
 ARG GIT_TREE_STATE
+ARG TARGETOS
+ARG TARGETARCH
+
 # Set working directory
 WORKDIR /app
 
@@ -17,10 +20,11 @@ RUN go mod download
 COPY . .
 
 # Build the application
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-X github.com/Azure/mcp-kubernetes/pkg/version.GitVersion=${VERSION} -X github.com/Azure/mcp-kubernetes/pkg/version.GitCommit=${GIT_COMMIT} -X github.com/Azure/mcp-kubernetes/pkg/version.BuildMetadata=${BUILD_DATE} -X github.com/Azure/mcp-kubernetes/pkg/version.GitTreeState=${GIT_TREE_STATE}" -o mcp-kubernetes ./cmd/mcp-kubernetes
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags "-X github.com/Azure/mcp-kubernetes/pkg/version.GitVersion=${VERSION} -X github.com/Azure/mcp-kubernetes/pkg/version.GitCommit=${GIT_COMMIT} -X github.com/Azure/mcp-kubernetes/pkg/version.BuildMetadata=${BUILD_DATE} -X github.com/Azure/mcp-kubernetes/pkg/version.GitTreeState=${GIT_TREE_STATE}" -o mcp-kubernetes ./cmd/mcp-kubernetes
 
 # Runtime stage
 FROM alpine:3.19
+ARG TARGETARCH
 
 # Install required packages for kubectl and helm
 RUN apk add --no-cache curl bash openssl ca-certificates git
@@ -32,27 +36,26 @@ RUN addgroup -S mcp && \
     chown -R mcp:mcp /home/mcp
 
 # Install kubectl
-RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl" && \
     chmod +x kubectl && \
     mv kubectl /usr/local/bin/kubectl
 
 # Install helm
-RUN curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \
+RUN HELM_ARCH=${TARGETARCH} && \
+    curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \
     chmod 700 get_helm.sh && \
     VERIFY_CHECKSUM=false ./get_helm.sh && \
     rm get_helm.sh
 
 # Install cilium
 RUN CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt) && \
-    CLI_ARCH=amd64 && \
-    if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi && \
+    CLI_ARCH=${TARGETARCH} && \
     curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz && \
     tar xzf cilium-linux-${CLI_ARCH}.tar.gz -C /usr/local/bin && \
     rm cilium-linux-${CLI_ARCH}.tar.gz
 
 RUN HUBBLE_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/hubble/master/stable.txt) && \
-    HUBBLE_ARCH=amd64 && \
-    if [ "$(uname -m)" = "aarch64" ]; then HUBBLE_ARCH=arm64; fi && \
+    HUBBLE_ARCH=${TARGETARCH} && \
     curl -L --fail --remote-name-all https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-linux-${HUBBLE_ARCH}.tar.gz{,.sha256sum} && \
     sha256sum -c hubble-linux-${HUBBLE_ARCH}.tar.gz.sha256sum && \
     tar xzvf hubble-linux-${HUBBLE_ARCH}.tar.gz -C /usr/local/bin && \

Dockerfile.windows

@@ -0,0 +1,96 @@
+# Build stage
+FROM golang:1.24-windowsservercore-ltsc2022 AS builder
+ARG VERSION
+ARG GIT_COMMIT
+ARG BUILD_DATE
+ARG GIT_TREE_STATE
+ARG TARGETOS=windows
+ARG TARGETARCH=amd64
+
+# Set working directory
+WORKDIR "C:\\mcp"
+
+# Copy go mod and sum files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the application
+RUN powershell -Command " \
+    $env:VERSION = '%VERSION%'; \
+    $env:GIT_COMMIT = '%GIT_COMMIT%'; \
+    $env:BUILD_DATE = '%BUILD_DATE%'; \
+    $env:GIT_TREE_STATE = '%GIT_TREE_STATE%'; \
+    go build -ldflags \"-X github.com/Azure/mcp-kubernetes/pkg/version.GitVersion=$env:VERSION -X github.com/Azure/mcp-kubernetes/pkg/version.GitCommit=$env:GIT_COMMIT -X github.com/Azure/mcp-kubernetes/pkg/version.BuildMetadata=$env:BUILD_DATE -X github.com/Azure/mcp-kubernetes/pkg/version.GitTreeState=$env:GIT_TREE_STATE\" -o mcp-kubernetes.exe ./cmd/mcp-kubernetes"
+
+# Runtime stage
+FROM mcr.microsoft.com/windows/servercore:ltsc2022
+ARG TARGETARCH=amd64
+
+# Install Chocolatey
+RUN powershell -Command \
+    Set-ExecutionPolicy Bypass -Scope Process -Force; \
+    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; \
+    iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
+
+
+# Set working directory
+WORKDIR "C:\\mcp"
+
+# Install git and other dependencies
+RUN choco install -y git
+
+# Create directory structure
+RUN mkdir "C:\\mcp\\.kube"
+
+# Install kubectl
+RUN powershell -Command \
+    $stableVersion = (Invoke-WebRequest -Uri 'https://dl.k8s.io/release/stable.txt' -UseBasicParsing).Content.Trim(); \
+    $arch = if ($env:TARGETARCH -eq 'arm64') {'arm64'} else {'amd64'}; \
+    Invoke-WebRequest -Uri "https://dl.k8s.io/release/$stableVersion/bin/windows/$arch/kubectl.exe" -OutFile 'C:\\kubectl.exe' -UseBasicParsing; \
+    Move-Item C:\\kubectl.exe C:\\Windows\\System32\\kubectl.exe
+
+# Install helm
+RUN powershell -Command \
+    $arch = if ($env:TARGETARCH -eq 'arm64') {'arm64'} else {'amd64'}; \
+    Invoke-WebRequest -Uri "https://get.helm.sh/helm-v3.17.4-windows-$arch.zip" -OutFile 'helm.zip' -UseBasicParsing; \
+    Expand-Archive -Path helm.zip -DestinationPath "C:\\helm"; \
+    Move-Item "C:\\helm\\windows-$arch\\helm.exe" "C:\\Windows\\System32\\helm.exe"; \
+    Remove-Item -Recurse -Force "C:\\helm"; \
+    Remove-Item helm.zip
+
+# Install cilium CLI
+RUN powershell -Command \
+    $cliVersion = (Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt' -UseBasicParsing).Content.Trim(); \
+    $arch = if ($env:TARGETARCH -eq 'arm64') {'arm64'} else {'amd64'}; \
+    Invoke-WebRequest -Uri "https://github.com/cilium/cilium-cli/releases/download/$cliVersion/cilium-windows-$arch.zip" -OutFile 'cilium.zip' -UseBasicParsing; \
+    Expand-Archive -Path cilium.zip -DestinationPath "C:\\cilium"; \
+    Move-Item "C:\\cilium\\cilium.exe" "C:\\Windows\\System32\\cilium.exe"; \
+    Remove-Item -Recurse -Force "C:\\cilium"; \
+    Remove-Item cilium.zip
+
+# Install hubble CLI
+RUN powershell -Command \
+    $hubbleVersion = (Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/cilium/hubble/master/stable.txt' -UseBasicParsing).Content.Trim(); \
+    $arch = if ($env:TARGETARCH -eq 'arm64') {'arm64'} else {'amd64'}; \
+    Invoke-WebRequest -Uri "https://github.com/cilium/hubble/releases/download/$hubbleVersion/hubble-windows-$arch.tar.gz" -OutFile 'hubble.tar.gz' -UseBasicParsing; \
+    tar -xzf hubble.tar.gz -C "C:\\Windows\\System32"; \
+    Remove-Item hubble.tar.gz
+
+# Copy binary from builder
+COPY --from=builder "C:\\mcp\\mcp-kubernetes.exe" "C:\\mcp\\mcp-kubernetes.exe"
+
+# Expose the default port for sse/streamable-http transports
+EXPOSE 8000
+
+# Set environment variables
+ENV HOME="C:\\mcp"
+ENV KUBECONFIG="C:\\mcp\\.kube\\config"
+
+# Command to run
+ENTRYPOINT ["C:\\mcp\\mcp-kubernetes.exe"]
+CMD ["--transport", "streamable-http", "--host", "0.0.0.0"]