-
Notifications
You must be signed in to change notification settings - Fork 14
126 lines (110 loc) · 4.54 KB
/
Copy pathdocker.yml
File metadata and controls
126 lines (110 loc) · 4.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: Build and Push Docker Image
on:
push:
branches:
- main
tags:
- "v*.*.*"
pull_request:
branches:
- main
workflow_dispatch:
env:
REGISTRY: ghcr.io
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
attestations: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Set lowercase image name
id: image-name
run: |
# Convert repository name to lowercase for Docker compatibility
IMAGE_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_OUTPUT
echo "Using image name: ${IMAGE_NAME}"
- name: Free disk space
run: |
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo docker image prune --all --force
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
# Note: Fork detection is intentionally NOT implemented here.
# Unlike the docs workflow, we allow forks to push to their own GHCR instances
# when they push to their main branch. This enables contributors to test
# container builds in their fork's GHCR before submitting PRs.
# Each fork pushes to ghcr.io/<fork-owner>/holoviz-mcp, not the upstream registry.
- name: Log in to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
images: ${{ env.REGISTRY }}/${{ steps.image-name.outputs.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value={{date 'YYYY.MM.DD'}},enable={{is_default_branch}}
- name: Determine version for Docker build
id: version
run: |
# Try to get version from git tags
if git describe --tags --always --dirty 2>/dev/null; then
VERSION=$(git describe --tags --always --dirty)
else
# Fallback to short SHA if no tags
VERSION="0.0.0+git.$(git rev-parse --short HEAD)"
fi
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
echo "Building with version: ${VERSION}"
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
VERSION=${{ steps.version.outputs.VERSION }}
- name: Test Docker image
if: github.event_name != 'pull_request'
run: |
# Test that the image can be pulled and run
docker pull ${{ env.REGISTRY }}/${{ steps.image-name.outputs.IMAGE_NAME }}:latest
# Test that the MCP server can start (for stdio transport)
timeout 10s docker run --rm ${{ env.REGISTRY }}/${{ steps.image-name.outputs.IMAGE_NAME }}:latest --help || true
echo "Docker image tested successfully!"
- name: Generate artifact attestation
if: github.event_name != 'pull_request'
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-name: ${{ env.REGISTRY }}/${{ steps.image-name.outputs.IMAGE_NAME }}
subject-digest: ${{ steps.build-and-push.outputs.digest }}
push-to-registry: true