CrowdStrike Falcon MCP Server

name: Docker Build & Push on: push: branches: [main] release: types: [published] permissions: contents: read packages: write jobs: docker-build-push: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit - name: Checkout code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - name: Log in to Quay.io uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} - name: Extract metadata id: meta uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f with: images: quay.io/crowdstrike/falcon-mcp tags: | type=raw,value=latest,enable=${{ github.event_name == 'push' }} type=semver,pattern={{version}},enable=${{ github.event_name == 'release' }} flavor: | latest=${{ github.event_name == 'push' }} labels: | org.opencontainers.image.title=Falcon MCP Server org.opencontainers.image.description=Model Context Protocol server for CrowdStrike Falcon org.opencontainers.image.vendor=CrowdStrike org.opencontainers.image.licenses=MIT org.opencontainers.image.source=https://github.com/CrowdStrike/falcon-mcp org.opencontainers.image.documentation=https://github.com/CrowdStrike/falcon-mcp/blob/main/README.md - name: Build and push Docker image uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 with: context: . platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Generate image summary run: | # Get generated tags and extract the actual tag for pull command TAGS="${{ steps.meta.outputs.tags }}" FULL_TAG=$(echo "$TAGS" | head -n1) TAG_ONLY=$(echo "$FULL_TAG" | sed 's/.*://') if [ "${{ github.event_name }}" = "push" ]; then EVENT_TYPE="Main Branch Push" else EVENT_TYPE="Release" fi echo "## 🐳 Docker Image Published" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Event:** $EVENT_TYPE" >> $GITHUB_STEP_SUMMARY echo "**Registry:** quay.io/crowdstrike/falcon-mcp" >> $GITHUB_STEP_SUMMARY echo "**Tags:**" >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY echo "$TAGS" >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Platforms:** linux/amd64, linux/arm64" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Pull Command:**" >> $GITHUB_STEP_SUMMARY echo '```bash' >> $GITHUB_STEP_SUMMARY echo "docker pull quay.io/crowdstrike/falcon-mcp:$TAG_ONLY" >> $GITHUB_STEP_SUMMARY echo '```' >> $GITHUB_STEP_SUMMARY