ContextForge MCP Gateway

Official

Overview Schema Related Servers Score Discussions

docker-multiplatform.yml•9.73 KiB

# =============================================================== # Multiplatform Docker Build Workflow # =============================================================== # # This workflow builds container images for multiple architectures: # - linux/amd64 (native on ubuntu-latest) - built on all triggers # - linux/arm64 (native on ubuntu-24.04-arm) - skipped on PRs # - linux/s390x (QEMU emulation on ubuntu-latest) - skipped on PRs # - linux/ppc64le (QEMU emulation on ubuntu-latest) - only on tagged releases # # Pipeline: # 1. Build platform images in parallel (amd64 only on PRs) # 2. Create multiplatform manifest (skipped on PRs) # 3. Sign and attest with Cosign (keyless OIDC, skipped on PRs) # # Linting and security scanning are handled by docker-scan.yml # # =============================================================== name: Multiplatform Docker Build on: push: branches: ["main"] tags: ["v*"] paths: - 'Containerfile.lite' - 'mcpgateway/**' - 'plugins/**' - 'pyproject.toml' - '.github/workflows/docker-multiplatform.yml' pull_request: branches: ["main"] paths: - 'Containerfile.lite' - 'mcpgateway/**' - 'plugins/**' - 'pyproject.toml' - '.github/workflows/docker-multiplatform.yml' schedule: - cron: "17 18 * * 2" # Weekly rebuild (Tuesday 18:17 UTC) for CVE patches workflow_dispatch: permissions: contents: read packages: write actions: read id-token: write env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: # --------------------------------------------------------------- # Build each platform in parallel # --------------------------------------------------------------- build: name: Build ${{ matrix.suffix }} strategy: fail-fast: false matrix: include: - platform: linux/amd64 runner: ubuntu-latest suffix: amd64 cache_mode: max run_on_pr: true # Always build amd64 - platform: linux/arm64 runner: ubuntu-24.04-arm suffix: arm64 cache_mode: max run_on_pr: false # Skip on PRs to speed up CI - platform: linux/s390x runner: ubuntu-latest suffix: s390x qemu: true cache_mode: max run_on_pr: false # Skip on PRs (QEMU is slow) - platform: linux/ppc64le runner: ubuntu-latest suffix: ppc64le qemu: true cache_mode: min run_on_pr: false # Skip on PRs (QEMU is slow) tag_only: true # Only build on tagged releases (QEMU is slow) runs-on: ${{ matrix.runner }} # Skip non-amd64 builds on PRs for faster CI feedback # Skip tag_only builds (ppc64le) on non-tag pushes # Condition: run if ((run_on_pr is true) OR (not a pull_request)) AND (not tag_only OR is a tag) steps: - name: Checkout code if: (matrix.run_on_pr || github.event_name != 'pull_request') && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) uses: actions/checkout@v5 - name: Set image name lowercase if: (matrix.run_on_pr || github.event_name != 'pull_request') && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) run: | IMAGE_NAME_LC=$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]') echo "IMAGE_NAME_LC=${IMAGE_NAME_LC}" >> $GITHUB_ENV - name: Set up QEMU if: matrix.qemu && (matrix.run_on_pr || github.event_name != 'pull_request') && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) uses: docker/setup-qemu-action@v3 with: platforms: ${{ matrix.platform }} - name: Set up Docker Buildx if: (matrix.run_on_pr || github.event_name != 'pull_request') && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) uses: docker/setup-buildx-action@v3 - name: Log in to GHCR if: (matrix.run_on_pr || github.event_name != 'pull_request') && github.event_name != 'pull_request' && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata if: (matrix.run_on_pr || github.event_name != 'pull_request') && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }} tags: | type=raw,value=${{ matrix.suffix }}-${{ github.sha }} - name: Build and push if: (matrix.run_on_pr || github.event_name != 'pull_request') && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) id: build uses: docker/build-push-action@v6 with: context: . file: Containerfile.lite platforms: ${{ matrix.platform }} push: ${{ github.event_name != 'pull_request' }} load: ${{ github.event_name == 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha,scope=build-${{ matrix.suffix }} cache-to: type=gha,mode=${{ matrix.cache_mode }},scope=build-${{ matrix.suffix }} provenance: false - name: Export digest if: (matrix.run_on_pr || github.event_name != 'pull_request') && github.event_name != 'pull_request' && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" echo "Digest for ${{ matrix.suffix }}: $digest" - name: Upload digest if: (matrix.run_on_pr || github.event_name != 'pull_request') && github.event_name != 'pull_request' && (!matrix.tag_only || startsWith(github.ref, 'refs/tags/')) uses: actions/upload-artifact@v4 with: name: digest-${{ matrix.suffix }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 # --------------------------------------------------------------- # Create multiplatform manifest # --------------------------------------------------------------- manifest: name: Create Manifest needs: build runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: - name: Set image name lowercase run: | IMAGE_NAME_LC=$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]') echo "IMAGE_NAME_LC=${IMAGE_NAME_LC}" >> $GITHUB_ENV - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GHCR uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Create and push manifest run: | SHA=${{ github.sha }} IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }} IS_TAG="${{ startsWith(github.ref, 'refs/tags/') }}" echo "Creating multiplatform manifest..." # Base images (always included) IMAGES="${IMAGE}:amd64-${SHA} ${IMAGE}:arm64-${SHA} ${IMAGE}:s390x-${SHA}" # Include ppc64le only on tagged releases if [ "$IS_TAG" = "true" ]; then echo "Tagged release detected - including ppc64le" IMAGES="${IMAGES} ${IMAGE}:ppc64le-${SHA}" else echo "Non-tagged build - skipping ppc64le" fi docker buildx imagetools create \ --tag "${IMAGE}:${SHA}" \ --tag "${IMAGE}:latest" \ $IMAGES echo "Manifest created successfully" - name: Inspect manifest run: | IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }} echo "Inspecting multiplatform manifest..." docker buildx imagetools inspect "${IMAGE}:latest" # --------------------------------------------------------------- # Sign images with Cosign (keyless OIDC) # --------------------------------------------------------------- sign: name: Sign Images needs: manifest runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: - name: Set image name lowercase run: | IMAGE_NAME_LC=$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]') echo "IMAGE_NAME_LC=${IMAGE_NAME_LC}" >> $GITHUB_ENV - name: Install Cosign uses: sigstore/cosign-installer@v3 - name: Log in to GHCR uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Pull image for SBOM generation run: | docker pull --platform linux/amd64 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }}:latest - name: Generate SBOM (Syft) uses: anchore/sbom-action@v0 with: image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }}:latest output-file: sbom.spdx.json - name: Sign and attest multiplatform image env: COSIGN_EXPERIMENTAL: "1" run: | IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }} SHA=${{ github.sha }} for REF in "${IMAGE}:latest" "${IMAGE}:${SHA}"; do echo "Signing ${REF}" cosign sign --recursive --yes "${REF}" echo "Attesting SBOM for ${REF}" cosign attest --yes \ --predicate sbom.spdx.json \ --type spdxjson \ "${REF}" done echo "Images signed and attested successfully"

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/IBM/mcp-context-forge'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

docker-multiplatform.yml•9.73 KiB