MCP WordPress Server

name: 🐳 Docker Build & Publish (Primary) # This is the PRIMARY Docker workflow - replaces docker-publish.yml and docker-publish-fix.yml # Updated 2025-10-02: Consolidated from 3 workflows into 1 production-ready workflow on: release: types: [created, published] workflow_dispatch: inputs: tag: description: "Docker tag to build" required: false type: string default: "dev" push: description: "Push to registry" required: false type: boolean default: false test_build: description: "Run test build only" required: false type: boolean default: true pull_request: paths: - "Dockerfile" - "docker-compose.yml" - ".dockerignore" - ".github/workflows/docker-modern.yml" env: REGISTRY: docker.io IMAGE_NAME: docdyhr/mcp-wordpress jobs: # Test build without pushing (faster feedback) test-build: name: 🧪 Test Docker Build runs-on: ubuntu-latest if: github.event_name == 'pull_request' || (github.event_name == 'workflow_dispatch' && inputs.test_build) permissions: contents: read steps: - name: 📥 Checkout Repository uses: actions/checkout@v4 - name: 🐳 Set up Docker Buildx uses: docker/setup-buildx-action@v3.7.1 - name: 📝 Extract Metadata (Test) id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch,suffix=-test type=ref,event=pr,suffix=-test type=raw,value=test - name: 🏗️ Build Docker Image (Test Only) uses: docker/build-push-action@v6 with: context: . platforms: linux/amd64 # Single platform for faster testing push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max # v6 features enabled for testing provenance: true sbom: true outputs: type=oci,dest=/tmp/image.tar - name: 🧪 Test Image Structure run: | # Import OCI image and test basic functionality docker import /tmp/image.tar test-image:latest # Test image runs IMAGE_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n1) echo "Testing image: $IMAGE_TAG" # Basic smoke test - check that container starts and has expected structure docker run --rm test-image:latest node --version || echo "Node version check failed" # Check image size docker images test-image:latest --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" # Security scan (if trivy is available) if command -v trivy &> /dev/null; then trivy image --exit-code 0 --severity HIGH,CRITICAL test-image:latest fi - name: 📊 Test Summary run: | echo "## 🧪 Docker Test Build Summary" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Status:** ✅ Build successful" >> $GITHUB_STEP_SUMMARY echo "**Platform:** linux/amd64 (test)" >> $GITHUB_STEP_SUMMARY echo "**Tags:** ${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY # Full build and push with all v6 features build-and-push: name: 🏗️ Modern Build & Push runs-on: ubuntu-latest if: | github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && !inputs.test_build) permissions: contents: read packages: write attestations: write id-token: write steps: - name: 📥 Checkout Repository uses: actions/checkout@v4 - name: 🐳 Set up QEMU (Multi-platform) uses: docker/setup-qemu-action@v3.2.0 - name: 🐳 Set up Docker Buildx uses: docker/setup-buildx-action@v3.7.1 with: # Use latest buildkit features driver: docker-container driver-opts: | network=host image=moby/buildkit:buildx-stable-1 - name: 🔐 Log in to Docker Hub if: github.event_name == 'release' || inputs.push uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: 📝 Extract Metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=raw,value=${{ inputs.tag || 'dev' }},enable=${{ github.event_name == 'workflow_dispatch' }} type=raw,value=latest,enable=${{ github.event_name == 'release' }} labels: | org.opencontainers.image.title=MCP WordPress Server org.opencontainers.image.description=Complete WordPress MCP Server with 59 management tools, intelligent caching, and real-time monitoring org.opencontainers.image.version=${{ github.ref_name }} org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.created={{date 'YYYY-MM-DDTHH:mm:ssZ'}} org.opencontainers.image.source=https://github.com/docdyhr/mcp-wordpress org.opencontainers.image.url=https://github.com/docdyhr/mcp-wordpress org.opencontainers.image.documentation=https://github.com/docdyhr/mcp-wordpress#readme org.opencontainers.image.licenses=MIT org.opencontainers.image.vendor=docdyhr build.number=${{ github.run_number }} build.revision=${{ github.sha }} - name: 🏗️ Build and Push Docker Image (v6 Full Features) uses: docker/build-push-action@v6 id: build with: context: . platforms: linux/amd64,linux/arm64,linux/arm64/v8 push: ${{ github.event_name == 'release' || inputs.push }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # Advanced caching with GitHub Actions cache cache-from: | type=gha type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache cache-to: | type=gha,mode=max type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache,mode=max build-args: | VERSION=${{ github.ref_name }} BUILD_DATE={{date 'YYYY-MM-DDTHH:mm:ssZ'}} VCS_REF=${{ github.sha }} # v6 Enhanced Features provenance: true # Generate provenance attestation sbom: true # Generate Software Bill of Materials # Annotations for OCI spec compliance annotations: | org.opencontainers.image.title=MCP WordPress Server org.opencontainers.image.description=Complete WordPress MCP Server with 59 management tools org.opencontainers.image.authors=docdyhr org.opencontainers.image.vendor=docdyhr # Output configuration for multi-platform outputs: ${{ inputs.push && 'type=image,push=true' || 'type=oci,dest=/tmp/image.tar' }} - name: 📊 Build Analysis run: | echo "## 🚀 Modern Docker Build Summary (v6)" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### Build Configuration" >> $GITHUB_STEP_SUMMARY echo "**Image:** \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\`" >> $GITHUB_STEP_SUMMARY echo "**Tags:** ${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY echo "**Platforms:** linux/amd64, linux/arm64, linux/arm64/v8" >> $GITHUB_STEP_SUMMARY echo "**Push to Registry:** ${{ inputs.push }}" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### v6 Features Enabled" >> $GITHUB_STEP_SUMMARY echo "- ✅ **Provenance Attestation**: Cryptographic proof of build integrity" >> $GITHUB_STEP_SUMMARY echo "- ✅ **SBOM Generation**: Software Bill of Materials for security auditing" >> $GITHUB_STEP_SUMMARY echo "- ✅ **Advanced Caching**: Multi-level GitHub Actions + Registry cache" >> $GITHUB_STEP_SUMMARY echo "- ✅ **OCI Annotations**: Enhanced metadata compliance" >> $GITHUB_STEP_SUMMARY echo "- ✅ **Multi-platform**: AMD64, ARM64, ARM64v8 support" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### Build Details" >> $GITHUB_STEP_SUMMARY echo "**Build ID:** ${{ steps.build.outputs.digest }}" >> $GITHUB_STEP_SUMMARY echo "**Metadata:** ${{ steps.build.outputs.metadata }}" >> $GITHUB_STEP_SUMMARY - name: 🔍 Security Scan (if pushed) if: inputs.push run: | echo "### 🔍 Security Analysis" >> $GITHUB_STEP_SUMMARY echo "**SBOM:** Generated and attached to image" >> $GITHUB_STEP_SUMMARY echo "**Provenance:** Verified build integrity attestation" >> $GITHUB_STEP_SUMMARY echo "**Scan:** Use \`docker scout\` or \`trivy\` to scan the published image" >> $GITHUB_STEP_SUMMARY - name: 📋 Usage Instructions run: | echo "" >> $GITHUB_STEP_SUMMARY echo "### 🚀 Usage" >> $GITHUB_STEP_SUMMARY echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY echo "# Pull and run the image" >> $GITHUB_STEP_SUMMARY echo "docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ inputs.tag || 'dev' }}" >> $GITHUB_STEP_SUMMARY echo "docker run -d ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ inputs.tag || 'dev' }}" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "# Verify provenance and SBOM" >> $GITHUB_STEP_SUMMARY echo "docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ inputs.tag || 'dev' }} --format '{{json .}}'" >> $GITHUB_STEP_SUMMARY echo "\`\`\`" >> $GITHUB_STEP_SUMMARY