Simplenote MCP Server

# Docker Build and Publish Workflow Fixes This document summarizes the fixes applied to resolve issues with the Docker image build and publish workflow. ## Issues Identified and Fixed ### 1. Dockerfile Build Context Issues **Problem**: The original Dockerfile had several issues that could cause build failures: - Inconsistent Python version (3.13 vs 3.11) - Missing dependencies in build context - Incorrect file copying and permissions - Unreliable entry point configuration **Solution**: - Standardized on Python 3.11 for better compatibility - Fixed multi-stage build with proper dependency management - Added robust entry point script with fallback mechanisms - Improved security with proper user permissions ### 2. Console Script Entry Point Issues **Problem**: Potential inconsistencies between setup.py and pyproject.toml entry points. **Solution**: - Verified consistency between both configuration files - Created `__main__.py` modules to support `python -m` execution - Added flexible entry point script that handles both console script and module execution ### 3. GitHub Actions Workflow Robustness **Problem**: The workflow was fragile and could fail on missing secrets or minor issues. **Solution**: - Added secret validation step to check for Docker Hub credentials - Made steps conditional based on available secrets - Added `continue-on-error` for non-critical steps - Improved error handling and timeouts for Docker operations - Simplified provenance and SBOM generation to avoid compatibility issues ### 4. Docker Image Optimization **Problem**: The image could be larger than necessary and have security issues. **Solution**: - Optimized multi-stage build to reduce final image size - Added comprehensive `.dockerignore` to exclude unnecessary files - Implemented security best practices (non-root user, read-only filesystem options) - Added proper health checks ### 5. Entry Point Flexibility **Problem**: The Docker entry point wasn't flexible enough to handle different execution scenarios. **Solution**: - Created `docker-entrypoint.sh` script with intelligent fallback logic - Added comprehensive help text with usage examples - Supports both console script and module execution methods ## Files Modified ### Core Files - `Dockerfile` - Complete rewrite with multi-stage build and security improvements - `docker-entrypoint.sh` - New robust entry point script - `simplenote_mcp/__main__.py` - Added module execution support ### Configuration Files - `.github/workflows/docker-publish.yml` - Enhanced with better error handling and secret validation - `.dockerignore` - Updated to exclude unnecessary files while including the entrypoint script ### Testing - `test_docker_build.sh` - Created comprehensive local testing script ## Key Improvements ### Security Enhancements - Non-root user execution - Minimal attack surface with slim base image - Proper file permissions and ownership - Security scanning integration ### Reliability Improvements - Graceful handling of missing Docker Hub secrets - Fallback mechanisms for different execution methods - Better error messages and debugging information - Timeout protection for long-running operations ### Performance Optimizations - Multi-stage builds to reduce image size - Optimized layer caching - Efficient dependency management - Reduced build context with improved .dockerignore ### Compatibility - Support for both ARM64 and AMD64 architectures - Flexible entry points (console script vs module execution) - Environment variable configuration - Docker Compose compatibility ## Testing The fixes include a comprehensive test script (`test_docker_build.sh`) that validates: - Docker image builds successfully - Console script availability - Module import functionality - Environment variable handling - Health check functionality - Docker Compose configuration validation ## Usage Examples ### Basic Usage ```bash docker run -e SIMPLENOTE_EMAIL=user@example.com -e SIMPLENOTE_PASSWORD=secret docdyhr/simplenote-mcp-server ``` ### Help and Documentation ```bash docker run docdyhr/simplenote-mcp-server --help ``` ### Offline Mode for Testing ```bash docker run -e SIMPLENOTE_OFFLINE_MODE=true docdyhr/simplenote-mcp-server ``` ### With Docker Compose ```bash docker-compose up ``` ## Workflow Execution The updated workflow now: 1. Validates available secrets before attempting Docker operations 2. Continues execution even if optional steps fail 3. Provides better feedback and error messages 4. Supports both Docker Hub and GitHub Container Registry 5. Includes comprehensive testing and security scanning These fixes ensure that the Docker build and publish workflow is more robust, secure, and reliable while maintaining flexibility for different deployment scenarios.