# 🐳 Simplenote MCP Server – CI/CD Docker Publishing PRD
## 🎯 Goal
Automate the build and publishing process for the `simplenote-mcp-server` Docker image to Docker Hub under the `docdyhr` organization using GitHub Actions. Every push to `main` or a semantic version tag (`vX.Y.Z`) should trigger this pipeline.
---
## 📦 Scope
- GitHub Actions workflow for CI/CD container publishing
- Dockerfile for containerization
- Secure authentication via GitHub secrets
- Tagged image releases (latest + versioned)
---
## 🧱 Features & Requirements
### CI/CD Pipeline
| Feature | Description |
|-------------------------------|-------------------------------------------------------|
| Build image | On push to `main` or tag (e.g. `v1.0.0`) |
| Push to Docker Hub | Automatically tag and push image |
| Versioned Tags | Use `:latest` and optional semver-based tags |
| Secure Login | Uses GitHub Secrets for Docker Hub credentials |
---
## 🔧 Implementation Details
### Dockerfile
Located in the root of the repository or under `/docker`. Based on Python 3.11 Slim. Exposes port `8000`.
```dockerfile
FROM python:3.11-slim
WORKDIR /app
COPY . /app
RUN pip install --no-cache-dir -r requirements.txt
EXPOSE 8000
CMD ["python", "server.py"]
```
### GitHub Actions Workflow
File: `.github/workflows/docker-publish.yml`
```yaml
name: Publish Docker Image
on:
push:
branches: [ main ]
tags:
- 'v*.*.*'
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout source
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
docdyhr/simplenote-mcp-server:latest
docdyhr/simplenote-mcp-server:${{ github.ref_name }}
```
---
## 🔐 Secrets Required
| Secret Name | Description |
|-----------------|--------------------------------------|
| `DOCKER_USERNAME` | Docker Hub username (`docdyhr`) |
| `DOCKER_TOKEN` | Docker Hub Access Token (RW access) |
To create the token:
- Go to [hub.docker.com → Security](https://hub.docker.com/settings/security)
- Generate a new **Access Token**
- Save the token in GitHub repo → Settings → Secrets → Actions
---
## ✅ Success Criteria
- ✅ Docker image builds correctly from latest source
- ✅ New tags (`v1.6.0`) trigger correct semantic image versions
- ✅ Images appear under [Docker Hub – docdyhr](https://hub.docker.com/repositories/docdyhr)
- ✅ GitHub Actions run reliably and complete without failure
---
## 🎉 Implemented Enhancements
- ✅ **Multi-architecture builds** (`linux/amd64`, `linux/arm64`)
- ✅ **Linting/test stage pre-publish** with ruff, mypy, and pytest
- ✅ **Automatically update `README.md`** with version tags via workflow
- ✅ **Support notifications** (Slack and email integration)
- ✅ **Container signing** with Sigstore cosign for supply chain security
- ✅ **Automated dependency updates** with Dependabot
- ✅ **Health check monitoring** with automated testing every 15 minutes
- ✅ **Kubernetes deployment** with production-ready Helm chart
## 🛠️ Future Enhancements
- Add OCI artifact attestations for enhanced security
- Implement artifact caching for faster builds
- Add GitOps deployment pipelines
- Create Kubernetes operator for advanced management
- Add metrics and observability stack (Prometheus/Grafana)
---
