name: Docker Build & Test
on:
push:
branches: [main, develop]
paths:
- 'Dockerfile'
- 'docker-compose.yml'
- 'src/**'
- 'package*.json'
pull_request:
branches: [main]
paths:
- 'Dockerfile'
- 'docker-compose.yml'
workflow_dispatch:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
# Job 1: Build and Test Docker Image
build-test:
name: Build & Test Docker Image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
load: true
tags: hurricane-tracker-mcp:test
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Test Docker image
run: |
# Test that the container starts
docker run -d --name test-container -p 8080:8080 hurricane-tracker-mcp:test
sleep 5
# Check container is running
docker ps | grep test-container
# Test health endpoint
curl -f http://localhost:8080/health || exit 1
# Check logs for errors
docker logs test-container 2>&1 | grep -i error && exit 1 || true
# Stop container
docker stop test-container
docker rm test-container
- name: Test stdio mode
run: |
# Test stdio transport
echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1.0.0"}}}' | \
docker run -i --rm hurricane-tracker-mcp:test 2>/dev/null | \
grep -q "result" || exit 1
- name: Scan for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: hurricane-tracker-mcp:test
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH'
ignore-unfixed: true
- name: Check image size
run: |
SIZE=$(docker images hurricane-tracker-mcp:test --format "{{.Size}}")
echo "Docker image size: $SIZE"
# Convert to MB and check if under 500MB
SIZE_MB=$(docker images hurricane-tracker-mcp:test --format "{{.Size}}" | sed 's/MB//' | sed 's/GB/*1024/' | bc -l | cut -d'.' -f1)
if [ "$SIZE_MB" -gt "500" ]; then
echo "Warning: Docker image exceeds 500MB"
fi
# Job 2: Multi-platform Build
multi-platform:
name: Multi-platform Build
runs-on: ubuntu-latest
needs: [build-test]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push multi-platform
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Job 3: Docker Compose Testing
compose-test:
name: Docker Compose Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Test Docker Compose
run: |
# Start services
docker-compose up -d
# Wait for services to be ready
sleep 10
# Check services are running
docker-compose ps
# Test health endpoint
curl -f http://localhost:8080/health || exit 1
# Check logs
docker-compose logs
# Run integration test
./scripts/docker-health-check.sh || exit 1
- name: Test volume persistence
run: |
# Create test data
docker-compose exec -T hurricane-tracker-mcp sh -c "echo 'test' > /app/data/test.txt"
# Restart container
docker-compose restart
# Check data persists
docker-compose exec -T hurricane-tracker-mcp sh -c "cat /app/data/test.txt" | grep -q "test" || exit 1
- name: Cleanup
if: always()
run: |
docker-compose down -v
docker system prune -f
