feat: add new image tags, git tags, dry run for testing#88
Conversation
There was a problem hiding this comment.
Pull request overview
This PR enhances the MCP Docker image build workflow to support improved versioning and safer testing, by adding additional Docker tags, creating matching Git tags, and introducing a dry-run mode to avoid publishing artifacts during validation.
Changes:
- Adds a
workflow_dispatchdry_runinput to build without pushing images/manifests/Git tags. - Extends multi-arch manifest publishing to also tag
latestand a version tag. - Adds a step to create and push a matching annotated Git tag for the published version.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I think we might also need to update mcp-local/server.json with the latest version tag? |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
brikin01
left a comment
There was a problem hiding this comment.
Thanks for all these changes! I just have two points:
-
It might be worth blocking publishing reruns. Rerunning the same workflow can calculate a new semver tag and publish another production version for the same build. Since we probably don’t want full release-repair logic, the simple fix is to fail publishing reruns and ask people to start a fresh workflow run instead.
-
I think we should rearrange a few steps. After determining
TAG_VERSION, we should commit theserver.jsonchanges before creating the git tag/GitHub Release, so the release points to the commit with matching metadata. We should also move the production Docker tags to the end, so if something fails midway, we only have a dated staged image to retry or clean up, not a partially promoted production release.
Suggested flow:
- Build/push arch images:
DATE_TAG-amd64,DATE_TAG-arm64 - Create the multi-arch staged image:
IMAGE:DATE_TAG - Determine
TAG_VERSION - Bump and commit
server.json - Create the git tag and GitHub Release
- Promote
IMAGE:DATE_TAGtoIMAGE:${TAG_VERSION}andIMAGE:latest
Thanks for the review. 2 is a valid concern. However if steps 5 or 6 fail then we will have to revert server.json & additional clean ups will be needed. Working on re-ordering these steps for correct updation. |
|
Current order is as below -
Now, git tag is the version cursor, and it's created last, so anything failing before it leaves the cursor unmoved and a re-run recomputes the same version (self-healing). So we need to make sure if this gh action fails at any step, it needs to be re-run to get everything updated.
This last scenario here can be ignored, since it is very rare case as window is very tiny. This could also be recovered manually by deleting the orphan tag or creating the missing release. @brikin01 please review & let me know if this logic makes sense. |
brikin01
left a comment
There was a problem hiding this comment.
Thanks for iterating on this. The updated ordering makes sense to me as a reasonable tradeoff: the git tag remains the version cursor, and failures before that point can be recovered with a fresh workflow run rather than GitHub’s rerun button.
I left a couple of small comments, mostly to clarify the workflow comments/error text so the recovery path is explicit. I also agree with the two minor Copilot comments (ignoring the “no existing version tag” one).
With just those minor changes, happy to approve. Really appreciate all the back and forth on this; there are definitely a bunch of edge cases in this type of workflow.
Thanks for your review @brikin01, need to get as many eyes on this as possible to not miss any corner case. I have fixed all the open issues. |

STESOL-507 - Arm MCP Server environment versioning improvements
Docker image tags
The verified multi-arch image is published to Docker Hub with:
latest— the prod image.X.Y.Z(e.g.2.3.0), auto-computed (not hardcoded). The highest existingX.Y.Ztag from git version is the source of truth; the next version is derived from it:X.Y+1.0) — automatic on weekly knowledge-base rebuilds (workflow_run).X+1.0.0) / hotfix (X.Y.Z+1) — selected manually via thebump_typeinput.YYYY-MM-DD-github.run_number(e.g.2026-06-15-1234) — the stage image.latest/version aliases are applied only after the dated manifest is created and verified to contain bothlinux/amd64andlinux/arm64.Git tags & release
vX.Y.Zfor each published Docker version..github/release.yml).server.json
mcp-local/server.json(version+ OCI packageidentifier) to the computed version & directly merge into the main.Safety / testing
dry_runflag builds/validates without pushing images, manifests, git tags, or releases.main; non-main runs must usedry_run=true(fail-fast guard).