From b2d91c97d829228441dddb4ced9cc00f70381afa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9sar=20Arroba?= <19954079+cesararroba@users.noreply.github.com> Date: Tue, 14 Oct 2025 18:18:27 +0200 Subject: [PATCH] chore(mcp): modify MCP container action (#8902) --- .../workflows/mcp-container-build-push.yml | 113 ++++++++++++++++++ .../mcp-server-build-push-containers.yml | 90 -------------- 2 files changed, 113 insertions(+), 90 deletions(-) create mode 100644 .github/workflows/mcp-container-build-push.yml delete mode 100644 .github/workflows/mcp-server-build-push-containers.yml diff --git a/.github/workflows/mcp-container-build-push.yml b/.github/workflows/mcp-container-build-push.yml new file mode 100644 index 0000000000..fa4f5be578 --- /dev/null +++ b/.github/workflows/mcp-container-build-push.yml @@ -0,0 +1,113 @@ +name: 'MCP: Container Build and Push' + +on: + push: + branches: + - "master" + paths: + - "mcp_server/**" + - ".github/workflows/mcp-container-build-push.yml" + + # Uncomment to test this workflow on PRs + # pull_request: + # branches: + # - "master" + # paths: + # - "mcp_server/**" + # - ".github/workflows/mcp-container-build-push.yml" + + release: + types: [published] + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + # Tags + LATEST_TAG: latest + RELEASE_TAG: ${{ github.event.release.tag_name }} + STABLE_TAG: stable + WORKING_DIRECTORY: ./mcp_server + + # Container registries + PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud + PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-mcp + +jobs: + setup: + if: github.repository == 'prowler-cloud/prowler' + runs-on: ubuntu-latest + outputs: + short-sha: ${{ steps.set-short-sha.outputs.short-sha }} + steps: + - name: Calculate short SHA + id: set-short-sha + run: echo "short-sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT + + container-build-push: + needs: setup + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Login to DockerHub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + + - name: Build and push container (latest) + if: github.event_name == 'push' + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + context: ${{ env.WORKING_DIRECTORY }} + push: true + tags: | + ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }} + ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ needs.setup.outputs.short-sha }} + labels: | + org.opencontainers.image.title=Prowler MCP Server + org.opencontainers.image.description=Model Context Protocol server for Prowler + org.opencontainers.image.vendor=ProwlerPro, Inc. + org.opencontainers.image.source=https://github.com/${{ github.repository }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.created=${{ github.event.head_commit.timestamp }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Build and push container (release) + if: github.event_name == 'release' + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + context: ${{ env.WORKING_DIRECTORY }} + push: true + tags: | + ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.RELEASE_TAG }} + ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.STABLE_TAG }} + labels: | + org.opencontainers.image.title=Prowler MCP Server + org.opencontainers.image.description=Model Context Protocol server for Prowler + org.opencontainers.image.vendor=ProwlerPro, Inc. + org.opencontainers.image.version=${{ env.RELEASE_TAG }} + org.opencontainers.image.source=https://github.com/${{ github.repository }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.created=${{ github.event.release.published_at }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Trigger deployment + if: github.event_name == 'push' + uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4.0.0 + with: + token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }} + repository: ${{ secrets.CLOUD_DISPATCH }} + event-type: mcp-prowler-deployment + client-payload: '{"sha": "${{ github.sha }}", "short_sha": "${{ needs.setup.outputs.short-sha }}"}' diff --git a/.github/workflows/mcp-server-build-push-containers.yml b/.github/workflows/mcp-server-build-push-containers.yml deleted file mode 100644 index ec10caddab..0000000000 --- a/.github/workflows/mcp-server-build-push-containers.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: MCP Server - Build and Push containers - -on: - push: - branches: - - "master" - paths: - - "mcp_server/**" - - ".github/workflows/mcp-server-build-push-containers.yml" - - # Uncomment the below code to test this action on PRs - # pull_request: - # branches: - # - "master" - # paths: - # - "mcp_server/**" - # - ".github/workflows/mcp-server-build-push-containers.yml" - - release: - types: [published] - -env: - # Tags - LATEST_TAG: latest - - WORKING_DIRECTORY: ./mcp_server - - # Container Registries - PROWLERCLOUD_DOCKERHUB_REPOSITORY: prowlercloud - PROWLERCLOUD_DOCKERHUB_IMAGE: prowler-mcp - -jobs: - repository-check: - name: Repository check - runs-on: ubuntu-latest - outputs: - is_repo: ${{ steps.repository_check.outputs.is_repo }} - steps: - - name: Repository check - id: repository_check - working-directory: /tmp - run: | - if [[ ${{ github.repository }} == "prowler-cloud/prowler" ]] - then - echo "is_repo=true" >> "${GITHUB_OUTPUT}" - else - echo "This action only runs for prowler-cloud/prowler" - echo "is_repo=false" >> "${GITHUB_OUTPUT}" - fi - - container-build-push: - needs: repository-check - if: needs.repository-check.outputs.is_repo == 'true' - runs-on: ubuntu-latest - defaults: - run: - working-directory: ${{ env.WORKING_DIRECTORY }} - - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Set short git commit SHA - id: vars - run: | - shortSha=$(git rev-parse --short ${{ github.sha }}) - echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV - - - name: Login to DockerHub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - - name: Build and push container image (latest) - # Comment the following line for testing - if: github.event_name == 'push' - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - context: ${{ env.WORKING_DIRECTORY }} - # Set push: false for testing - push: true - tags: | - ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.LATEST_TAG }} - ${{ env.PROWLERCLOUD_DOCKERHUB_REPOSITORY }}/${{ env.PROWLERCLOUD_DOCKERHUB_IMAGE }}:${{ env.SHORT_SHA }} - cache-from: type=gha - cache-to: type=gha,mode=max