ci: Install publisher via binary release

[masnwilliams]

TL;DR

Updated the publish-mcp workflow to install the mcp-publisher via its binary release instead of building it from source.

Why we made these changes

Building the publisher from source during the CI run is slow and adds unnecessary complexity. Downloading a pre-compiled binary is faster, simplifies the workflow by removing the Go build dependency, and improves reliability.

What changed?

• The publish-mcp.yml workflow now downloads the mcp-publisher binary directly from its GitHub release assets.
• Removed the setup-go action and the go install command, as the Go toolchain is no longer required.

^{Description generated by Mesa. Update settings}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
mcp	Building	Preview	Comment	Sep 10, 2025 8:44pm

[mesa-dot-dev]

Performed full review of 66e26ed...87c787c

Tip

⚡ Quick Actions

This review was generated by Mesa.

Actions:

• Configure your agents

Slash Commands:

• /review - Request a full code review
• /review latest - Review only changes since the last review
• /describe - Generate PR description. This will update the PR body or issue comment depending on your configuration
• /help - Get help with Mesa commands and configuration options

^{1 files reviewed | 3 comments | Review on Mesa | Edit Reviewer Settings}

[mesa-dot-dev]

The curl command lacks checksum verification, making it vulnerable to supply chain attacks. Consider adding SHA256 checksum verification after downloading the binary to ensure integrity.
_{Agent: 🤖 General}

[mesa-dot-dev]

The architecture detection only handles x86_64 and aarch64, but doesn't have a fallback for unsupported architectures. This could cause silent failures if the workflow runs on an unexpected architecture. Consider adding an explicit check and error message for unsupported architectures.
_{Agent: 🤖 General}