Releases: mitchallen/mcp-hello-server
Releases · mitchallen/mcp-hello-server
Release list
v0.4.1
Fixed
- README version badges (PyPI, Python versions) could display a stale version or
"not found" — their images were cached by GitHub's camo proxy at first render,
before the package existed on PyPI. AppendedcacheSecondsto the shields.io
URLs to change the proxy cache key and force a fresh fetch.
Added
- Note under the badge row explaining that the version badges are cached images
(shields.io and PyPI's own image proxy) that may briefly lag a fresh release,
pointing to the release/tag, the PyPI page heading, and theserver_infotool
for the authoritative version.
v0.4.0
Added
- Published to PyPI as
mcp-hello-server— run it with
no Docker and no clone viauvx mcp-hello-server, or install it with
pipx install mcp-hello-server/pip install mcp-hello-server. publish-pypiGitHub Actions workflow: tests on Python 3.11–3.13, then builds
and uploads the sdist + wheel via trusted publishing (OIDC, no stored
token). It fires on the samev*tag as the GHCR / Docker Hub publishes, so a
singlemake releasefans out to all three registries.LICENSEfile (MIT) — now shipped inside both the sdist and the wheel.- Trove
classifiersand anIssuesproject URL in the package metadata.
Changed
- README reworked to be dual-runtime: the PyPI/
uvxpath and the Docker path
are presented as equal first-class options (badges, intro, and quick start),
rather than leading with Docker — so PyPI visitors aren't steered into a
container they don't need. - The sdist now ships a lean source/tests/metadata allowlist (108 KB → 12 KB),
excluding local tooling (.claude/,CLAUDE.md) and the Docker/CI files that
the previous build leaked.
v0.3.0
Changed
make releasenow verifies thatCHANGELOG.mdhas a## [X.Y.Z]section for
the version being released before it bumps, tags, or pushes anything. The
target version is computed withuv version --dry-run(no mutation), and the
release aborts early with a helpful message if the entry is missing — so a
release can no longer be cut with empty auto-generated GitHub Release notes.
v0.2.0
Changed
make releasenow creates the matching GitHub Release automatically
(gh release create) after pushing the tag, using that version's
CHANGELOG.mdsection as the release notes (extracted withawk).
Previously the target only pushed the tag, so the Releases page drifted
behind the tags and published images —v0.1.2had a tag and images but no
Release object until it was created after the fact.
Documentation
- Refreshed the Docker badges and image pull instructions in the README.
v0.1.2
Changed
- Switched the Docker base image from
python:3.12-slim-bookworm(Debian) to a distroless Chainguard/Wolfi Python base (cgr.dev/chainguard/python). The Debian base carried 4 CRITICAL + 17 HIGH OS-package CVEs with no upstream fix available (perl, zlib, sqlite, util-linux, ncurses); the Wolfi image ships those packages away entirely and scans 0 vulnerabilities at every severity. The venv is built on the matching-devimage so its interpreter resolves at runtime; the runtime is smaller (231 MB vs 341 MB) and still runs as a non-root user. The previousapt-get upgradeanduseraddsteps are gone (no package manager / already non-root). make scannow fails on fixable CRITICAL/HIGH vulnerabilities (--severity CRITICAL,HIGH --ignore-unfixed --exit-code 1), matching the CI gate for local parity.
Security
- Automated container image vulnerability scanning with Trivy. The new
image-scanworkflow builds the image and fails the build on fixable CRITICAL/HIGH vulnerabilities on every pull request and push tomain, and thepublish/publish-dockerhubworkflows run the same gate before pushing so a vulnerable image can't reach GHCR or Docker Hub. - Added a
scan-scheduledworkflow that re-scans the published:latestimage daily and uploads results (all severities, including unfixed) to the GitHub Security tab, catching CVEs disclosed after build time. - Added a Dependabot config (
.github/dependabot.yml) opening weekly update PRs for the Docker base image, GitHub Actions, and Python dependencies, and enabled Dependabot alerts + security updates on the repository.
Full changelog: v0.1.1...v0.1.2
v0.1.1
Documentation
- Add a "Quick start — demo an MCP server in 2 minutes" section to the top of the README: a client-driven walkthrough (add → verify → ask → remove) using the published Docker Hub image, aimed at someone seeing how an MCP client discovers and calls tools for the first time, plus an HTTP alternative.
No code changes — the 0.1.1 images are identical in behavior to 0.1.0.
Full changelog: v0.1.0...v0.1.1
v0.1.0
Initial release: a minimal FastMCP server with two tools.
server_info()— health/status check (app name, version, uptime, supported languages, default language).greet(language?, name?)— a friendly greeting in one of eight languages (english, spanish, french, german, italian, portuguese, japanese, hawaiian), defaulting to English. Accepts a language name, alternate spelling, or ISO code (case-insensitive), plus an optional name to personalize the message.
Includes CI test/bdd workflows and GHCR + Docker Hub publish workflows.