From 8e8a840faff8c3c298c82f63d1c12cee9f96bf1b Mon Sep 17 00:00:00 2001 From: Gerald Venzl Date: Mon, 27 Oct 2025 09:29:14 -0700 Subject: [PATCH 1/6] Use manual image build due to Oracle GH restrictions Signed-off-by: Gerald Venzl --- .github/workflows/build-doc-mcp.yml | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build-doc-mcp.yml b/.github/workflows/build-doc-mcp.yml index a5c14a7..e806aba 100644 --- a/.github/workflows/build-doc-mcp.yml +++ b/.github/workflows/build-doc-mcp.yml @@ -37,19 +37,11 @@ jobs: cd src/oracle-db-doc-mcp-server/ buildah bud -f Dockerfile -t oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} . - - name: 🔓 Login to GHCR registry - uses: redhat-actions/podman-login@v1 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ghcr.io - - - name: 🫸 Push image to Container Registry - uses: redhat-actions/push-to-registry@v2 - with: - registry: ghcr.io/gvenzl/mcp - image: oracle-db-doc - tags: latest-${{ steps.os_arch.outputs.OS_ARCH }} + - name: 🫸 Push arch-specific image to Container Registry + run: | + podman login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} + podman tag oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} ghcr.io/gvenzl/mcp/oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} + podman push ghcr.io/gvenzl/mcp/oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} upload-multi-arch: name: 🫸 Push multi-arch manifest @@ -60,15 +52,9 @@ jobs: packages: write steps: - - name: 🔓 Login to GHCR registry - uses: redhat-actions/podman-login@v1 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ghcr.io - - - name: 🫸 Push multi-arch manifest + - name: 🫸 Push multi-arch image to Container Registry run: | + podman login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} podman manifest create ghcr.io/gvenzl/mcp/oracle-db-doc:latest podman manifest add ghcr.io/gvenzl/mcp/oracle-db-doc:latest ghcr.io/gvenzl/mcp/oracle-db-doc:latest-amd64 podman manifest add ghcr.io/gvenzl/mcp/oracle-db-doc:latest ghcr.io/gvenzl/mcp/oracle-db-doc:latest-arm64 From 0194e2dc1916d429724896b1ff6004d358c9ebbd Mon Sep 17 00:00:00 2001 From: Gerald Venzl Date: Mon, 27 Oct 2025 09:37:22 -0700 Subject: [PATCH 2/6] Use manual image build due to Oracle GH restrictions Signed-off-by: Gerald Venzl --- .github/workflows/build-doc-mcp.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-doc-mcp.yml b/.github/workflows/build-doc-mcp.yml index e806aba..8087749 100644 --- a/.github/workflows/build-doc-mcp.yml +++ b/.github/workflows/build-doc-mcp.yml @@ -3,9 +3,11 @@ on: push: paths: - "src/oracle-db-doc-mcp-server/**" + - ".github/workflows/build-doc-mcp.yml" pull_request: paths: - "src/oracle-db-doc-mcp-server/**" + - ".github/workflows/build-doc-mcp.yml" jobs: build-image: From 504fe961317ee274aa14a27f1ad7bc30f0b5fafb Mon Sep 17 00:00:00 2001 From: Gerald Venzl Date: Mon, 27 Oct 2025 10:09:29 -0700 Subject: [PATCH 3/6] Use manual image build due to Oracle GH restrictions Signed-off-by: Gerald Venzl --- .github/workflows/build-doc-mcp.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-doc-mcp.yml b/.github/workflows/build-doc-mcp.yml index 8087749..5097b7b 100644 --- a/.github/workflows/build-doc-mcp.yml +++ b/.github/workflows/build-doc-mcp.yml @@ -42,8 +42,8 @@ jobs: - name: 🫸 Push arch-specific image to Container Registry run: | podman login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} - podman tag oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} ghcr.io/gvenzl/mcp/oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} - podman push ghcr.io/gvenzl/mcp/oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} + podman tag oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} ghcr.io/oracle/mcp/oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} + podman push ghcr.io/oracle/mcp/oracle-db-doc:latest-${{ steps.os_arch.outputs.OS_ARCH }} upload-multi-arch: name: 🫸 Push multi-arch manifest @@ -57,7 +57,7 @@ jobs: - name: 🫸 Push multi-arch image to Container Registry run: | podman login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} - podman manifest create ghcr.io/gvenzl/mcp/oracle-db-doc:latest - podman manifest add ghcr.io/gvenzl/mcp/oracle-db-doc:latest ghcr.io/gvenzl/mcp/oracle-db-doc:latest-amd64 - podman manifest add ghcr.io/gvenzl/mcp/oracle-db-doc:latest ghcr.io/gvenzl/mcp/oracle-db-doc:latest-arm64 - podman push ghcr.io/gvenzl/mcp/oracle-db-doc:latest + podman manifest create ghcr.io/oracle/mcp/oracle-db-doc:latest + podman manifest add ghcr.io/oracle/mcp/oracle-db-doc:latest ghcr.io/oracle/mcp/oracle-db-doc:latest-amd64 + podman manifest add ghcr.io/oracle/mcp/oracle-db-doc:latest ghcr.io/oracle/mcp/oracle-db-doc:latest-arm64 + podman push ghcr.io/oracle/mcp/oracle-db-doc:latest From 54588235a633c9d0dcc4ad2f0a0dad9311b48ab6 Mon Sep 17 00:00:00 2001 From: Gerald Venzl Date: Mon, 27 Oct 2025 13:09:10 -0700 Subject: [PATCH 4/6] Update job permissions Signed-off-by: Gerald Venzl --- .github/workflows/build-doc-mcp.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build-doc-mcp.yml b/.github/workflows/build-doc-mcp.yml index 5097b7b..9c00f67 100644 --- a/.github/workflows/build-doc-mcp.yml +++ b/.github/workflows/build-doc-mcp.yml @@ -17,6 +17,9 @@ jobs: permissions: packages: write + contents: read + attestations: write + id-token: write name: 🛠️ Build image runs-on: ${{ matrix.runner }} @@ -52,6 +55,9 @@ jobs: permissions: packages: write + contents: read + attestations: write + id-token: write steps: - name: 🫸 Push multi-arch image to Container Registry From 484f18c13db47c055fae28e108992ca860e0179d Mon Sep 17 00:00:00 2001 From: Gerald Venzl Date: Mon, 27 Oct 2025 13:22:51 -0700 Subject: [PATCH 5/6] Reset permissions Signed-off-by: Gerald Venzl --- .github/workflows/build-doc-mcp.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/build-doc-mcp.yml b/.github/workflows/build-doc-mcp.yml index 9c00f67..5097b7b 100644 --- a/.github/workflows/build-doc-mcp.yml +++ b/.github/workflows/build-doc-mcp.yml @@ -17,9 +17,6 @@ jobs: permissions: packages: write - contents: read - attestations: write - id-token: write name: 🛠️ Build image runs-on: ${{ matrix.runner }} @@ -55,9 +52,6 @@ jobs: permissions: packages: write - contents: read - attestations: write - id-token: write steps: - name: 🫸 Push multi-arch image to Container Registry From ec900d0547746871634ffe302af51e28fb681704 Mon Sep 17 00:00:00 2001 From: Gerald Venzl Date: Wed, 29 Oct 2025 14:29:19 -0700 Subject: [PATCH 6/6] Do not build image for PRs Signed-off-by: Gerald Venzl --- .github/workflows/build-doc-mcp.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/build-doc-mcp.yml b/.github/workflows/build-doc-mcp.yml index 5097b7b..b1f8058 100644 --- a/.github/workflows/build-doc-mcp.yml +++ b/.github/workflows/build-doc-mcp.yml @@ -4,10 +4,6 @@ on: paths: - "src/oracle-db-doc-mcp-server/**" - ".github/workflows/build-doc-mcp.yml" - pull_request: - paths: - - "src/oracle-db-doc-mcp-server/**" - - ".github/workflows/build-doc-mcp.yml" jobs: build-image: