Better support custom TLS situations when using a Docker

[byjrack]

Describe the feature or problem you’d like to solve

Currently there is no way (outside of forking i think) to support custom CA trust. Our enterprise controls are blocking the connections and outside of patching the server code or Dockerfile to include our custom cert and rehash the upstream image

Proposed solution

The easiest and least secure option would be a env we can pass in to use a custom transport w TLS verification disabled available via a env var flag.

https://github.com/github/github-mcp-server/blob/main/cmd/github-mcp-server/main.go#L141

And alternative would be to include a bootstrap model to use a volume mount to pull in a trusted cert at runtime. Possibly as part of the mcp settings schema or maybe it can use some of the CA trust support in the core of vscode.

Additional context

[SamMorrowDrums]

One option is just using the built binaries shared in the releases, as then they will use system and not docker trust chain.

https://github.com/github/github-mcp-server/releases/tag/v0.1.1

One comment suggested this had already been added to homebrew, so that could also be worth investigating to manage the binary.

[byjrack]

Good call didn't notice the binary release outside of the image release. 😵‍💫

 "github": {
          "command": "github-mcp-server",
          "args": [ "stdio" ],
          "env": {
            "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}"
          }
        }

Easy tweak to the server ref just to test things out and couple quick tests seem to be fine. See it pushed to Homebrew as well so no path issues. Gatekeeper was being a bit picky for all those mac users, but easy to allow it when its blocked so that vscode can call it.

Still like to see the upstream team include TLS management in the Docker release so won't close the request just yet, but agreed a solid workaround.