Two image-label fixes:
- Add `org.opencontainers.image.source` so tools like renovate can retrieve release notes from the source repo.
- Re-declare `ARG VERSION` in the final stage. `ARG` after `FROM` is stage-scoped, so the builder-stage `VERSION` never reached the final stage and `org.opencontainers.image.version` expanded to an empty string in published images.
Closes#192
---
This PR was written with the help of Claude Opus 4.7
Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/193
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-committed-by: silverwind <me@silverwind.io>
- Switch build base image to Alpine and set platform dynamically
- Use distroless nonroot image for final stage to enhance security
- Add build arguments for VERSION, TARGETOS, and TARGETARCH with defaults
- Cache Go module and build dependencies to improve build performance
- Remove manual installation of ca-certificates and user creation (handled by base image)
- Set nonroot user for running the application
- Add healthcheck for the built binary
- Add OCI-compliant author and version labels
Signed-off-by: appleboy <appleboy.tw@gmail.com>
Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/50
Co-authored-by: appleboy <appleboy.tw@gmail.com>
Co-committed-by: appleboy <appleboy.tw@gmail.com>
- Switch base image from `golang:1.24-alpine` to `golang:1.24-bullseye` for the build stage
- Update working directory from `/build` to `/app`
- Separate the copying of go.mod and go.sum files before downloading dependencies
- Add comments for build stages and process steps
- Switch final stage base image from `ubuntu:24.04` to `debian:bullseye-slim`
- Improve installation of ca-certificates and clean up the apt lists afterward
- Create and switch to a non-root user named `gitea-mcp`
- Change the file copy command to `--chown=1000:1000 /app/gitea-mcp`
- Update `CMD` to use an absolute path `/app/gitea-mcp`
Signed-off-by: appleboy <appleboy.tw@gmail.com>
Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/19
Co-authored-by: appleboy <appleboy.tw@gmail.com>
Co-committed-by: appleboy <appleboy.tw@gmail.com>
silverwind