Publish to MCP Registry #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to MCP Registry | |
| on: | |
| workflow_run: | |
| workflows: [Release] | |
| types: [completed] | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag to publish (e.g., v0.0.51)' | |
| required: true | |
| type: string | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write # Required for OIDC authentication to MCP Registry | |
| contents: read # Required for checkout (read-only, no write access) | |
| jobs: | |
| publish: | |
| name: Publish to MCP Registry | |
| if: github.repository == 'containers/kubernetes-mcp-server' && (github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| # Use head_sha (not head_branch) to checkout the exact commit that Release validated | |
| ref: ${{ inputs.tag || github.event.workflow_run.head_sha }} | |
| # Prevent token persistence to reduce attack surface (security best practice) | |
| persist-credentials: false | |
| - name: Get version | |
| id: version | |
| env: | |
| EVENT_NAME: ${{ github.event_name }} | |
| INPUT_TAG: ${{ inputs.tag }} | |
| HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }} | |
| run: | | |
| if [ "$EVENT_NAME" = "workflow_dispatch" ]; then | |
| TAG="$INPUT_TAG" | |
| else | |
| TAG="$HEAD_BRANCH" | |
| fi | |
| # Strip the v prefix | |
| echo "version=${TAG#v}" >> $GITHUB_OUTPUT | |
| - name: Update server.json version | |
| env: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| run: | | |
| jq --arg v "$VERSION" \ | |
| '.version = $v | .packages[] |= if .registryType == "oci" then .identifier = (.identifier | sub(":[^:]+$"; ":" + $v)) else .version = $v end' \ | |
| server.json > server.json.tmp && mv server.json.tmp server.json | |
| echo "Updated server.json:" | |
| cat server.json | |
| - name: Install mcp-publisher | |
| run: | | |
| curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher | |
| - name: Authenticate to MCP Registry | |
| run: ./mcp-publisher login github-oidc | |
| - name: Publish server to MCP Registry | |
| run: ./mcp-publisher publish |