Add MCP server publishing workflow

[ltagliaferri]

Resolves #114

Context

Dev Rel is working on more migration and AI assistant tooling and have some interdependencies with DFC.

The DFC MCP server currently requires users to:

• Have Go 1.20+ installed locally
• Build from source using go run or manual compilation
• Manage dependencies and build toolchain themselves

This creates friction for users who want to integrate dfc with AI assistants like Claude Code, Claude Desktop, Cursor, etc.

Proposed Solution

Publish the MCP server as a signed Chainguard container image to GitHub Container Registry (ghcr.io/chainguard-dev/dfc-mcp:latest).

Possible longer term solution: Update the DFC Chainguard container image.

User Benefits

• Zero dependencies: Only need Docker/OCI runtime
• Instant availability: Pull pre-built image instead of compiling
• Consistent experience: Same image across all platforms (amd64, arm64)
• Auto-updates: Latest version always available
• Verifiable security: Signed, scanned, with SBOM

Implementation Details

What's Included

1. GitHub Actions Workflow (.github/workflows/publish-mcp-server.yaml)

   • Builds container from the existing mcp-server/Dockerfile
   • Publishes to ghcr.io/chainguard-dev/dfc-mcp
   • Multi-architecture support (amd64, arm64)
   • Automated on code changes, releases, and manual dispatch

2. Security Features

   • All actions pinned to commit SHAs (supply chain protection)
   • Network egress blocked with explicit allowlist (prevents exfiltration)
   • Vulnerability scanning with Trivy (blocks on CRITICAL/HIGH)
   • Cryptographic signing with Sigstore cosign (integrity verification)
   • SBOM generation and attachment (SPDX format)
   • SLSA provenance attestation (build verification)
   • SARIF upload to GitHub Security (continuous monitoring)
   • Minimal permissions (least privilege)
   • Built on Chainguard's Go image

3. Documentation

   • Updated MCP server README with container usage

Configuration Examples

Claude Desktop:

{
  "mcpServers": {
    "dfc": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "ghcr.io/chainguard-dev/dfc-mcp:latest"]
    }
  }
}

Claude Code Plugin:

{
  "mcpServers": {
    "dfc": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "ghcr.io/chainguard-dev/dfc-mcp:latest"]
    }
  }
}

Verification

Users can verify the container's authenticity:

Verify signature

  cosign verify ghcr.io/chainguard-dev/dfc-mcp:latest \
    --certificate-identity-regexp '.*' \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com

View SBOM

  cosign download sbom ghcr.io/chainguard-dev/dfc-mcp:latest

View provenance

  cosign download attestation ghcr.io/chainguard-dev/dfc-mcp:latest

Scan for vulnerabilities

  trivy image ghcr.io/chainguard-dev/dfc-mcp:latest

Files

.github/workflows/publish-mcp-server.yaml (new)
mcp-server/README.md (updated, container instructions)

Open Questions

• Should we also publish to cgr.dev in addition to ghcr.io?
• Should the workflow also trigger on PRs for testing (without publishing)?