add build pipeline and deployment docs

karmaking · karmaking · commit f8d8da947ddd · 2026-02-21T15:04:58.000+01:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,81 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+ai_env
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Git
+.git/
+.gitignore
+.gitattributes
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.nox/
+
+# Documentation
+*.md
+docs/
+!README.md
+
+# CI/CD
+.github/
+.gitlab-ci.yml
+
+# Database data (generated at runtime)
+database/data/
+
+# Logs
+*.log
+
+# Other
+*.bak
+*.tmp
+.cache/
+tests/
+
+# Lock files (keeping poetry.lock for reference but using uv.lock)
+poetry.lock
+
+# License files (optional to exclude)
+LICENSE
diff --git a/.github/workflows/build_container_main_branch_themed.yml b/.github/workflows/build_container_main_branch_themed.yml
@@ -0,0 +1,38 @@
+name: Build and publish container
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+env:
+  DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
+  DOCKER_HUB_REPOSITORY: obp-mcp
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build the Docker image
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --file Dockerfile --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker done
+
+      - uses: sigstore/cosign-installer@main
+
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+
+      - name: Sign container image
+        run: |
+          cosign sign -y --key cosign.key \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:main
+        env:
+          COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"
+
+
+
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,29 @@
+
+FROM python:3.12-slim AS builder
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+WORKDIR /app
+COPY pyproject.toml uv.lock ./
+RUN uv sync --frozen --no-dev
+
+FROM python:3.12-slim
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+WORKDIR /app
+COPY --from=builder /app/.venv /app/.venv
+COPY src/ ./src/
+COPY database/ ./database/
+COPY scripts/ ./scripts/
+COPY pyproject.toml uv.lock ./
+COPY run_server.sh ./
+RUN chmod +x run_server.sh
+RUN mkdir -p database/data
+
+ENV PYTHONUNBUFFERED=1
+ENV PATH="/app/.venv/bin:$PATH"
+ENV FASTMCP_HOST=0.0.0.0
+ENV FASTMCP_PORT=9100
+ENV OBP_BASE_URL=https://apisandbox.openbankproject.com
+ENV OBP_API_VERSION=v5.1.0
+
+EXPOSE 9100
+
+CMD ["sh", "-c", "uv run python scripts/generate_endpoint_index.py && uv run python scripts/generate_glossary_index.py && ./run_server.sh"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,46 @@
+version: '3.8'
+
+services:
+  obp-mcp:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: obp-mcp-server
+    ports:
+      - "${FASTMCP_PORT:-9100}:9100"
+    environment:
+      # Server Configuration
+      FASTMCP_HOST: 0.0.0.0
+      FASTMCP_PORT: 9100
+
+      # OBP API Configuration
+      OBP_BASE_URL: ${OBP_BASE_URL:-https://apisandbox.openbankproject.com}
+      OBP_API_VERSION: ${OBP_API_VERSION:-v5.1.0}
+
+      # Authentication Configuration (optional)
+      ENABLE_OAUTH: ${ENABLE_OAUTH:-false}
+      AUTH_PROVIDER: ${AUTH_PROVIDER:-bearer-only}
+      OBP_OIDC_ISSUER_URL: ${OBP_OIDC_ISSUER_URL:-}
+      BASE_URL: ${BASE_URL:-http://localhost:9100}
+
+      # Python Configuration
+      PYTHONUNBUFFERED: 1
+    volumes:
+      # Mount database/data for persistent storage of generated indexes
+      - ./database/data:/app/database/data
+
+      # Optional: Mount .env file if you prefer file-based config
+      # - ./.env:/app/.env:ro
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9100/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+    networks:
+      - obp-network
+
+networks:
+  obp-network:
+    driver: bridge
