stacklok
diff --git a/‎.github/ko-ci.yml‎
Lines changed: 9 additions & 0 deletions b/‎.github/ko-ci.yml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎.github/workflows/image-build-and-publish.yml‎
Lines changed: 87 additions & 9 deletions b/‎.github/workflows/image-build-and-publish.yml‎
Lines changed: 87 additions & 9 deletions
diff --git a/‎Taskfile.yml‎
Lines changed: 39 additions & 2 deletions b/‎Taskfile.yml‎
Lines changed: 39 additions & 2 deletions
@@ -19,6 +19,15 @@ builds:
 
   - id: thv-proxyrunner
     dir: ./cmd/thv-proxyrunner
+    ldflags:
+      - -s -w
+      - -X github.com/stacklok/toolhive/pkg/versions.Version={{.Env.VERSION}}
+      - -X github.com/stacklok/toolhive/pkg/versions.Commit={{.Env.COMMIT}}
+      - -X github.com/stacklok/toolhive/pkg/versions.BuildDate={{.Env.BUILD_DATE}}
+      - -X github.com/stacklok/toolhive/pkg/versions.BuildType=release
+
+  - id: vmcp
+    dir: ./cmd/vmcp
     ldflags:
       - -s -w
       - -X github.com/stacklok/toolhive/pkg/versions.Version={{.Env.VERSION}}
 
@@ -50,12 +50,12 @@ jobs:
         run: |
           TAG=${{ steps.version-string.outputs.tag }}
           TAGS="-t $TAG"
-          
+
           # Add latest tag only if building from a tag
           if [[ "${{ github.ref }}" == refs/tags/* ]]; then
             TAGS="$TAGS -t latest"
           fi
-          
+
           KO_DOCKER_REPO=$BASE_REPO ko build --platform=linux/amd64,linux/arm64 --bare $TAGS ./cmd/thv \
             --image-label=org.opencontainers.image.source=https://github.com/stacklok/toolhive,org.opencontainers.image.title="toolhive",org.opencontainers.image.vendor=Stacklok
 
@@ -66,7 +66,7 @@ jobs:
           TAG=${{ steps.version-string.outputs.tag }}
           # Sign the ko image
           cosign sign -y $BASE_REPO:$TAG
-          
+
           # Sign the latest tag if building from a tag
           if [[ "${{ github.ref }}" == refs/tags/* ]]; then
             cosign sign -y $BASE_REPO:latest
@@ -204,12 +204,12 @@ jobs:
         run: |
           TAG=${{ steps.version-string.outputs.tag }}
           TAGS="-t $TAG"
-          
+
           # Add latest tag only if building from a tag
           if [[ "${{ github.ref }}" == refs/tags/* ]]; then
             TAGS="$TAGS -t latest"
           fi
-          
+
           KO_DOCKER_REPO=$BASE_REPO ko build --platform=linux/amd64,linux/arm64 --bare $TAGS ./cmd/thv-operator \
             --image-label=org.opencontainers.image.source=https://github.com/stacklok/toolhive,org.opencontainers.image.title="toolhive-operator",org.opencontainers.image.vendor=Stacklok
 
@@ -236,7 +236,7 @@ jobs:
           # Sign the ko image
           cosign sign -y $BASE_REPO:$TAG
           cosign sign -y $BASE_REPO:$UBI_TAG
-          
+
           # Sign the latest tag if building from a tag
           if [[ "${{ github.ref }}" == refs/tags/* ]]; then
             cosign sign -y $BASE_REPO:latest
@@ -303,12 +303,10 @@ jobs:
         run: |
           TAG=${{ steps.version-string.outputs.tag }}
           TAGS="-t $TAG"
-          
           # Add latest tag only if building from a tag
           if [[ "${{ github.ref }}" == refs/tags/* ]]; then
             TAGS="$TAGS -t latest"
           fi
-          
           KO_DOCKER_REPO=$BASE_REPO ko build --platform=linux/amd64,linux/arm64 --bare $TAGS ./cmd/thv-proxyrunner \
             --image-label=org.opencontainers.image.source=https://github.com/stacklok/toolhive,org.opencontainers.image.title="toolhive-proxyrunner",org.opencontainers.image.vendor=Stacklok
 
@@ -335,7 +333,87 @@ jobs:
           # Sign the ko image
           cosign sign -y $BASE_REPO:$TAG
           cosign sign -y $BASE_REPO:$UBI_TAG
-          
+
+          # Sign the latest tag if building from a tag
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            cosign sign -y $BASE_REPO:latest
+          fi
+
+  vmcp-image-build-and-publish:
+    name: Build and Publish Virtual MCP Server Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+
+    env:
+      BASE_REPO: "ghcr.io/stacklok/toolhive/vmcp"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+
+      - name: Set up Go
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6
+        with:
+          go-version-file: go.mod
+
+      - name: Compute version number
+        id: version-string
+        run: |
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            # For main branch, use semver with -dev suffix
+            echo "tag=0.0.1-dev.$GITHUB_RUN_NUMBER+$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+          elif [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            # For tags, use the tag as is (assuming it's semver)
+            TAG="${{ github.ref_name }}"
+            echo "tag=$TAG" >> "$GITHUB_OUTPUT"
+          else
+            # For other branches, use branch name and run number
+            BRANCH="${{ github.ref_name }}"
+            echo "tag=0.0.1-$BRANCH.$GITHUB_RUN_NUMBER+$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup ko
+        uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
+
+      - name: Build and Push Image to GHCR
+        env:
+          VERSION: ${{ steps.version-string.outputs.tag }}
+          COMMIT: ${{ github.sha }}
+          BUILD_DATE: ${{ github.event.head_commit.timestamp }}
+          KO_CONFIG_PATH: ${{ github.workspace }}/.github/ko-ci.yml
+        run: |
+          TAG=$(echo "${{ steps.version-string.outputs.tag }}" | sed 's/+/_/g')
+          TAGS="-t $TAG"
+
+          # Add latest tag only if building from a tag
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            TAGS="$TAGS -t latest"
+          fi
+
+          KO_DOCKER_REPO=$BASE_REPO ko build --platform=linux/amd64,linux/arm64 --bare $TAGS ./cmd/vmcp \
+            --image-label=org.opencontainers.image.source=https://github.com/stacklok/toolhive,org.opencontainers.image.title="toolhive-vmcp",org.opencontainers.image.vendor=Stacklok
+
+      - name: Sign Image with Cosign
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: |
+          TAG=$(echo "${{ steps.version-string.outputs.tag }}" | sed 's/+/_/g')
+          # Sign the ko image
+          cosign sign -y $BASE_REPO:$TAG
+
           # Sign the latest tag if building from a tag
           if [[ "${{ github.ref }}" == refs/tags/* ]]; then
             cosign sign -y $BASE_REPO:latest
 
@@ -171,6 +171,37 @@ tasks:
     cmds:
       - go install -ldflags "-s -w -X github.com/stacklok/toolhive/pkg/versions.Version={{.VERSION}} -X github.com/stacklok/toolhive/pkg/versions.Commit={{.COMMIT}} -X github.com/stacklok/toolhive/pkg/versions.BuildDate={{.BUILD_DATE}}" -v ./cmd/thv
 
+  build-vmcp:
+    desc: Build the vmcp binary
+    deps: [gen]
+    vars:
+      VERSION:
+        sh: git describe --tags --always --dirty --match "v*" || echo "dev"
+      COMMIT:
+        sh: git rev-parse --short HEAD || echo "unknown"
+      BUILD_DATE: '{{dateInZone "2006-01-02T15:04:05Z" (now) "UTC"}}'
+    cmds:
+      - cmd: mkdir -p bin
+        platforms: [linux, darwin]
+      - cmd: go build -ldflags "-s -w -X github.com/stacklok/toolhive/pkg/versions.Version={{.VERSION}} -X github.com/stacklok/toolhive/pkg/versions.Commit={{.COMMIT}} -X github.com/stacklok/toolhive/pkg/versions.BuildDate={{.BUILD_DATE}}" -o bin/vmcp ./cmd/vmcp
+        platforms: [linux, darwin]
+      - cmd: cmd.exe /c mkdir bin
+        platforms: [windows]
+        ignore_error: true
+      - cmd: go build -ldflags "-s -w -X github.com/stacklok/toolhive/pkg/versions.Version={{.VERSION}} -X github.com/stacklok/toolhive/pkg/versions.Commit={{.COMMIT}} -X github.com/stacklok/toolhive/pkg/versions.BuildDate={{.BUILD_DATE}}" -o bin/vmcp.exe ./cmd/vmcp
+        platforms: [windows]
+
+  install-vmcp:
+    desc: Install the vmcp binary to GOPATH/bin
+    vars:
+      VERSION:
+        sh: git describe --tags --always --dirty --match "v*" || echo "dev"
+      COMMIT:
+        sh: git rev-parse --short HEAD || echo "unknown"
+      BUILD_DATE: '{{dateInZone "2006-01-02T15:04:05Z" (now) "UTC"}}'
+    cmds:
+      - go install -ldflags "-s -w -X github.com/stacklok/toolhive/pkg/versions.Version={{.VERSION}} -X github.com/stacklok/toolhive/pkg/versions.Commit={{.COMMIT}} -X github.com/stacklok/toolhive/pkg/versions.BuildDate={{.BUILD_DATE}}" -v ./cmd/vmcp
+
   all:
     desc: Run linting, tests, and build
     deps: [lint, test, build]
@@ -186,12 +217,18 @@ tasks:
     cmds:
       - ko build --local --bare ./cmd/thv
 
+  build-vmcp-image:
+    desc: Build the vmcp image with ko
+    env:
+      KO_DOCKER_REPO: ghcr.io/stacklok/toolhive/vmcp
+    cmds:
+      - ko build --local --bare ./cmd/vmcp
 
   build-egress-proxy:
     desc: Build the egress proxy container image
     cmds:
       - docker build --load -t ghcr.io/stacklok/toolhive/egress-proxy:local containers/egress-proxy/
 
   build-all-images:
-    desc: Build all container images (main app and egress proxy)
-    deps: [build-image, build-egress-proxy]
+    desc: Build all container images (main app, vmcp, and egress proxy)
+    deps: [build-image, build-vmcp-image, build-egress-proxy]