chore: add MCP publish workflow for manual dispatch

Author: himanshusinghs

.github/workflows/docker.yml

@@ -9,14 +9,19 @@ permissions:
 jobs:
   docker-push:
     uses: ./.github/workflows/docker-publish.yml
+    permissions:
+      contents: read
     secrets:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
 
   handle-failure:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
     needs: docker-push
-    if: ${{ failure() }}
+    if: ${{ always() && needs.docker-push.result == 'failure' }}
     steps:
       - uses: GitHubSecurityLab/actions-permissions/monitor@v1
         with:

.github/workflows/mcp-publish.yml

@@ -0,0 +1,28 @@
+---
+name: Publish to MCP Registry
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  mcp-publish:
+    runs-on: ubuntu-latest
+    environment: Production
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Install MCP Publisher
+        run: |
+          curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
+
+      - name: Login to MCP Registry
+        run: ./mcp-publisher login github-oidc
+
+      - name: Publish to MCP Registry
+        run: ./mcp-publisher publish

.github/workflows/publish.yml

@@ -105,50 +105,38 @@ jobs:
         run: |
           PACKAGE_NAME=$(jq -r '.name' < package.json)
           VERSION="${{ needs.check.outputs.VERSION }}"
+          # Strip the 'v' prefix for npm
+          NPM_VERSION="${VERSION#v}"
           MAX_ATTEMPTS=30
           SLEEP_SECONDS=10
 
-          echo "Waiting for ${PACKAGE_NAME}@${VERSION} to be available on npm..."
+          echo "Waiting for ${PACKAGE_NAME}@${NPM_VERSION} to be available on npm..."
 
           for i in $(seq 1 $MAX_ATTEMPTS); do
-            if npm view "${PACKAGE_NAME}@${VERSION}" version >/dev/null 2>&1; then
-              echo "✓ Package ${PACKAGE_NAME}@${VERSION} is now available on npm"
+            if npm view "${PACKAGE_NAME}@${NPM_VERSION}" version >/dev/null 2>&1; then
+              echo "✓ Package ${PACKAGE_NAME}@${NPM_VERSION} is now available on npm"
               exit 0
             fi
             echo "Attempt $i/$MAX_ATTEMPTS: Package not yet available, waiting ${SLEEP_SECONDS}s..."
             sleep $SLEEP_SECONDS
           done
 
-          echo "::error::Package ${PACKAGE_NAME}@${VERSION} did not become available after $((MAX_ATTEMPTS * SLEEP_SECONDS)) seconds"
+          echo "::error::Package ${PACKAGE_NAME}@${NPM_VERSION} did not become available after $((MAX_ATTEMPTS * SLEEP_SECONDS)) seconds"
           exit 1
 
   docker-push:
     needs: [check, publish]
     uses: ./.github/workflows/docker-publish.yml
-    permissions: {}
+    permissions:
+      contents: read
     secrets:
       DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
       DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
 
   mcp-publish:
-    runs-on: ubuntu-latest
-    environment: Production
-    permissions:
-      id-token: write
     needs: [check, docker-push]
     if: needs.check.outputs.VERSION_EXISTS == 'false'
-    steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
-      - uses: actions/checkout@v5
-        with:
-          persist-credentials: false
-
-      - name: Install MCP Publisher
-        run: |
-          curl -L "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
-
-      - name: Login to MCP Registry
-        run: ./mcp-publisher login github-oidc
-
-      - name: Publish to MCP Registry
-        run: ./mcp-publisher publish
+    uses: ./.github/workflows/mcp-publish.yml
+    permissions:
+      id-token: write
+      contents: read