create container (#29)

This commit adds support for building container images from nix and a
corresponding github action on versioned tags.

Author: nicholascioli

.github/workflows/release.yml

@@ -0,0 +1,73 @@
+name: Build Release
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  release:
+    name: Release
+    strategy:
+      matrix:
+        os: ["ubuntu-24.04", "ubuntu-24.04-arm"]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      # Extract needed info for use with the other steps
+      - id: repo-meta
+        name: Extract Metadata
+        shell: bash
+        run: |
+          echo "fqdn=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" >> $GITHUB_OUTPUT
+          echo "name=`basename ${{ github.repository }}`" >> $GITHUB_OUTPUT
+
+      - uses: nixbuild/nix-quick-install-action@v30
+        with:
+          nix_conf: ${{ env.nix_conf }}
+      - name: Restore and save Nix store
+        uses: nix-community/cache-nix-action@v6
+        with:
+          primary-key: build-${{ runner.os }}-${{ hashFiles('Cargo.lock', '**/Cargo.toml', 'flake.nix', 'flake.lock', 'rust-toolchain.toml') }}
+          # We don't want to affect the cache when building the container
+          purge: false
+          save: false
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Container
+        run: nix run .#streamImage | docker image load
+
+      - name: Tag the Container
+        run: |
+          docker image tag "${{ steps.repo-meta.outputs.name }}:latest" "${{ steps.repo-meta.outputs.fqdn }}:latest"
+          docker image tag "${{ steps.repo-meta.outputs.name }}:latest" "${{ steps.repo-meta.outputs.fqdn }}:${{ github.ref_name }}"
+
+      - name: Push the Container
+        run: docker image push --all-tags "${{ steps.repo-meta.outputs.fqdn }}"
+
+      - id: digest-meta
+        name: Extract the digest
+        shell: bash
+        run: echo "digest=`docker manifest inspect ${{ steps.repo-meta.outputs.fqdn }}:latest --verbose | nix run nixpkgs#jq -- -r .Descriptor.digest`" >> $GITHUB_OUTPUT
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ steps.repo-meta.outputs.fqdn }}
+          subject-digest: ${{ steps.digest-meta.outputs.digest }}
+          push-to-registry: true

README.md

@@ -220,6 +220,28 @@ Two new tools will be exposed by the server:
 
 The MCP client can then use these tools to provide schema information to the model, and allow the model to execute GraphQL operations based on that schema.
 
+# Running in a Container
+
+The MCP server is also available as a standalone docker container. The following command
+demonstrates how to use the container. Refer to previous sections for all valid
+server arguments.
+
+By default, the container expects all schema files to be present in the
+`/data` folder within the container, so make sure to mount your files there. The
+example below uses the provided weather example for reference
+
+```sh
+docker run \
+  -it --rm \
+  --name mcp-apollo-server \
+  -p 5000:5000 \
+  -v $PWD/graphql/weather:/data \
+  ghcr.io/apollographql/mcp-apollo:latest \
+  --sse-port 5000 \
+  -s api.graphql \
+  # Other MCP server options...
+```
+
 # Licensing
 
 Source code in this repository is covered by the Elastic License 2.0. The

flake.nix

@@ -80,7 +80,7 @@
         inherit pkgs inputs;
         derivations = [cargoArtifacts toolchain] ++ mcp-server-tools;
       };
-    in {
+    in rec {
       devShells.default = pkgs.mkShell {
         nativeBuildInputs = with pkgs; [pkg-config];
         buildInputs =
@@ -141,5 +141,41 @@
         # CI related packages
         inherit (garbageCollector) saveFromGC;
       };
+
+      # TODO: This does not work on macOS without cross compiling, so maybe
+      # we need to disable flake-utils and manually specify the supported
+      # hosts?
+      apps = let
+        # Nix flakes don't yet expose a nice formatted timestamp in ISO-8601
+        # format, so we need to drop out to date to do so.
+        commitDate = pkgs.lib.readFile "${pkgs.runCommand "git-timestamp" {env.when = self.lastModified;} "echo -n `date -d @$when --iso-8601=seconds` > $out"}";
+        builder = pkgs.dockerTools.streamLayeredImage {
+          name = "mcp-apollo";
+          tag = "latest";
+
+          # Use the latest commit time for reproducible builds
+          created = commitDate;
+          mtime = commitDate;
+
+          contents = [
+            packages.mcp-apollo-server
+          ];
+
+          config = {
+            # Make the entrypoint the server
+            Entrypoint = ["mcp-apollo-server" "-d" "/data"];
+
+            # Drop to local user
+            User = "1000";
+            Group = "1000";
+          };
+        };
+      in {
+        streamImage = {
+          type = "app";
+          program = "${builder}";
+          meta.description = "Builds the mcp-apollo-server container and streams the image to stdout.";
+        };
+      };
     });
 }