Skip to content

Build full package in Dockerfile to include all commands #1844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JoannaaKL merged 2 commits into from
Jan 20, 2026
Merged

Build full package in Dockerfile to include all commands #1844

JoannaaKL merged 2 commits into from
Jan 20, 2026
+3 −7

Conversation

@SamMorrowDrums
Copy link
Collaborator

@SamMorrowDrums SamMorrowDrums commented Jan 19, 2026

What

Update Dockerfile to build the full ./cmd/github-mcp-server package instead of just main.go.

Why

The current Dockerfile only builds main.go:

go build ... -o /bin/github-mcp-server cmd/github-mcp-server/main.go

This excludes other command files like list_scopes.go, generate_docs.go, etc. As a result, the Docker image is missing commands like list-scopes which is useful for determining required OAuth scopes.

Change

- -o /bin/github-mcp-server cmd/github-mcp-server/main.go
+ -o /bin/github-mcp-server ./cmd/github-mcp-server

Testing

# Before: missing list-scopes command
docker run --rm ghcr.io/github/github-mcp-server:test list-scopes --help
# Error: unknown command "list-scopes" for "server"

# After: works
docker run --rm ghcr.io/github/github-mcp-server:test list-scopes --toolsets=repos,issues --output=summary
# Required OAuth scopes for enabled tools:
#   read:org
#   repo
# Total: 2 unique scope(s)

@SamMorrowDrums
Pin go-licenses to v2.0.1 for reproducible builds
6f96e48 
Fixes code scanning alerts #10 and #11 by removing the @latest
version for local development and using the pinned v2.0.1 version
consistently across all environments.

This ensures deterministic builds and addresses the CWE-494
'Download of Code Without Integrity Check' security concern.
@SamMorrowDrums
Build full package in Dockerfile to include all commands
1195cf5
@SamMorrowDrums SamMorrowDrums requested a review from a team as a code owner January 19, 2026 21:43
Copilot AI review requested due to automatic review settings January 19, 2026 21:43
@SamMorrowDrums
Copy link
Collaborator Author

SamMorrowDrums commented Jan 19, 2026

cc @JoannaaKL - this enables the list-scopes command in the Docker image, which you mentioned wanting for another tool as well.

Copilot AI reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes the Dockerfile build command to include all Go files in the cmd/github-mcp-server package, not just main.go. This ensures commands like list-scopes and generate-docs are available in the Docker image. Additionally, the PR simplifies the script/licenses script to use a consistent version across CI and local environments.

Changes:

  • Updated Dockerfile to build the full package path (./cmd/github-mcp-server) instead of just the main.go file
  • Simplified script/licenses to use go-licenses v2 module path with pinned version for both CI and local development

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
Dockerfile Changed build target from cmd/github-mcp-server/main.go to ./cmd/github-mcp-server to include all command files (list_scopes.go, generate_docs.go, etc.)
script/licenses Simplified go-licenses installation to use v2 module path with consistent versioning across CI and local environments

@JoannaaKL JoannaaKL merged commit fc079ee into main Jan 20, 2026
22 checks passed
@JoannaaKL JoannaaKL deleted the dockerfile-build-full-package branch January 20, 2026 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JoannaaKL JoannaaKL JoannaaKL approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SamMorrowDrums @JoannaaKL