From 8ca7477753abacaea056c3ee56ae5dbc2210614e Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sun, 25 Jan 2026 08:04:55 +0000
Subject: [PATCH 1/2] ci: add Docker build and push workflow with Nix

- Add Docker image build to flake.nix using dockerTools.buildLayeredImage
- Create GitHub Actions workflow that builds with Nix and pushes with skopeo
- Push commit SHA tag on PRs and main branch
- Push latest tag only on main/master branch
---
 .github/workflows/docker-build-push.yml | 50 +++++++++++++++++++++++++
 flake.nix                               | 24 +++++++++++-
 2 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/docker-build-push.yml

diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
new file mode 100644
index 0000000..6aa9ec9
--- /dev/null
+++ b/.github/workflows/docker-build-push.yml
@@ -0,0 +1,50 @@
+name: Docker Build and Push
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+
+jobs:
+  docker:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v30
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+            accept-flake-config = true
+
+      - name: Build Docker Image
+        run: |
+          nix build .#docker --print-build-logs
+          ls -la result
+
+      - name: Push Docker Image with Commit SHA
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        run: |
+          nix-shell -p skopeo --run "skopeo copy \
+            docker-archive:./result \
+            docker://wholelottahoople/mcp-exec:${{ github.sha }} \
+            --dest-creds \"\$DOCKER_USERNAME:\$DOCKER_PASSWORD\""
+
+      - name: Push Docker Image with Latest Tag
+        if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        run: |
+          nix-shell -p skopeo --run "skopeo copy \
+            docker-archive:./result \
+            docker://wholelottahoople/mcp-exec:latest \
+            --dest-creds \"\$DOCKER_USERNAME:\$DOCKER_PASSWORD\""
diff --git a/flake.nix b/flake.nix
index c25f980..e9f0d6d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,8 +12,30 @@
     (flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system:
       let
         pkgs = import nixpkgs { inherit system; };
+        mcp-exec = pkgs.callPackage ./nix/package.nix { };
       in {
-        packages.default = pkgs.callPackage ./nix/package.nix { };
+        packages.default = mcp-exec;
+
+        packages.docker = pkgs.dockerTools.buildLayeredImage {
+          name = "wholelottahoople/mcp-exec";
+          tag = "latest";
+          contents = [
+            mcp-exec
+            pkgs.bashInteractive
+            pkgs.coreutils
+            pkgs.inetutils
+          ];
+          config = {
+            Cmd = [ "${mcp-exec}/bin/mcp-exec" ];
+            ExposedPorts = {
+              "8080/tcp" = {};
+            };
+            Env = [
+              "PATH=/bin:${mcp-exec}/bin:${pkgs.bashInteractive}/bin:${pkgs.coreutils}/bin:${pkgs.inetutils}/bin"
+            ];
+          };
+        };
+
         devShells.default = import ./shell.nix { inherit pkgs; };
 
         checks = {

From c60bc5663958504037309fea3f2788136ed9b39b Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sun, 25 Jan 2026 08:16:53 +0000
Subject: [PATCH 2/2] fix: correct Docker Hub username to wholelottahoopla

---
 .github/workflows/docker-build-push.yml | 4 ++--
 flake.nix                               | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
index 6aa9ec9..d3c3761 100644
--- a/.github/workflows/docker-build-push.yml
+++ b/.github/workflows/docker-build-push.yml
@@ -35,7 +35,7 @@ jobs:
         run: |
           nix-shell -p skopeo --run "skopeo copy \
             docker-archive:./result \
-            docker://wholelottahoople/mcp-exec:${{ github.sha }} \
+            docker://wholelottahoopla/mcp-exec:${{ github.sha }} \
             --dest-creds \"\$DOCKER_USERNAME:\$DOCKER_PASSWORD\""
 
       - name: Push Docker Image with Latest Tag
@@ -46,5 +46,5 @@ jobs:
         run: |
           nix-shell -p skopeo --run "skopeo copy \
             docker-archive:./result \
-            docker://wholelottahoople/mcp-exec:latest \
+            docker://wholelottahoopla/mcp-exec:latest \
             --dest-creds \"\$DOCKER_USERNAME:\$DOCKER_PASSWORD\""
diff --git a/flake.nix b/flake.nix
index e9f0d6d..93d8178 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,7 +17,7 @@
         packages.default = mcp-exec;
 
         packages.docker = pkgs.dockerTools.buildLayeredImage {
-          name = "wholelottahoople/mcp-exec";
+          name = "wholelottahoopla/mcp-exec";
           tag = "latest";
           contents = [
             mcp-exec