Adds a multi-stage Containerfile, Quadlet unit, and operator
walkthrough for a production deploy. The broker spawns forgejo-mcp
per session, so the image bundles both binaries — broker built from
this repo, forgejo-mcp pinned via FORGEJO_MCP_VERSION build-arg
(default 2.18.0).
Image stages:
1. golang:alpine compiles the broker with ldflags-stamped buildinfo
2. golang:alpine clones forgejo-mcp at the pinned tag and compiles it
3. distroless static-nonroot copies both binaries; uid 65532
Persistent state via the named volume `fjmcp-state` mounted at /data.
SQLite WAL + SHM sidecars live alongside broker.db on the same volume,
so a container swap or image upgrade preserves all OAuth clients,
issued tokens, and refresh-token history. Verified end-to-end:
podman run --rm -d -v fjmcp-test-state:/data ... fjmcp-broker:test
curl /healthz # store: ok, broker.db created
podman stop fjmcp-test
podman run --rm -d -v fjmcp-test-state:/data ... fjmcp-broker:test
curl /healthz # store: ok, same broker.db
ls volume → broker.db, broker.db-shm, broker.db-wal all present
Quadlet unit (deploy/podman/fjmcp-broker.container) drops into
~/.config/containers/systemd/, reads secrets from a 0600 env file
outside the unit, publishes :8080 on loopback for Caddy to front.
Makefile gains `image` and `image-run` targets. README links to the
new docs/deploy-podman.md walkthrough.
Closes forgejo-mcp-broker-8yd.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Initialize go.mod with module path kode.naiv.no/olemd/forgejo-mcp-broker
- Create directory layout: cmd/broker + internal/{buildinfo,config,log,store,httpserver}
- Add Makefile with build/test/lint/tidy/clean targets and ldflags-injected build info
- Stub cmd/broker/main.go with --version support; real wiring follows in -t37
- Stub doc.go for each internal/* package, pointing to the issue that fills it in
Closes forgejo-mcp-broker-n84.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
