chore: add Docker deployment support

- Add Dockerfile with multi-architecture support (amd64, arm64)
- Add .dockerignore to optimize build context
- Add GitHub workflow for automated Docker image builds
- Add Makefile targets for Docker operations (build-linux, docker-build, docker-test, docker-run)
- Update README.md with Docker usage instructions
- Update AGENTS.md with Docker deployment documentation

Docker images are published to ghcr.io/techprimate/github-actions-utils-cli
with automatic tagging for main branch (latest) and semantic versions.

Author: philprime

.dockerignore

@@ -0,0 +1,45 @@
+# Git
+.git
+.gitignore
+.gitattributes
+
+# CI/CD
+.github
+
+# Documentation
+*.md
+docs/
+
+# Development
+.cursor/
+.vscode/
+.idea/
+
+# Build artifacts (we copy specific binaries)
+dist/*
+!dist/github-actions-utils-cli-linux-*
+
+# Go
+go.sum
+*.test
+*.out
+coverage.txt
+
+# Dependencies
+vendor/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Misc
+LICENSE
+renovate.json
+dprint.json
+Brewfile
+Makefile
+
+# Keep only what's needed for the build
+!dist/github-actions-utils-cli-linux-amd64
+!dist/github-actions-utils-cli-linux-arm64
+

.github/workflows/docker.yml

@@ -0,0 +1,130 @@
+name: Docker
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+  pull_request:
+    paths:
+      - "Dockerfile"
+      - ".dockerignore"
+      - ".github/workflows/docker.yml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  # Build binaries first (needed for Docker image)
+  build-binaries:
+    name: Build Linux Binaries
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        include:
+          - platform: linux-amd64
+            goos: linux
+            goarch: amd64
+          - platform: linux-arm64
+            goos: linux
+            goarch: arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+          cache: true
+          check-latest: false
+
+      - name: Build CLI
+        run: |
+          BINARY="github-actions-utils-cli-${{ matrix.platform }}"
+
+          # Build static binary (no CGO, static linking)
+          CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build \
+            -ldflags "-s -w -extldflags '-static'" \
+            -a -installsuffix cgo \
+            -o "dist/${BINARY}" \
+            ./cmd/cli
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v5
+        with:
+          name: cli-${{ matrix.platform }}
+          path: dist/github-actions-utils-cli-*
+          retention-days: 1
+
+  # Build and push Docker images
+  docker:
+    name: Build and Push Docker Image
+    needs: build-binaries
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+
+      - name: Download Linux binaries
+        uses: actions/download-artifact@v6
+        with:
+          path: dist
+          pattern: cli-linux-*
+          merge-multiple: true
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # Tag as 'latest' on main branch
+            type=raw,value=latest,enable={{is_default_branch}}
+            # Tag with version on tags (e.g., v1.0.0 -> 1.0.0)
+            type=semver,pattern={{version}}
+            # Tag with major.minor on tags (e.g., v1.0.0 -> 1.0)
+            type=semver,pattern={{major}}.{{minor}}
+            # Tag with major on tags (e.g., v1.0.0 -> 1)
+            type=semver,pattern={{major}}
+            # Tag with short commit SHA
+            type=sha,prefix={{branch}}-
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

AGENTS.md

@@ -249,13 +249,90 @@ All workflows use GitHub Actions:
 - **format.yml** - Checks code formatting with `make format`
 - **release.yml** - Creates GitHub releases with signed binaries (triggered by tags or main branch)
 - **build-binaries.yml** - Reusable workflow that builds for all platforms and signs macOS binaries
+- **docker.yml** - Builds and publishes Docker images to GitHub Container Registry
 
 **Platforms built:**
 
 - Linux: amd64, arm64
 - macOS: amd64 (Intel), arm64 (Apple Silicon) - **code signed and notarized**
 - Windows: amd64
 
+## Docker Deployment
+
+The project provides Docker images for easy deployment and containerized usage.
+
+**Docker commands:**
+
+```bash
+# Build Linux binaries for Docker
+make build-linux
+
+# Build Docker image locally
+make docker-build
+
+# Test Docker image
+make docker-test
+
+# Run Docker container
+make docker-run
+```
+
+**Image details:**
+
+- **Registry**: `ghcr.io/techprimate/github-actions-utils-cli`
+- **Base image**: `buildpack-deps:bookworm`
+- **Platforms**: linux/amd64, linux/arm64
+
+**Using the Docker image:**
+
+```bash
+# Pull latest image
+docker pull ghcr.io/techprimate/github-actions-utils-cli:latest
+
+# Run MCP server
+echo '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | \
+  docker run -i --rm ghcr.io/techprimate/github-actions-utils-cli:latest mcp
+
+# Use with MCP clients (Claude, Cursor, etc.)
+# Configure in MCP client settings:
+{
+  "mcpServers": {
+    "github-actions-utils": {
+      "command": "docker",
+      "args": [
+        "run",
+        "-i",
+        "--rm",
+        "ghcr.io/techprimate/github-actions-utils-cli:latest",
+        "mcp"
+      ]
+    }
+  }
+}
+```
+
+**Publishing images:**
+
+Docker images are automatically built and published by the `docker.yml` workflow:
+
+- On **main branch push**: Tagged as `latest`
+- On **version tags** (v1.0.0): Tagged as `1.0.0`, `1.0`, and `1`
+- On **pull requests**: Built but not pushed (validation only)
+
+**Manual Docker build:**
+
+```bash
+# Build for specific platform
+docker build --platform linux/amd64 -t github-actions-utils-cli:latest .
+
+# Build multi-platform (requires buildx)
+docker buildx build \
+  --platform linux/amd64,linux/arm64 \
+  -t github-actions-utils-cli:latest \
+  --load \
+  .
+```
+
 ## Sentry Integration
 
 This project uses Sentry for error tracking and monitoring.

Dockerfile

@@ -0,0 +1,34 @@
+# syntax=docker/dockerfile:1
+
+# ====================================================== PRODUCT =======================================================
+
+FROM buildpack-deps:bookworm
+
+# Metadata
+LABEL maintainer="techprimate GmbH <[email protected]>"
+LABEL description="Container for github-actions-utils-cli"
+
+# ARG for platform detection
+ARG TARGETARCH
+
+# Copy the appropriate binary based on target architecture
+COPY dist/github-actions-utils-cli-linux-${TARGETARCH} /tmp/github-actions-utils-cli
+
+# Install binary to PATH
+RUN install \
+    -o root \
+    -g root \
+    -m 0755 \
+    /tmp/github-actions-utils-cli /usr/local/bin/github-actions-utils-cli && \
+    rm -f /tmp/github-actions-utils-cli
+
+# Smoke test
+RUN set -x && \
+    github-actions-utils-cli --version
+
+# Set environment variables
+ENV TZ=UTC
+
+# Entrypoint
+ENTRYPOINT ["/usr/local/bin/github-actions-utils-cli"]
+

Makefile

@@ -68,6 +68,57 @@ build:
 	mkdir -p dist
 	go build -o dist/github-actions-utils-cli ./cmd/cli
 
+## Build Linux binaries for Docker image
+#
+# Builds static Linux binaries for both amd64 and arm64 architectures.
+# These binaries are used in the Docker multi-platform build.
+.PHONY: build-linux
+build-linux:
+	mkdir -p dist
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+		-ldflags "-s -w -extldflags '-static'" \
+		-a -installsuffix cgo \
+		-o dist/github-actions-utils-cli-linux-amd64 \
+		./cmd/cli
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build \
+		-ldflags "-s -w -extldflags '-static'" \
+		-a -installsuffix cgo \
+		-o dist/github-actions-utils-cli-linux-arm64 \
+		./cmd/cli
+
+# ============================================================================
+# DOCKER
+# ============================================================================
+
+## Build Docker image locally
+#
+# Builds a multi-platform Docker image for local testing.
+# Requires Linux binaries to be built first (make build-linux).
+# Image is tagged as github-actions-utils-cli:latest
+.PHONY: docker-build
+docker-build: build-linux
+	docker buildx build \
+		--platform linux/amd64,linux/arm64 \
+		-t github-actions-utils-cli:latest \
+		--load \
+		.
+
+## Run Docker container interactively
+#
+# Runs the Docker image with an interactive shell.
+# Useful for testing the CLI within the container environment.
+.PHONY: docker-run
+docker-run:
+	docker run --rm -it github-actions-utils-cli:latest --help
+
+## Test Docker image
+#
+# Builds and tests the Docker image by running version check.
+# Verifies that the image works correctly.
+.PHONY: docker-test
+docker-test: docker-build
+	docker run --rm github-actions-utils-cli:latest --version
+
 # ============================================================================
 # DEVELOPMENT & RUNNING
 # ============================================================================