txn2/kubefwd

What's New

MCP Registry Publish Fix (#470)

Fixes the Publish to MCP Registry step in the release workflow that had been failing on every release since v1.25.1. server.json used the snake_case key file_sha256, but the MCP registry schema requires camelCase fileSha256. The workflow now also validates server.json against the official MCP schema (plus an explicit MCPB contract check for fileSha256) before publishing, preventing the class of bug that caused the v1.25.13 homebrew formula SHA drift.

Dependency Updates

Kubernetes

• k8s.io/cli-runtime 0.35.2 → 0.35.3
• k8s.io/kubectl 0.35.2 → 0.35.3

Go Modules

• github.com/moby/spdystream 0.5.0 → 0.5.1 (header-size/count limits, 24-bit frame length enforcement)
• github.com/modelcontextprotocol/go-sdk 1.4.1 → 1.5.0
• golang.org/x/sys 0.42.0 → 0.43.0

CI

• actions/setup-go 6.3.0 → 6.4.0
• actions/upload-artifact 7.0.0 → 7.0.1
• actions/upload-pages-artifact 4.0.0 → 5.0.0
• actions/deploy-pages 4.0.5 → 5.0.0
• docker/login-action 4.0.0 → 4.1.0
• github/codeql-action 4.34.1 → 4.35.1
• sigstore/cosign-installer 4.1.0 → 4.1.1

Docker

• Ubuntu base image digest bump (186072b → 84e77de)

Changelog

• 5eab2dc ci: fix MCP Registry publish step (fileSha256 field name) (#470)
• 8cfcbd9 deps: bump github.com/moby/spdystream from 0.5.0 to 0.5.1 (#460)
• af76b37 ci: bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 (#459)
• 337d352 ci: bump actions/upload-artifact from 7.0.0 to 7.0.1 (#458)
• eaffc2a deps: bump golang.org/x/sys from 0.42.0 to 0.43.0 (#457)
• 0ab9d85 docker: bump ubuntu from 186072b to 84e77de (#456)
• bd6e739 ci: bump docker/login-action from 4.0.0 to 4.1.0 (#455)
• a2469b1 deps: bump github.com/modelcontextprotocol/go-sdk from 1.4.1 to 1.5.0 (#454)
• 1f8cd06 ci: bump CI dependencies (combined) (#453)
• ac6b038 deps: bump k8s.io/cli-runtime and k8s.io/kubectl from 0.35.2 to 0.35.3 (#447)