feat: Add Docker infrastructure with Caddy and startup scripts (#25, #26)

Issue #25 - Docker multi-service infrastructure:
- Create docker/Dockerfile with multi-stage build, git support, port 8080
- Create docker/docker-compose.yml with app + Caddy services
- Create docker/Caddyfile for HTTPS termination and reverse proxy
- Create docker/.env.example with configuration template

Issue #26 - Startup scripts and tests:
- Create scripts/start.sh for production startup with env validation
- Create scripts/healthcheck.sh for Docker health checks
- Add health endpoint tests to test_mcp_endpoints.py
- Fix middleware order (HealthCheckBypass must wrap BearerAuth)
- Fix pyproject.toml testpaths to use 'tests' directory
- Update test_config.py for new defaults (0.0.0.0:8080)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

docker/.env.example

@@ -0,0 +1,38 @@
+# Gitea MCP Remote - Docker Environment Configuration
+#
+# Copy this file to .env and fill in your values:
+#   cp .env.example .env
+
+# =============================================================================
+# Required Configuration
+# =============================================================================
+
+# Gitea instance URL (e.g., https://gitea.example.com)
+GITEA_URL=https://gitea.example.com
+
+# Gitea API token for authentication
+# Generate at: Settings -> Applications -> Generate New Token
+GITEA_TOKEN=your_gitea_api_token_here
+
+# Default repository owner/organization
+GITEA_OWNER=your_username_or_org
+
+# =============================================================================
+# Optional Configuration
+# =============================================================================
+
+# Default repository name (optional - can be specified per-request)
+GITEA_REPO=
+
+# Bearer token for MCP endpoint authentication (optional)
+# If set, clients must include "Authorization: Bearer <token>" header
+AUTH_TOKEN=
+
+# MCP authentication mode: 'required', 'optional', or 'none'
+MCP_AUTH_MODE=optional
+
+# Tool filtering (optional, comma-separated)
+# ENABLED_TOOLS=list_issues,create_issue,list_labels
+# DISABLED_TOOLS=delete_issue,delete_label
+ENABLED_TOOLS=
+DISABLED_TOOLS=

docker/Caddyfile

@@ -0,0 +1,46 @@
+# Caddy reverse proxy configuration for Gitea MCP Remote
+#
+# This configuration provides:
+# - HTTPS termination with automatic certificates
+# - Reverse proxy to the Python MCP server
+# - Health check endpoint passthrough
+# - MCP protocol endpoint routing
+{
+    # Global options
+    email admin@example.com
+
+    # For local development, disable HTTPS redirect
+    # auto_https off
+}
+
+# Default site - adjust domain as needed
+:443, :80 {
+    # Health check endpoint - no authentication
+    handle /health {
+        reverse_proxy app:8080
+    }
+
+    # MCP protocol endpoint
+    handle /mcp {
+        reverse_proxy app:8080 {
+            # Pass through headers for MCP protocol
+            header_up X-Forwarded-Proto {scheme}
+            header_up X-Real-IP {remote_host}
+
+            # Ensure proper content type handling
+            flush_interval -1
+        }
+    }
+
+    # Fallback - proxy all other requests
+    handle {
+        reverse_proxy app:8080
+    }
+
+    # Logging
+    log {
+        output stdout
+        format console
+    }
+}
+}

docker/Dockerfile

@@ -0,0 +1,65 @@
+# Gitea MCP Remote — Dockerfile
+# Multi-stage build for optimized image size
+
+FROM python:3.11-slim as builder
+
+# Set working directory
+WORKDIR /build
+
+# Install build dependencies including git for marketplace dependency
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    gcc \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy requirements first for better caching
+COPY requirements.txt .
+RUN pip install --user --no-cache-dir -r requirements.txt
+
+# Copy source code
+COPY pyproject.toml .
+COPY src/ src/
+
+# Install package (includes marketplace dependency from git)
+RUN pip install --user --no-cache-dir .
+
+# Production stage
+FROM python:3.11-slim
+
+# Install runtime dependencies
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /app
+
+# Copy installed packages from builder
+COPY --from=builder /root/.local /root/.local
+
+# Copy source code
+COPY src/ src/
+COPY pyproject.toml .
+
+# Make sure scripts in .local are usable
+ENV PATH=/root/.local/bin:$PATH
+
+# Set Python environment variables
+ENV PYTHONUNBUFFERED=1
+ENV PYTHONDONTWRITEBYTECODE=1
+
+# Default to port 8080 (Caddy proxies to this)
+ENV HTTP_PORT=8080
+ENV HTTP_HOST=0.0.0.0
+
+# Expose port
+EXPOSE 8080
+
+# Health check using curl
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8080/health || exit 1
+
+# Run the MCP server
+CMD ["gitea-mcp-remote"]

docker/docker-compose.yml

@@ -0,0 +1,66 @@
+services:
+  # Python MCP Server
+  app:
+    build:
+      context: ..
+      dockerfile: docker/Dockerfile
+    image: gitea-mcp-remote:latest
+    container_name: gitea-mcp-remote-app
+    restart: unless-stopped
+    expose:
+      - "8080"
+    environment:
+      # Gitea Configuration (required)
+      - GITEA_URL=${GITEA_URL}
+      - GITEA_TOKEN=${GITEA_TOKEN}
+      - GITEA_OWNER=${GITEA_OWNER}
+      # Optional Gitea config
+      - GITEA_REPO=${GITEA_REPO:-}
+
+      # HTTP Server Configuration
+      - HTTP_HOST=0.0.0.0
+      - HTTP_PORT=8080
+
+      # Authentication (optional - for MCP endpoint)
+      - AUTH_TOKEN=${AUTH_TOKEN:-}
+      - MCP_AUTH_MODE=${MCP_AUTH_MODE:-optional}
+
+      # Tool Filtering (optional)
+      - ENABLED_TOOLS=${ENABLED_TOOLS:-}
+      - DISABLED_TOOLS=${DISABLED_TOOLS:-}
+
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 5s
+
+    networks:
+      - gitea-mcp-network
+
+  # Caddy Reverse Proxy
+  caddy:
+    image: caddy:2-alpine
+    container_name: gitea-mcp-remote-caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      app:
+        condition: service_healthy
+    networks:
+      - gitea-mcp-network
+
+networks:
+  gitea-mcp-network:
+    driver: bridge
+
+volumes:
+  caddy_data:
+  caddy_config: