refactor: reimplement in Go (#28)

Author: tembleking

.dockerignore

@@ -1,16 +1,11 @@
-
 examples/
-.venv/
 .github/
 .idea/
 .vscode/
 .env
 .gitignore
 CONTRIBUTING.md
-flake8.ini
-flake.nix
 LICENSE.*
 README.md
-__pycache__/*
 lib/
-.python-version
+.secrets

.envrc

@@ -2,3 +2,5 @@ has nix && use flake
 watch_file *.nix
 dotenv_if_exists .env # You can create a .env file with your env vars for this project. You can also use .secrets if you are using act. See the line below.
 dotenv_if_exists .secrets # Used by [act](https://nektosact.com/) to load secrets into the pipelines
+strict_env
+env_vars_required SYSDIG_MCP_API_HOST SYSDIG_MCP_API_SECURE_TOKEN

.gemini/settings.json

@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "sysdig": {
+      "command": "go",
+      "args": ["run", "./cmd/server"]
+    }
+  }
+}

.github/workflows/publish.yaml

@@ -6,7 +6,7 @@ on:
     branches:
       - main
     paths:
-      - pyproject.toml
+      - package.nix
 
 concurrency:
   group: 'publish-${{ github.workflow }}'
@@ -24,10 +24,10 @@ jobs:
           fetch-tags: true
           fetch-depth: 0
 
-      - name: Extract version from pyproject.toml
+      - name: Extract version from package.nix
         id: extract
         run: |
-          VERSION=$(grep -m1 '^version\s*=' pyproject.toml | sed -E 's/version\s*=\s*"([^"]+)".*/\1/')
+          VERSION=$(grep -m1 'version\s*=' package.nix | sed -E 's/.*version\s*=\s*"([^"]+)";.*/\1/')
           echo "Extracted version: v$VERSION"
           echo "version=v$VERSION" >> $GITHUB_OUTPUT
 
@@ -59,7 +59,6 @@ jobs:
     permissions:
       contents: read # required for actions/checkout
       packages: write # required for pushing to ghcr.io
-      id-token: write # required for signing with cosign
     steps:
       - name: Check out the repo
         uses: actions/checkout@v5

.github/workflows/test.yaml

@@ -1,15 +1,10 @@
----
 name: Test
 
 on:
   pull_request:
-    paths:
-      - pyproject.toml
-      - Dockerfile
-      - "*.py"
-      - tests/**
-      - tools/**
-      - utils/**
+    branches:
+      - main
+      - master
   workflow_call:
   workflow_dispatch:
 
@@ -24,23 +19,30 @@ jobs:
     defaults:
       run:
         shell: nix develop --command bash {0}
-    permissions:
-      contents: read # required for actions/checkout
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
 
       - name: Install nix
         uses: DeterminateSystems/nix-installer-action@main
 
-      - name: Download dependencies
-        run: make init
-
-      - name: Run ruff
-        run: make lint
-
-      - name: Run Unit Tests
-        run: make test
+      - name: Run Checks
+        run: just check
         env:
           SYSDIG_MCP_API_HOST: ${{ vars.SYSDIG_MCP_API_HOST }}
           SYSDIG_MCP_API_SECURE_TOKEN: ${{ secrets.SYSDIG_MCP_API_SECURE_TOKEN }}
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: nix develop --command bash {0}
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Build
+        run: go build ./...

.github/workflows/test_image.yaml

@@ -3,14 +3,9 @@ name: Test Image Build
 
 on:
   pull_request:
-    paths:
-      - pyproject.toml
-      - Dockerfile
-      - "*.py"
-      - tests/**
-      - tools/**
-      - utils/**
-      - .github/workflows/**
+    branches:
+      - main
+      - master
   workflow_call:
   workflow_dispatch:
 
@@ -32,23 +27,20 @@ jobs:
           ref: ${{ github.sha }} # required for better experience using pre-releases
           fetch-depth: "0" # Required due to the way Git works, without it this action won't be able to find any or the correct tags
 
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Build Docker image and test push action
         id: build-to-test
         uses: docker/build-push-action@v6
         with:
           context: .
           load: true
-          push: true
+          push: false
           tags: |
             ghcr.io/sysdiglabs/sysdig-mcp-server:test
 
+      - name: Test we can execute the docker image
+        run: |
+          docker run --rm ghcr.io/sysdiglabs/sysdig-mcp-server:test --help | grep "Sysdig MCP Server"
+
       - name: Scan Docker image
         uses: sysdiglabs/scan-action@v6
         with:

.gitignore

@@ -1,77 +1,123 @@
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
+# Created by https://www.toptal.com/developers/gitignore/api/go,jetbrains+all,direnv
+# Edit at https://www.toptal.com/developers/gitignore?templates=go,jetbrains+all,direnv
 
-# C extensions
+### direnv ###
+.direnv
+.secrets
+.env
+
+### Go ###
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
 *.so
+*.dylib
 
-# Distribution / packaging
-.Python
-env/
-build/
-!build/sysdig_client-1.0.0.tar.gz
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-*.egg-info/
-.installed.cfg
-*.egg
-.env
+# Test binary, built with `go test -c`
+*.test
 
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-pytest.xml
-*,cover
-.hypothesis/
-venv/
-.venv/
-.python-version
-.pytest_cache
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-target/
-
-#Ipython Notebook
-.ipynb_checkpoints
-
-# VSCode
-.vscode/
-
-# Nix development
-.direnv/
-.secrets
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+
+### JetBrains+all ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### JetBrains+all Patch ###
+# Ignore everything but code style settings and run configurations
+# that are supposed to be shared within teams.
+
+.idea/*
+
+!.idea/codeStyles
+!.idea/runConfigurations
+
+### Nix ###
 result
+
+# End of https://www.toptal.com/developers/gitignore/api/go,jetbrains+all,direnv