Add Sysdig SDK

.dockerignore

@@ -14,4 +14,3 @@ README.md
 __pycache__/*
 lib/
 .python-version
-*.yaml

.github/pull_request_template.md

@@ -0,0 +1,5 @@
+# PR Name
+
+## Changes
+
+Please provide a brief description of the major and minor changes made in this pull request.

.github/workflows/publish.yaml

@@ -0,0 +1,116 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - pyproject.toml
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to publish'
+        required: false
+        default: 'latest'
+        type: string
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to GitHub Packages
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # required for actions/checkout
+      packages: write # required for pushing to ghcr.io
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'poetry'
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          version: "0.7.17"
+
+      - name: Download dependencies
+        run: |
+          uv sync
+
+      - name: Run ruff
+        run: |
+          uvx ruff check --fix --config ruff.toml
+
+      - name: Run Unit Tests
+        run: |
+          uv run pytest --capture=tee-sys --junitxml=pytest.xml
+
+      - name: Run Test Coverage
+        run: |
+          uv run pytest --cov=. --cov-report=xml
+
+      - name: Extract version
+        id: extract_version
+        run: |
+          VERSION=$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')-$(echo $GITHUB_SHA | cut -c1-7)
+          echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/sysdiglabs/sysdig-mcp-server:latest
+            ghcr.io/sysdiglabs/sysdig-mcp-server:v${{ steps.extract_version.outputs.VERSION }}
+
+      - name: "Check test reports exists"
+        if: always()
+        id: check-test-results-exists
+        uses: andstor/file-existence-action@v3
+        with:
+          files: "pytest.xml, coverage.xml"
+
+      - name: Create pack-wise pytest report
+        run: poetry run python .github/github_workflow_scripts/parse_junit_per_pack.py
+        if: |
+          always() && 
+          steps.check-test-results-exists.outputs.files_exists == 'true' && 
+          github.event.pull_request.head.repo.fork == false
+
+      - name: Upload junit & pack-wise pytest report
+        uses: PaloAltoNetworks/[email protected]
+        if: |
+          always() && 
+          steps.check-test-results-exists.outputs.files_exists == 'true' && 
+          github.event.pull_request.head.repo.fork == false
+        with:
+          name: pytest
+          path: |
+            coverage.xml
+          if-no-files-found: error
+
+      - name: Pytest coverage comment
+        if: |
+          always() && 
+          steps.check-test-results-exists.outputs.files_exists == 'true' && 
+          steps.check-test-results-exists.outputs.files_exists == 'true' && 
+          ! github.event.pull_request.head.repo.fork
+        uses: MishaKav/[email protected]
+        continue-on-error: true  # may fail on output > 65k chars
+        with:
+          pytest-xml-coverage-path: coverage.xml
+          junitxml-path: coverage.xml

.gitignore

@@ -44,6 +44,7 @@ htmlcov/
 .cache
 nosetests.xml
 coverage.xml
+pytest.xml
 *,cover
 .hypothesis/
 venv/

.pre-commit-config.yaml

@@ -0,0 +1,15 @@
+repos:
+  - repo: local
+    hooks:
+      - id: ruff-format
+        name: Ruff Format
+        description: Format code with ruff.
+        entry: bash -c 'uvx ruff format --config ruff.toml'
+        language: system
+        stages: ["commit", "push"]
+      - id: ruff-check
+        name: Ruff Check
+        description: Check code style with ruff.
+        entry: bash -c 'uvx ruff check --config ruff.toml'
+        language: system
+        stages: ["commit", "push"]

CODEOWNERS

@@ -0,0 +1,5 @@
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @S3B4SZ17 @alecron and @sysdiglabs/sysdig-training will be requested for
+# review when someone opens a pull request.
+*       @S3B4SZ17 @alecron @sysdiglabs/sysdig-training

Dockerfile

@@ -8,24 +8,29 @@ ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy
 
 WORKDIR /app
 COPY . /app
+RUN apt update && apt install -y git
 RUN --mount=type=cache,target=/root/.cache/uv \
---mount=type=bind,source=uv.lock,target=uv.lock \
---mount=type=bind,source=pyproject.toml,target=pyproject.toml \
-uv sync --locked --no-install-project --no-editable
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --locked --no-install-project --no-editable --no-dev
 RUN --mount=type=cache,target=/root/.cache/uv \
-    uv sync --locked --no-editable
+    uv sync --locked --no-editable --no-dev
 
-# Dinal image without uv
+RUN uv build
+RUN mv ./dist/sysdig_mcp_server-*-py3-none-any.whl /tmp/sysdig_mcp_server-1.0.0-py3-none-any.whl
+
+# Final image without uv
 FROM python:3.12-slim
 # It is important to use the image that matches the builder, as the path to the
 # Python executable must be the same
 
-# Copy the application from the builder
-COPY --from=builder --chown=app:app /app /app
-
 WORKDIR /app
 
-# Place executables in the environment at the front of the path
-ENV PATH="/app/.venv/bin:$PATH"
+RUN apt update && apt install -y git
+# Copy the application from the builder
+COPY --from=builder --chown=app:app /tmp/sysdig_mcp_server-1.0.0-py3-none-any.whl /app
+COPY --from=builder --chown=app:app /app/app_config.yaml /app
+
+RUN pip install /app/sysdig_mcp_server-1.0.0-py3-none-any.whl
 
-ENTRYPOINT ["/bin/sh", "entrypoint.sh"]
+ENTRYPOINT ["sysdig-mcp-server"]