sysdiglabs
diff --git a/‎.github/workflows/helm_test.yaml
Lines changed: 5 additions & 10 deletions b/‎.github/workflows/helm_test.yaml
Lines changed: 5 additions & 10 deletions
diff --git a/‎.github/workflows/publish.yaml
Lines changed: 20 additions & 8 deletions b/‎.github/workflows/publish.yaml
Lines changed: 20 additions & 8 deletions
diff --git a/‎.github/workflows/test.yaml
Lines changed: 11 additions & 24 deletions b/‎.github/workflows/test.yaml
Lines changed: 11 additions & 24 deletions
diff --git a/‎Dockerfile
Lines changed: 2 additions & 0 deletions b/‎Dockerfile
Lines changed: 2 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 8 additions & 0 deletions b/‎README.md
Lines changed: 8 additions & 0 deletions
diff --git a/‎charts/sysdig-mcp/Chart.yaml
Lines changed: 2 additions & 2 deletions b/‎charts/sysdig-mcp/Chart.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎charts/sysdig-mcp/values.yaml
Lines changed: 6 additions & 8 deletions b/‎charts/sysdig-mcp/values.yaml
Lines changed: 6 additions & 8 deletions
diff --git a/‎main.py
Lines changed: 27 additions & 4 deletions b/‎main.py
Lines changed: 27 additions & 4 deletions
diff --git a/‎pyproject.toml
Lines changed: 1 addition & 1 deletion b/‎pyproject.toml
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/conftest.py
Lines changed: 10 additions & 2 deletions b/‎tests/conftest.py
Lines changed: 10 additions & 2 deletions
@@ -4,25 +4,20 @@ name: Lint & Test helm chart
 on:
   pull_request:
     branches:
-      - main
-      - develop
-      - feature/**
-      - release/**
-      - hotfix/**
+      - beta
     paths:
     - 'charts/**'
   push:
     branches:
       - main
-      - develop
-      - feature/**
-      - release/**
-      - hotfix/**
+      - beta
     paths:
     - 'charts/**'
+  workflow_call:
+  workflow_dispatch:
 
 concurrency:
-  group: '${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  group: 'helm-test-${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
   cancel-in-progress: true
 
 jobs:
 
@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - main
+      - beta
     paths:
       - pyproject.toml
       - Dockerfile
@@ -15,7 +16,7 @@ on:
   workflow_dispatch:
 
 concurrency:
-  group: '${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  group: 'publish-${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
   cancel-in-progress: true
 
 jobs:
@@ -44,7 +45,7 @@ jobs:
       - name: Extract version
         id: extract_version
         run: |
-          VERSION=$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')-$(echo $GITHUB_SHA | cut -c1-7)
+          VERSION=$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')
           echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
           TAG=v$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')
           echo "TAG=$TAG" >> "$GITHUB_OUTPUT"
@@ -84,23 +85,34 @@ jobs:
     runs-on: ubuntu-latest
     needs: push_to_registry
     steps:
-      - name: Check out the repo
+      - name: Check out repository
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.sha }} # required for better experience using pre-releases
+          fetch-depth: '0' # Required due to the way Git works, without it this action won't be able to find any or the correct tags
 
       - name: Get tag version
         id: semantic_release
-        uses: anothrNick/github-tag-action@1.73.0
+        uses: anothrNick/github-tag-action@1.71.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DEFAULT_BUMP: "patch"
-          TAG_CONTEXT: ${{ (github.base_ref != 'main') && 'branch' || 'repo' }}
+          TAG_CONTEXT: 'repo'
+          WITH_V: true
           PRERELEASE_SUFFIX: "beta"
-          PRERELEASE: ${{ (github.base_ref != 'main') && 'true' || 'false' }}
-          DRY_RUN: false
-          INITIAL_VERSION: ${{ needs.push_to_registry.outputs.tag }}
+          PRERELEASE: ${{ (github.base_ref == 'beta') && 'true' || (github.base_ref == 'main') && 'false' || (github.base_ref == 'integration') && 'false' || 'true' }}
 
       - name: Summary
         run: |
           echo "## Release Summary
           - Tag: ${{ steps.semantic_release.outputs.tag }}
           - Docker Image: ghcr.io/sysdiglabs/sysdig-mcp-server:v${{ needs.push_to_registry.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+
+  test_helm_chart:
+    name: Test Helm Chart
+    needs: push_to_registry
+    permissions:
+      contents: read # required for actions/checkout
+      pull-requests: write # required for creating a PR with the chart changes
+    uses: ./.github/workflows/helm_test.yaml
+    secrets: inherit
@@ -2,20 +2,6 @@
 name: Test
 
 on:
-  push:
-    branches:
-      - main
-      - develop
-      - feature/**
-      - release/**
-      - hotfix/**
-    paths:
-      - pyproject.toml
-      - Dockerfile
-      - '*.py'
-      - tests/**
-      - tools/**
-      - utils/**
   pull_request:
     paths:
       - pyproject.toml
@@ -25,9 +11,10 @@ on:
       - tools/**
       - utils/**
   workflow_call:
+  workflow_dispatch:
 
 concurrency:
-  group: '${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  group: 'tests-${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
   cancel-in-progress: true
 
 jobs:
@@ -59,18 +46,18 @@ jobs:
       - name: Run Unit Tests
         run: make test
 
-  pre_release:
-    name: Tag Release
+  check_version:
+    name: Check Version
     runs-on: ubuntu-latest
     needs: test
     permissions:
       contents: write # required for creating a tag
     steps:
-      - name: Check out the repo
+      - name: Check out repository
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.head_ref }}   # checkout the correct branch name
-          fetch-depth: 0   
+          ref: ${{ github.sha }} # required for better experience using pre-releases
+          fetch-depth: '0' # Required due to the way Git works, without it this action won't be able to find any or the correct tags
 
       - name: Extract current version
         id: pyproject_version
@@ -80,15 +67,15 @@ jobs:
 
       - name: Get tag version
         id: semantic_release
-        uses: anothrNick/github-tag-action@1.73.0
+        uses: anothrNick/github-tag-action@1.71.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DEFAULT_BUMP: "patch"
-          TAG_CONTEXT: ${{ (github.base_ref != 'main') && 'branch' || 'repo' }}
+          TAG_CONTEXT: 'repo'
+          WITH_V: true
           PRERELEASE_SUFFIX: "beta"
-          PRERELEASE: ${{ (github.base_ref != 'main') && 'true' || 'false' }}
+          PRERELEASE: ${{ (github.base_ref == 'beta') && 'true' || (github.base_ref == 'main') && 'false' || (github.base_ref == 'integration') && 'false' || 'true' }}
           DRY_RUN: true
-          INITIAL_VERSION: ${{ steps.pyproject_version.outputs.TAG }}
 
       - name: Compare versions
         run: |
 
@@ -33,4 +33,6 @@ COPY --from=builder --chown=app:app /app/app_config.yaml /app
 
 RUN pip install /app/sysdig_mcp_server.tar.gz
 
+USER 1001:1001
+
 ENTRYPOINT ["sysdig-mcp-server"]
@@ -7,6 +7,7 @@
   - [Description](#description)
   - [Quickstart Guide](#quickstart-guide)
   - [Available Tools](#available-tools)
+    - [Available Resources](#available-resources)
   - [Requirements](#requirements)
     - [UV Setup](#uv-setup)
   - [Configuration](#configuration)
@@ -124,6 +125,13 @@ Get up and running with the Sysdig MCP Server quickly using our pre-built Docker
 
 </details>
 
+### Available Resources
+
+- Sysdig Secure Vulnerability Management Overview:
+  - VM documentation based on the following [url](https://docs.sysdig.com/en/sysdig-secure/vulnerability-management/)
+- Sysdig Filter Query Language Instructions:
+  - Sysdig Filter Query Language for different API endpoint filters
+
 ## Requirements
 
 ### UV Setup
 
@@ -20,10 +20,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.1"
+appVersion: "v0.1.2"
@@ -8,7 +8,7 @@ image:
   repository: ghcr.io/sysdiglabs/sysdig-mcp-server
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "v0.1.1-e789d6e"
+  tag: "v0.1.2"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -46,13 +46,11 @@ podLabels: {}
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext:
+  readOnlyRootFilesystem: false
+  runAsNonRoot: true
+  runAsUser: 1001
+  runAsGroup: 1001
 
 service:
   type: ClusterIP
 
@@ -3,7 +3,9 @@
 """
 
 import os
-import asyncio
+import signal
+import sys
+import logging
 from dotenv import load_dotenv
 
 # Application config loader
@@ -12,28 +14,49 @@
 # Register all tools so they attach to the MCP server
 from utils.mcp_server import run_stdio, run_http
 
+# Set up logging
+logging.basicConfig(
+    format="%(asctime)s-%(process)d-%(levelname)s- %(message)s",
+    level=os.environ.get("LOGLEVEL", "ERROR"),
+)
+log = logging.getLogger(__name__)
+
 # Load environment variables from .env
 load_dotenv()
 
 app_config = get_app_config()
 
 
+def handle_signals():
+    def signal_handler(sig, frame):
+        log.info(f"Received signal {sig}, shutting down...")
+        os._exit(0)
+
+    signal.signal(signal.SIGINT, signal_handler)
+    signal.signal(signal.SIGTERM, signal_handler)
+    signal.signal(signal.SIGHUP, signal_handler)
+
+
 def main():
     # Choose transport: "stdio" or "sse" (HTTP/SSE)
+    handle_signals()
     transport = os.environ.get("MCP_TRANSPORT", app_config["mcp"]["transport"]).lower()
-    print("""
+    log.info("""
     ▄▖     ▌▘    ▖  ▖▄▖▄▖  ▄▖
     ▚ ▌▌▛▘▛▌▌▛▌  ▛▖▞▌▌ ▙▌  ▚ █▌▛▘▌▌█▌▛▘
     ▄▌▙▌▄▌▙▌▌▙▌  ▌▝ ▌▙▖▌   ▄▌▙▖▌ ▚▘▙▖▌
       ▄▌     ▄▌
     """)
     if transport == "stdio":
         # Run MCP server over STDIO (local)
-        asyncio.run(run_stdio())
+        run_stdio()
     else:
         # Run MCP server over streamable HTTP by default
         run_http()
 
 
 if __name__ == "__main__":
-    main()
+    try:
+        sys.exit(main())
+    except KeyboardInterrupt:
+        os._exit(0)
@@ -1,6 +1,6 @@
 [project]
 name = "sysdig-mcp-server"
-version = "0.1.1"
+version = "0.1.2"
 description = "Sysdig MCP Server"
 readme = "README.md"
 requires-python = ">=3.12"
 
@@ -6,6 +6,14 @@
 from fastmcp import FastMCP
 
 
+class MockMCP(FastMCP):
+    """
+    Mock class for FastMCP
+    """
+
+    pass
+
+
 def util_load_json(path):
     """
     Utility function to load a JSON file from the given path.
@@ -42,8 +50,8 @@ def mock_ctx():
     Returns:
         Context: A mocked Context object with 'fastmcp' tags.
     """
-    fastmcp: FastMCP = FastMCP(
-        name="Test",
+
+    fastmcp: MockMCP = MockMCP(
         tags=["sysdig", "mcp", "stdio"],
     )
     ctx = Context(fastmcp=fastmcp)