add rook reverse-connect sandbox agent for k8s provider (#15)

* add rook reverse-connect sandbox agent for k8s provider

* fix clippy warnings in rook

Author: aviramha

.github/workflows/release.yaml

@@ -8,6 +8,7 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE: ghcr.io/${{ github.repository }}
+  ROOK_IMAGE: ghcr.io/${{ github.repository }}-rook
 
 jobs:
   build:
@@ -59,6 +60,103 @@ jobs:
           if-no-files-found: error
           retention-days: 1
 
+  build-rook:
+    name: Build rook (${{ matrix.platform }})
+    runs-on: ${{ matrix.runner }}
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: deploy/rook.Dockerfile
+          platforms: ${{ matrix.platform }}
+          outputs: type=image,name=${{ env.ROOK_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/rook-digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/rook-digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: rook-digest-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
+          path: /tmp/rook-digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge-rook:
+    name: Merge and push rook manifest
+    needs: build-rook
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: /tmp/rook-digests
+          pattern: rook-digest-*
+          merge-multiple: true
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Compute tags
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.ROOK_IMAGE }}
+          tags: |
+            type=sha,prefix=,format=short,enable=${{ github.ref_type == 'branch' }}
+            type=raw,value=nightly,enable=${{ github.ref_type == 'branch' }}
+            type=semver,pattern={{version}}
+            type=raw,value=latest,enable=${{ github.ref_type == 'tag' }}
+
+      - name: Create and push manifest
+        working-directory: /tmp/rook-digests
+        run: |
+          docker buildx imagetools create \
+            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.ROOK_IMAGE }}@sha256:%s ' *)
+
   merge:
     name: Merge and push manifest
     needs: build

Cargo.lock

@@ -21,6 +21,8 @@ members = [
     "crates/secrets_memory",
     "crates/secrets_gcp",
     "crates/secrets_k8s",
+    "crates/rook_proto",
+    "crates/rook",
 ]
 resolver = "3"
 
@@ -46,11 +48,13 @@ sandcastle-sandbox-provider-local = { path = "crates/sandbox_provider_local" }
 sandcastle-sandbox-provider-docker = { path = "crates/sandbox_provider_docker" }
 sandcastle-sandbox-provider-daytona = { path = "crates/sandbox_provider_daytona" }
 sandcastle-sandbox-provider-k8s = { path = "crates/sandbox_provider_k8s" }
+sandcastle-rook-proto = { path = "crates/rook_proto" }
 
 # External dependencies
 anyhow = "1"
 async-trait = "0.1"
-axum = "0.8"
+axum = { version = "0.8", features = ["ws"] }
+tokio-tungstenite = { version = "0.26", features = ["native-tls"] }
 base64 = "0.22"
 bollard = "0.18"
 daytona-client = "0.5.0"

Cargo.toml

@@ -0,0 +1,18 @@
+[package]
+name = "rook"
+version = "0.1.0"
+edition = "2024"
+license = "MIT"
+
+[[bin]]
+name = "rook"
+path = "src/main.rs"
+
+[dependencies]
+sandcastle-rook-proto = { workspace = true }
+futures-util = { workspace = true }
+serde_json = { workspace = true }
+tokio = { workspace = true }
+tokio-tungstenite = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }