major:

- chore: bugfixing
- feat: added gvisor runtime
- fix: misc

Author: samjtro

examples/gvisor/main.go

@@ -0,0 +1,217 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+	
+	"github.com/rizome-dev/arc/pkg/messagequeue"
+	"github.com/rizome-dev/arc/pkg/orchestrator"
+	"github.com/rizome-dev/arc/pkg/runtime"
+	"github.com/rizome-dev/arc/pkg/state"
+	"github.com/rizome-dev/arc/pkg/types"
+)
+
+func main() {
+	ctx := context.Background()
+	
+	// Try to create gVisor runtime, fall back to Docker if not available
+	var runtimeInstance runtime.Runtime
+	var runtimeName string
+	
+	gvisorRuntime, err := runtime.NewGVisorRuntime(runtime.Config{
+		Type: "gvisor",
+		Labels: map[string]string{
+			"managed-by": "arc",
+			"runtime": "gvisor",
+		},
+	})
+	if err != nil {
+		fmt.Printf("gVisor runtime not available (%v), falling back to Docker...\n", err)
+		
+		// Fall back to Docker runtime
+		dockerRuntime, dockerErr := runtime.NewDockerRuntime(runtime.Config{
+			Type: "docker",
+			Labels: map[string]string{
+				"managed-by": "arc",
+				"runtime": "docker",
+			},
+		})
+		if dockerErr != nil {
+			log.Fatalf("Failed to create Docker runtime: %v", dockerErr)
+		}
+		runtimeInstance = dockerRuntime
+		runtimeName = "Docker"
+	} else {
+		runtimeInstance = gvisorRuntime
+		runtimeName = "gVisor"
+	}
+	
+	// Create message queue
+	mq, err := messagequeue.NewAMQMessageQueue(messagequeue.Config{
+		StorePath:      "./arc-amq-data",
+		WorkerPoolSize: 10,
+		MessageTimeout: 300, // 5 minutes
+	})
+	if err != nil {
+		log.Fatalf("Failed to create message queue: %v", err)
+	}
+	defer mq.Close()
+	
+	// Create state manager
+	stateManager := state.NewMemoryStore()
+	if err := stateManager.Initialize(ctx); err != nil {
+		log.Fatalf("Failed to initialize state manager: %v", err)
+	}
+	defer stateManager.Close(ctx)
+	
+	// Create orchestrator
+	arc, err := orchestrator.New(orchestrator.Config{
+		Runtime:      runtimeInstance,
+		MessageQueue: mq,
+		StateManager: stateManager,
+	})
+	if err != nil {
+		log.Fatalf("Failed to create orchestrator: %v", err)
+	}
+	
+	// Start orchestrator
+	if err := arc.Start(); err != nil {
+		log.Fatalf("Failed to start orchestrator: %v", err)
+	}
+	defer arc.Stop()
+	
+	// Get runtime info if gVisor
+	if gvisorRT, ok := runtimeInstance.(*runtime.GVisorRuntime); ok && runtimeName == "gVisor" {
+		info, err := gvisorRT.GetRuntimeInfo(ctx)
+		if err == nil {
+			fmt.Printf("%s Runtime Info:\n", runtimeName)
+			for k, v := range info {
+				fmt.Printf("  %s: %v\n", k, v)
+			}
+			fmt.Println()
+		}
+	}
+	
+	// Create a sample workflow with sandboxed containers
+	workflow := &types.Workflow{
+		Name:        "secure-data-processing",
+		Description: "A secure data processing workflow using gVisor sandboxing",
+		Tasks: []types.Task{
+			{
+				Name: "fetch-data",
+				AgentConfig: types.AgentConfig{
+					Command: []string{"alpine"},
+					Args:    []string{"sh", "-c", "echo 'Fetching data in gVisor sandbox...'; sleep 5; echo 'Data fetched securely!'"},
+					Environment: map[string]string{
+						"TASK_TYPE": "fetch",
+						"RUNTIME": "gvisor",
+					},
+					MessageQueue: types.MessageQueueConfig{
+						Topics: []string{"secure-pipeline"},
+					},
+					Resources: types.ResourceRequirements{
+						CPU:    "500m",
+						Memory: "256Mi",
+					},
+				},
+			},
+			{
+				Name:         "process-data",
+				Dependencies: []string{}, // Will be set after task IDs are generated
+				AgentConfig: types.AgentConfig{
+					Command: []string{"alpine"},
+					Args:    []string{"sh", "-c", "echo 'Processing data in isolated environment...'; sleep 10; echo 'Data processed with isolation!'"},
+					Environment: map[string]string{
+						"TASK_TYPE": "process",
+						"RUNTIME": "gvisor",
+					},
+					MessageQueue: types.MessageQueueConfig{
+						Topics: []string{"secure-pipeline"},
+					},
+					Resources: types.ResourceRequirements{
+						CPU:    "1000m",
+						Memory: "512Mi",
+					},
+				},
+			},
+			{
+				Name:         "store-results",
+				Dependencies: []string{}, // Will be set after task IDs are generated
+				AgentConfig: types.AgentConfig{
+					Command: []string{"alpine"},
+					Args:    []string{"sh", "-c", "echo 'Storing results securely...'; sleep 3; echo 'Results stored in sandbox!'"},
+					Environment: map[string]string{
+						"TASK_TYPE": "store",
+						"RUNTIME": "gvisor",
+					},
+					MessageQueue: types.MessageQueueConfig{
+						Topics: []string{"secure-pipeline"},
+					},
+					Resources: types.ResourceRequirements{
+						CPU:    "250m",
+						Memory: "128Mi",
+					},
+				},
+			},
+		},
+	}
+	
+	// Create workflow
+	if err := arc.CreateWorkflow(ctx, workflow); err != nil {
+		log.Fatalf("Failed to create workflow: %v", err)
+	}
+	
+	// Set dependencies after workflow creation (tasks now have IDs)
+	workflow.Tasks[1].Dependencies = []string{workflow.Tasks[0].ID}
+	workflow.Tasks[2].Dependencies = []string{workflow.Tasks[1].ID}
+	
+	fmt.Printf("Created workflow: %s (ID: %s)\n", workflow.Name, workflow.ID)
+	fmt.Printf("Using %s runtime for container execution\n", runtimeName)
+	if runtimeName == "gVisor" {
+		fmt.Println("Enhanced security and isolation enabled")
+	}
+	fmt.Println()
+	
+	// Start workflow execution
+	fmt.Printf("Starting workflow execution with %s runtime...\n", runtimeName)
+	if err := arc.StartWorkflow(ctx, workflow.ID); err != nil {
+		log.Fatalf("Failed to start workflow: %v", err)
+	}
+	
+	// Monitor workflow progress
+	ticker := time.NewTicker(2 * time.Second)
+	defer ticker.Stop()
+	
+	for {
+		select {
+		case <-ticker.C:
+			wf, err := arc.GetWorkflow(ctx, workflow.ID)
+			if err != nil {
+				log.Printf("Failed to get workflow status: %v", err)
+				continue
+			}
+			
+			fmt.Printf("\nWorkflow Status: %s\n", wf.Status)
+			for _, task := range wf.Tasks {
+				fmt.Printf("  Task '%s' [%s]: %s\n", task.Name, runtimeName, task.Status)
+			}
+			
+			// Check if workflow is complete
+			if wf.Status == types.WorkflowStatusCompleted {
+				fmt.Printf("\nWorkflow completed successfully with %s runtime!\n", runtimeName)
+				if runtimeName == "gVisor" {
+					fmt.Println("All tasks ran in secure sandboxed environments.")
+				}
+				return
+			} else if wf.Status == types.WorkflowStatusFailed {
+				fmt.Printf("\nWorkflow failed: %s\n", wf.Error)
+				return
+			}
+		case <-time.After(2 * time.Minute):
+			fmt.Println("\nTimeout waiting for workflow to complete")
+			return
+		}
+	}
+}

go.mod

@@ -3,9 +3,74 @@ module github.com/rizome-dev/arc
 go 1.23.4
 
 require (
-    github.com/docker/docker v24.0.7+incompatible
-    github.com/rizome-dev/amq v0.1.0
-    k8s.io/api v0.29.0
-    k8s.io/apimachinery v0.29.0
-    k8s.io/client-go v0.29.0
+	github.com/docker/docker v27.5.0+incompatible
+	github.com/rizome-dev/amq v0.1.0
+	k8s.io/api v0.29.0
+	k8s.io/apimachinery v0.29.0
+	k8s.io/client-go v0.29.0
+)
+
+require (
+	github.com/Microsoft/go-winio v0.4.14 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dgraph-io/badger/v4 v4.8.0 // indirect
+	github.com/dgraph-io/ristretto/v2 v2.2.0 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/flatbuffers v25.2.10+incompatible // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/term v0.5.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
+	go.opentelemetry.io/otel v1.37.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.37.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/oauth2 v0.10.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gotest.tools/v3 v3.5.2 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )