Merge branch 'master' into crabs-1

.github/CODEOWNERS

@@ -12,3 +12,4 @@ modules/nf-core/pints/caller/** @edmundmiller
 modules/nf-core/preseq/ccurve/** @edmundmiller
 modules/nf-core/preseq/lcextrap/** @edmundmiller
 subworkflows/nf-core/homer/** @edmundmiller
+modules/nf-core/**/Dockerfile @edmundmiller @maxulysse

.github/actions/nf-test-action/action.yml

@@ -0,0 +1,83 @@
+name: "nf-test Action"
+description: "Runs nf-test with common setup steps"
+inputs:
+  path:
+    description: "Path to test"
+    required: true
+  profile:
+    description: "Profile to use"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+    - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4
+      with:
+        distribution: "temurin"
+        java-version: "17"
+
+    - name: Setup Nextflow
+      uses: nf-core/setup-nextflow@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
+      with:
+        python-version: "3.11"
+
+    - name: Install nf-test
+      uses: nf-core/setup-nf-test@v1
+      with:
+        version: "0.9.2"
+        install-pdiff: true
+
+    - name: Setup apptainer
+      if: contains(inputs.profile, 'singularity')
+      uses: eWaterCycle/setup-apptainer@main
+
+    - name: Set up Singularity
+      if: contains(inputs.profile, 'singularity')
+      shell: bash
+      run: |
+        mkdir -p $NXF_SINGULARITY_CACHEDIR
+        mkdir -p $NXF_SINGULARITY_LIBRARYDIR
+
+    - name: Conda setup
+      if: ${{inputs.profile == 'conda'}}
+      uses: conda-incubator/setup-miniconda@d2e6a045a86077fb6cad6f5adf368e9076ddaa8d # v3
+      with:
+        auto-update-conda: true
+        conda-solver: libmamba
+        conda-remove-defaults: true
+
+    # Set up secrets
+    - name: Set up nextflow secrets
+      if: env.SENTIEON_ENCRYPTION_KEY != '' && env.SENTIEON_LICENSE_MESSAGE != ''
+      shell: bash
+      run: |
+        nextflow secrets set SENTIEON_AUTH_DATA $(python3 tests/modules/nf-core/sentieon/license_message.py encrypt --key "$SENTIEON_ENCRYPTION_KEY" --message "$SENTIEON_LICENSE_MESSAGE")
+
+    - name: Run nf-test
+      shell: bash
+      env:
+        SENTIEON_LICSRVR_IP: ${{ env.SENTIEON_LICSRVR_IP }}
+        SENTIEON_AUTH_MECH: "GitHub Actions - token"
+      run: |
+        NFT_WORKDIR=~ \
+        nf-test test \
+          --profile=${{ inputs.profile }} \
+          --tap=test.tap \
+          --verbose \
+          ${{ inputs.path }}
+    - uses: pcolby/tap-summary@0959cbe1d4422e62afc65778cdaea6716c41d936 # v1
+      if: ${{ inputs.path != '' }}
+      with:
+        path: >-
+          test.tap
+
+    - name: Clean up
+      if: always()
+      shell: bash
+      run: |
+        sudo rm -rf /home/ubuntu/tests/

.github/renovate.json5

@@ -1,79 +1,14 @@
 {
-    $schema: "https://docs.renovatebot.com/renovate-schema.json",
-    extends: ["config:best-practices"],
-    vulnerabilityAlerts: {
-        labels: ["security"],
-        schedule: "at any time",
-    },
-    prHourlyLimit: 3,
-    platform: "github",
-    onboarding: false,
-    dependencyDashboard: true,
-    dependencyDashboardTitle: "Renovate Dashboard 🤖",
-    suppressNotifications: ["prIgnoreNotification"],
-    rebaseWhen: "conflicted",
-    reviewers: ["team:modules"],
-    assigneesFromCodeOwners: true,
-    gitAuthor: "nf-core-bot <[email protected]>",
-    prHeader: "## WARNING\n - [ ] I have made sure to update the singularity and conda images",
-    "pre-commit": {
-        enabled: true,
-    },
-    customManagers: [
-    // TODO waiting on https://github.com/nf-core/modules/pull/4080
-        // {
-        //     customType: "regex",
-        //     description: "Process Containers dependencies",
-        //     fileMatch: ["(^|/)main\\.nf$"],
-        //     matchStrings: [
-        //         "\\s+'(?<depName>\\S+):(?<currentValue>.*\\-.*)' }\"\n",
-        //     ],
-        //     datasourceTemplate: "docker",
-        // },
-        // {
-        //     customType: "regex",
-        //     description: "Upgrade conda dependencies",
-        //     fileMatch: ["(^|/)environment(.*).ya?ml$"],
-        //     matchStrings: [
-        //         '#\\s*renovate\\s+datasource=conda\\s+depName=(?<depName>.*?)\\s+-\\s*[\\w-]+\\s*==?\\s*"?(?<currentValue>.*)"?',
-        //         '# renovate: datasource=conda depName=(?<depName>.*?)\\s+-\\s*[\\w-]+\\s*==?\\s*"?(?<currentValue>.*)"?',
-        //     ],
-        //     datasourceTemplate: "conda",
-        // },
-        // {
-        //     customType: "regex",
-        //     description: "Upgrade pypi dependencies inside conda environment files",
-        //     fileMatch: ["(^|/)environment(.*).ya?ml$"],
-        //     matchStrings: [
-        //         "# renovate datasource=pypi\\s+-\\s*(?<depName>[\\w-]+)\\s*(\\[[\\w,\\s]+\\])?\\s*==?\\s*(?<currentValue>.*)",
-        //         "# renovate: datasource=pypi\\s+-\\s*(?<depName>[\\w-]+)\\s*(\\[[\\w,\\s]+\\])?\\s*==?\\s*(?<currentValue>.*)",
-        //     ],
-        //     datasourceTemplate: "pypi",
-        // },
-        ],
-    packageRules: [
-        {
-            matchDatasources: ["docker"],
-            registryUrls: ["quay.io"],
-        },
-        {
-            matchManagers: ["github-actions"],
-            automerge: true,
-            pinDigest: {
-                enabled: false,
-            },
-            matchPackageNames: ["/^nf-core//", "/^seqera/"],
-        },
-        {
-            matchManagers: ["github-actions"],
-            groupName: "GitHub Actions",
-            automerge: true,
-            schedule: ["before 9am"],
-        },
-        {
-            automerge: true,
-            schedule: ["before 9am on Monday"],
-            matchPackageNames: ["/renovate-config-validator/"],
-        },
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "github>nf-core/ops//.github/renovate/default.json5",
+        "github>nf-core/ops//.github/renovate/process_updaters.json5"
     ],
+    "prHeader": "## WARNING\n - [ ] I have made sure to update the singularity and conda images",
+    "packageRules": [
+        {
+            "matchDatasources": ["conda", "pypi", "docker"],
+            "automerge": false
+        }
+    ]
 }

.github/scripts/wave_singularity.py

@@ -2,53 +2,86 @@
 # /// script
 # requires-python = ">=3.10"
 # dependencies = [
-#     "httpx",
+#     "requests",
+#     "rich",
 # ]
 # ///
 
 import logging
 
-import httpx
+import requests
+import rich_click as click
+from rich.logging import RichHandler
 
+# Replace the basic logger setup with rich logging
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(message)s",
+    handlers=[
+        RichHandler(
+            rich_tracebacks=True,
+            show_time=False,
+            markup=True,
+        )
+    ],
+)
 logger = logging.getLogger(__name__)
+click.rich_click.SHOW_ARGUMENTS = True
 
-image_url = "oras://community.wave.seqera.io/library/pybedtools_bedtools_htslib_pip_pypints:aa20de1f1b5ddb30"
-
-if image_url.startswith("oras://"):
-    image_url = image_url.replace("oras://", "")
-
-wave_api_url = "https://wave.seqera.io"
-url = f"{wave_api_url}/v1alpha1/inspect"
-
-# if platform_pat:
-#     data["toweraccesstoken"] = platform_pat
-# else:
-# TODO
-logger.warning("'platform_pat' not set, no auth to wave back end")
-
-try:
-    logger.info(f"calling image inspect at {url} for image url {image_url}")
-    response = httpx.post(
-        url=url,
-        json={"containerImage": image_url},
-        headers={"content-type": "application/json"},
-    )
-
-    data = response.json()
-    logger.debug(data)
-    layers = data.get("container", {}).get("manifest", {}).get("layers", [])
-    is_singularity = len(layers) == 1 and layers[0].get("mediaType", "").endswith(".sif")
-    if not is_singularity:
-        print(layers)
-        raise ValueError("not a singularity image")
-    if "digest" not in layers[0]:
-        print(layers)
-        raise ValueError("no 'digest' in first layer found")
-
-    digest = layers[0]["digest"].replace("sha256:", "")
-    container_url = f"https://community-cr-prod.seqera.io/docker/registry/v2/blobs/sha256/{digest[:2]}/{digest}/data"
-    print(container_url)
-
-except httpx.RequestError as exc:
-    print(f"An error occurred while requesting {exc.request.url!r}.")
-    print("No singularity image for you")
+
+@click.command()
+@click.option(
+    "--platform-pat",
+    envvar="SEQERA_ACCESS_TOKEN",
+    show_envvar=True,
+    help="Platform authentication token",
+)
+@click.argument("image_name")
+def main(image_name, platform_pat):
+    """Script to return a HTTPS Singularity image URL from Seqera Containers."""
+
+    if image_name.startswith("oras://"):
+        image_name = image_name.replace("oras://", "")
+
+    wave_api_url_base = "https://wave.seqera.io"
+    wave_api_url = f"{wave_api_url_base}/v1alpha1/inspect"
+    container_url_base = "https://community-cr-prod.seqera.io/docker/registry/v2/blobs/sha256"
+
+    request_data = {"containerImage": image_name}
+    if platform_pat:
+        request_data["toweraccesstoken"] = platform_pat
+    else:
+        logger.debug("'--platform-pat' / '$TOWER_ACCESS_TOKEN' not set, no auth to wave back end")
+
+    try:
+        logger.debug(f"Calling image inspect at {wave_api_url} for image url '{image_name}'")
+        response = requests.post(
+            url=wave_api_url,
+            json=request_data,
+            headers={"content-type": "application/json"},
+        )
+
+        data = response.json()
+        logger.debug(data)
+        layers = data.get("container", {}).get("manifest", {}).get("layers", [])
+        is_singularity = len(layers) == 1 and layers[0].get("mediaType", "").endswith(".sif")
+        logger.debug(layers)
+        if not is_singularity:
+            raise ValueError("Not a singularity image")
+        if "digest" not in layers[0]:
+            raise ValueError("no 'digest' in first layer found")
+
+        digest = layers[0]["digest"].replace("sha256:", "")
+        container_url = f"{container_url_base}/{digest[:2]}/{digest}/data"
+        print(container_url)
+
+    except requests.RequestException as exc:
+        raise ValueError(f"An error occurred while requesting {wave_api_url}\n {exc}")
+
+
+if __name__ == "__main__":
+    try:
+        main()
+    except ValueError as exc:
+        logger.error(f"[red]{exc}[/red]")
+        exit(1)

.github/workflows/fix-linting.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Use the @nf-core-bot token to check out so we can push later
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           token: ${{ secrets.nf_core_bot_auth_token }}
 
@@ -32,7 +32,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.nf_core_bot_auth_token }}
 
-      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
 
       - name: Install Prettier
         run: npm install -g prettier @prettier/plugin-php