allow private ecr repositories as process container (#55)

* allow private ecr repositories as process container
* add unit test to verify private ecr repo is recognized

Author: nbulsara

.gitignore

@@ -1 +1,2 @@
-.ipynb_checkpoints/
+.ipynb_checkpoints/
+.vscode

utils/scripts/nf/__init__.py

@@ -150,6 +150,12 @@ def docker_registry(self) -> str:
             raise fnfe
         return _docker_registry
 
+    def is_ecr_private_repo(self, _registry_name):
+        """
+        Detect private registry in format <awsaccountid>.dkr.ecr.<awsregion>.amazonaws.com
+        """
+        return re.match('[0-9]{12}\.dkr\.ecr\.[a-zA-Z0-9-]{1,}\.amazonaws\.com', _registry_name)
+           
     def get_container_manifest(self, substitutions=None) -> list:
         """
         generates a list of unique container image URIs to pull into an ECR Private registry
@@ -183,6 +189,9 @@ def _get_ecr_image_name(self, uri, substitutions=None, namespace_config=None):
             props = namespace_config.get(source_registry)
             if props:
                 uri = "/".join([props['namespace'], image_name])
+            else:
+                if self.is_ecr_private_repo(source_registry):
+                    uri = image_name
 
         return uri
 

utils/scripts/tests/test_inspect_nf.py

@@ -1,10 +1,29 @@
 from glob import glob
 from os import path
-
+import json
 import pytest
 
 from ..nf import *
 
+NAMESPACE="""{
+    "public.ecr.aws": { "namespace": "ecr-public", "pull_through": true },
+    "ecr-public": { "namespace": "ecr-public", "pull_through": true },
+
+    "quay.io": { "namespace": "quay", "pull_through": true },
+    "quay": { "namespace": "quay", "pull_through": true },
+    
+    "us.gcr.io": { "namespace": "gcr", "pull_through": false },
+    "eu.gcr.io": { "namespace": "gcr", "pull_through": false },
+    "asia.gcr.io": { "namespace": "gcr", "pull_through": false },
+    "pkg.dev": { "namespace": "gar", "pull_through": false },
+    "nvcr.io": { "namespace": "nvcr", "pull_through": false},
+    
+    "ghcr.io": { "namespace": "ghcr", "pull_through": false },
+    "mcr.microsoft.com": { "namespace": "mcr", "pull_through": false },
+    
+    "dockerhub": { "namespace": "dockerhub", "pull_through": false },
+    "": { "namespace": "dockerhub", "pull_through": false }
+}"""
 
 WORKING_DIR = path.dirname(path.realpath(__file__))
 
@@ -105,6 +124,13 @@ def test_find_docker_uri_quoted():
     uri = find_docker_uri(container)
     assert uri == 'image:tag'
 
+def test_ecr_private_repo_detection():
+    project_path = path.join(WORKING_DIR, 'workflow_with_config_and_private_ecr')
+    workflow = NextflowWorkflow(project_path)
+    
+    assert "111111111111.dkr.ecr.us-east-1.amazonaws.com/rnaseq-nf:1.1.1" in workflow.containers
+    assert workflow.is_ecr_private_repo("111111111111.dkr.ecr.us-east-1.amazonaws.com")
+    assert not workflow.is_ecr_private_repo("1234.dcr.ecr.us-east-1.amazonaws.com")
 
 def test_parse_workflow():
     project_path = path.join(WORKING_DIR, 'workflow')

utils/scripts/tests/workflow_with_config_and_private_ecr/main.nf

@@ -0,0 +1,12 @@
+include { NO_CONTAINER } from "./processes/no_container.nf"
+include { FOO, BAR } from "./processes/multiple.nf"
+
+workflow MAIN {
+    NO_CONTAINER()
+    FOO()
+    BAR()
+}
+
+workflow {
+    MAIN()
+}

utils/scripts/tests/workflow_with_config_and_private_ecr/nextflow.config

@@ -0,0 +1,241 @@
+/*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    omicsqc/omicsqc Nextflow config file
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    Default config options for all compute environments
+----------------------------------------------------------------------------------------
+*/
+
+// Global default params, used in configs
+params {
+
+    // TODO nf-core: Specify your pipeline's command line flags
+    // Input options
+    input                      = null
+
+
+    // References
+    genome                     = null
+    igenomes_base              = 's3://ngi-igenomes/igenomes'
+    igenomes_ignore            = false
+    // MultiQC options
+    multiqc_config             = null
+    multiqc_title              = null
+    multiqc_logo               = null
+    max_multiqc_email_size     = '25.MB'
+    multiqc_methods_description = null
+
+    // Boilerplate options
+    outdir                     = null
+    tracedir                   = "${params.outdir}/pipeline_info"
+    publish_dir_mode           = 'copy'
+    email                      = null
+    email_on_fail              = null
+    plaintext_email            = false
+    monochrome_logs            = false
+    hook_url                   = null
+    help                       = false
+    version                    = false
+    validate_params            = true
+    show_hidden_params         = false
+    schema_ignore_params       = 'genomes'
+
+
+    // Config options
+    custom_config_version      = 'master'
+    custom_config_base         = "https://raw.githubusercontent.com/nf-core/configs/${params.custom_config_version}"
+    config_profile_description = null
+    config_profile_contact     = null
+    config_profile_url         = null
+    config_profile_name        = null
+
+
+    // Max resource options
+    // Defaults only, expecting to be overwritten
+    max_memory                 = '128.GB'
+    max_cpus                   = 16
+    max_time                   = '240.h'
+
+}
+
+// Load base.config by default for all pipelines
+includeConfig 'conf/base.config'
+
+// Load nf-core custom profiles from different Institutions
+try {
+    includeConfig "${params.custom_config_base}/nfcore_custom.config"
+} catch (Exception e) {
+    System.err.println("WARNING: Could not load nf-core/config profiles: ${params.custom_config_base}/nfcore_custom.config")
+}
+
+// Load omicsqc/omicsqc custom profiles from different institutions.
+// Warning: Uncomment only if a pipeline-specific instititutional config already exists on nf-core/configs!
+// try {
+//   includeConfig "${params.custom_config_base}/pipeline/omicsqc.config"
+// } catch (Exception e) {
+//   System.err.println("WARNING: Could not load nf-core/config/omicsqc profiles: ${params.custom_config_base}/pipeline/omicsqc.config")
+// }
+
+
+profiles {
+    debug { process.beforeScript = 'echo $HOSTNAME' }
+    conda {
+        conda.enabled          = true
+        docker.enabled         = false
+        singularity.enabled    = false
+        podman.enabled         = false
+        shifter.enabled        = false
+        charliecloud.enabled   = false
+    }
+    mamba {
+        conda.enabled          = true
+        conda.useMamba         = true
+        docker.enabled         = false
+        singularity.enabled    = false
+        podman.enabled         = false
+        shifter.enabled        = false
+        charliecloud.enabled   = false
+    }
+    docker {
+        docker.enabled         = true
+        docker.userEmulation   = true
+        singularity.enabled    = false
+        podman.enabled         = false
+        shifter.enabled        = false
+        charliecloud.enabled   = false
+    }
+    arm {
+        docker.runOptions = '-u $(id -u):$(id -g) --platform=linux/amd64'
+    }
+    singularity {
+        singularity.enabled    = true
+        singularity.autoMounts = true
+        docker.enabled         = false
+        podman.enabled         = false
+        shifter.enabled        = false
+        charliecloud.enabled   = false
+    }
+    podman {
+        podman.enabled         = true
+        docker.enabled         = false
+        singularity.enabled    = false
+        shifter.enabled        = false
+        charliecloud.enabled   = false
+    }
+    shifter {
+        shifter.enabled        = true
+        docker.enabled         = false
+        singularity.enabled    = false
+        podman.enabled         = false
+        charliecloud.enabled   = false
+    }
+    charliecloud {
+        charliecloud.enabled   = true
+        docker.enabled         = false
+        singularity.enabled    = false
+        podman.enabled         = false
+        shifter.enabled        = false
+    }
+    gitpod {
+        executor.name          = 'local'
+        executor.cpus          = 16
+        executor.memory        = 60.GB
+    }
+    test      { includeConfig 'conf/test.config'      }
+    test_full { includeConfig 'conf/test_full.config' }
+}
+
+
+// Load igenomes.config if required
+if (!params.igenomes_ignore) {
+    includeConfig 'conf/igenomes.config'
+} else {
+    params.genomes = [:]
+}
+
+
+// Export these variables to prevent local Python/R libraries from conflicting with those in the container
+// The JULIA depot path has been adjusted to a fixed path `/usr/local/share/julia` that needs to be used for packages in the container.
+// See https://apeltzer.github.io/post/03-julia-lang-nextflow/ for details on that. Once we have a common agreement on where to keep Julia packages, this is adjustable.
+
+env {
+    PYTHONNOUSERSITE = 1
+    R_PROFILE_USER   = "/.Rprofile"
+    R_ENVIRON_USER   = "/.Renviron"
+    JULIA_DEPOT_PATH = "/usr/local/share/julia"
+}
+
+// Capture exit codes from upstream processes when piping
+process.shell = ['/bin/bash', '-euo', 'pipefail']
+
+def trace_timestamp = new java.util.Date().format( 'yyyy-MM-dd_HH-mm-ss')
+timeline {
+    enabled = true
+    file    = "${params.tracedir}/execution_timeline_${trace_timestamp}.html"
+}
+report {
+    enabled = true
+    file    = "${params.tracedir}/execution_report_${trace_timestamp}.html"
+}
+trace {
+    enabled = true
+    file    = "${params.tracedir}/execution_trace_${trace_timestamp}.txt"
+}
+dag {
+    enabled = true
+    file    = "${params.tracedir}/pipeline_dag_${trace_timestamp}.html"
+}
+
+manifest {
+    name            = 'omicsqc/omicsqc'
+    author          = """Fernando Izquierdo"""
+    homePage        = 'https://github.com/omicsqc/omicsqc'
+    description     = """test workflow fastqc"""
+    mainScript      = 'main.nf'
+    nextflowVersion = '!>=22.10.1'
+    version         = '1.0dev'
+    doi             = ''
+}
+
+// Load modules.config for DSL2 module specific options
+includeConfig 'conf/modules.config'
+
+// Set default registry for Docker and Podman independent of -profile
+// Will not be used unless Docker / Podman are enabled
+// Set to your registry if you have a mirror of containers
+//docker.registry = 'quay.io'
+//podman.registry = 'quay.io'
+
+// Function to ensure that resource requirements don't go beyond
+// a maximum limit
+def check_max(obj, type) {
+    if (type == 'memory') {
+        try {
+            if (obj.compareTo(params.max_memory as nextflow.util.MemoryUnit) == 1)
+                return params.max_memory as nextflow.util.MemoryUnit
+            else
+                return obj
+        } catch (all) {
+            println "   ### ERROR ###   Max memory '${params.max_memory}' is not valid! Using default value: $obj"
+            return obj
+        }
+    } else if (type == 'time') {
+        try {
+            if (obj.compareTo(params.max_time as nextflow.util.Duration) == 1)
+                return params.max_time as nextflow.util.Duration
+            else
+                return obj
+        } catch (all) {
+            println "   ### ERROR ###   Max time '${params.max_time}' is not valid! Using default value: $obj"
+            return obj
+        }
+    } else if (type == 'cpus') {
+        try {
+            return Math.min( obj, params.max_cpus as int )
+        } catch (all) {
+            println "   ### ERROR ###   Max cpus '${params.max_cpus}' is not valid! Using default value: $obj"
+            return obj
+        }
+    }
+}
+includeConfig 'conf/omics.config'

utils/scripts/tests/workflow_with_config_and_private_ecr/processes/index/main.nf

@@ -0,0 +1,17 @@
+process INDEX {
+    container '111111111111.dkr.ecr.us-east-1.amazonaws.com/rnaseq-nf:1.1.1'
+
+    input:
+    path transcriptome
+
+    output:
+    path 'index'
+
+    script:
+    """
+    echo "Running salmon index"
+    salmon index --threads $task.cpus -t $transcriptome -i index
+    echo "Command done"
+    ls -lR && sleep 60
+    """
+}

utils/scripts/tests/workflow_with_config_and_private_ecr/processes/multiple.nf

@@ -0,0 +1,27 @@
+process FOO {
+    container "foo:fizz"
+    input:
+        val x
+    
+    output:
+        val y
+
+    script:
+        """
+        echo foo
+        """
+}
+
+process BAR {
+    container "bar:buzz"
+    input:
+        val x
+    
+    output:
+        val y
+    
+    script:
+        """
+        echo bar
+        """
+}

utils/scripts/tests/workflow_with_config_and_private_ecr/processes/no_container.nf

@@ -0,0 +1,12 @@
+process NO_CONTAINER {
+    input:
+        path x
+    
+    output:
+        path "out"
+    
+    script:
+        """
+        echo ${x}
+        """
+}