Merge pull request #1593 from nf-core/dev

Dev -> Master for 3.20.0

Author: maxulysse

.github/actions/nf-test/action.yml

@@ -54,12 +54,20 @@ runs:
         conda-solver: libmamba
         conda-remove-defaults: true
 
-      # TODO Skip failing conda tests and document their failures
-      # https://github.com/nf-core/modules/issues/7017
+    # Set up secrets
+    - name: Set up Nextflow secrets
+      if: env.SENTIEON_ENCRYPTION_KEY != '' && env.SENTIEON_LICENSE_MESSAGE != ''
+      shell: bash
+      run: |
+        python -m pip install cryptography
+        nextflow secrets set SENTIEON_AUTH_DATA $(python3 .github/actions/nf-test/license_message.py encrypt --key "$SENTIEON_ENCRYPTION_KEY" --message "$SENTIEON_LICENSE_MESSAGE")
+
     - name: Run nf-test
       shell: bash
       env:
         NFT_WORKDIR: ${{ env.NFT_WORKDIR }}
+        SENTIEON_LICSRVR_IP: ${{ env.SENTIEON_LICSRVR_IP }}
+        SENTIEON_AUTH_MECH: "GitHub Actions - token"
       run: |
         nf-test test \
           --profile=+${{ inputs.profile }} \

.github/actions/nf-test/license_message.py

@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+
+#########################################
+# Author: [DonFreed](https://github.com/DonFreed)
+# File: license_message.py
+# Source: https://github.com/DonFreed/docker-actions-test/blob/main/.github/scripts/license_message.py
+# Source+commit: https://github.com/DonFreed/docker-actions-test/blob/aa1051a9f53b3a1e801953748d062cad74dca9a9/.github/scripts/license_message.py
+# Download Date: 2023-07-04, commit: aa1051a
+# This source code is licensed under the BSD 2-Clause license
+#########################################
+
+"""
+Functions for generating and sending license messages
+"""
+
+# Modified from - https://stackoverflow.com/a/59835994
+
+import argparse
+import base64
+import calendar
+import re
+import secrets
+import sys
+
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+from datetime import datetime as dt
+
+MESSAGE_TIMEOUT = 60 * 60 * 24  # Messages are valid for 1 day
+NONCE_BYTES = 12
+
+
+class DecryptionTimeout(Exception):
+    # Decrypting a message that is too old
+    pass
+
+
+def generate_key():
+    key = secrets.token_bytes(32)
+    return key
+
+
+def handle_generate_key(args):
+    key = generate_key()
+    key_b64 = base64.b64encode(key)
+    print(key_b64.decode("utf-8"), file=args.outfile)
+
+
+def encrypt_message(key, message):
+    nonce = secrets.token_bytes(NONCE_BYTES)
+    timestamp = calendar.timegm(dt.now().utctimetuple())
+    data = timestamp.to_bytes(10, byteorder="big") + b"__" + message
+    ciphertext = nonce + AESGCM(key).encrypt(nonce, data, b"")
+    return ciphertext
+
+
+def handle_encrypt_message(args):
+    key = base64.b64decode(args.key.encode("utf-8"))
+    message = args.message.encode("utf-8")
+    ciphertext = encrypt_message(key, message)
+    ciphertext_b64 = base64.b64encode(ciphertext)
+    print(ciphertext_b64.decode("utf-8"), file=args.outfile)
+
+
+def decrypt_message(key, ciphertext, timeout=MESSAGE_TIMEOUT):
+    nonce, ciphertext = ciphertext[:NONCE_BYTES], ciphertext[NONCE_BYTES:]
+    message = AESGCM(key).decrypt(nonce, ciphertext, b"")
+
+    msg_timestamp, message = re.split(b"__", message, maxsplit=1)
+    msg_timestamp = int.from_bytes(msg_timestamp, byteorder="big")
+    timestamp = calendar.timegm(dt.now().utctimetuple())
+    if (timestamp - msg_timestamp) > timeout:
+        raise DecryptionTimeout("The message has an expired timeout")
+    return message.decode("utf-8")
+
+
+def handle_decrypt_message(args):
+    key = base64.b64decode(args.key.encode("utf-8"))
+    ciphertext = base64.b64decode(args.message.encode("utf-8"))
+    message = decrypt_message(key, ciphertext, timeout=args.timeout)
+    print(str(message), file=args.outfile)
+
+
+def parse_args(argv=None):
+    parser = argparse.ArgumentParser(description=__doc__)
+    parser.add_argument("--outfile", default=sys.stdout, type=argparse.FileType("w"), help="The output file")
+
+    subparsers = parser.add_subparsers(help="Available sub-commands")
+
+    gen_parser = subparsers.add_parser("generate_key", help="Generate a random key string")
+    gen_parser.set_defaults(func=handle_generate_key)
+
+    encrypt_parser = subparsers.add_parser("encrypt", help="Encrypt a message")
+    encrypt_parser.add_argument("--key", required=True, help="The encryption key")
+    encrypt_parser.add_argument("--message", required=True, help="Message to encrypt")
+    encrypt_parser.set_defaults(func=handle_encrypt_message)
+
+    decrypt_parser = subparsers.add_parser("decrypt", help="Decyrpt a message")
+    decrypt_parser.add_argument("--key", required=True, help="The encryption key")
+    decrypt_parser.add_argument("--message", required=True, help="Message to decrypt")
+    decrypt_parser.add_argument(
+        "--timeout",
+        default=MESSAGE_TIMEOUT,
+        type=int,
+        help="A message timeout. Decryption will fail for older messages",
+    )
+    decrypt_parser.set_defaults(func=handle_decrypt_message)
+
+    return parser.parse_args(argv)
+
+
+if __name__ == "__main__":
+    args = parse_args()
+    args.func(args)

.github/workflows/awsfulltest.yml

@@ -40,7 +40,7 @@ jobs:
             {
               "hook_url": "${{ secrets.MEGATESTS_ALERTS_SLACK_HOOK_URL }}",
               "aligner": "${{ matrix.aligner }}",
-              "outdir": "s3://${{ secrets.AWS_S3_BUCKET }}/rnaseq/results-${{ steps.revision.outputs.revision }}"
+              "outdir": "s3://${{ secrets.AWS_S3_BUCKET }}/rnaseq/results-${{ steps.revision.outputs.revision }}/aligner_${{ matrix.aligner }}/"
             }
           profiles: test_full
 

.github/workflows/linting.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
-      - name: Set up Python 3.12
+      - name: Set up Python 3.13
         uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
         with:
           python-version: "3.13"

.github/workflows/linting_comment.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download lint results
-        uses: dawidd6/action-download-artifact@4c1e823582f43b179e2cbb49c3eade4e41f992e2 # v10
+        uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
         with:
           workflow: linting.yml
           workflow_conclusion: completed

.github/workflows/nf-test.yml

@@ -1,12 +1,5 @@
 name: Run nf-test
 on:
-  push:
-    paths-ignore:
-      - "docs/**"
-      - "**/meta.yml"
-      - "**/*.md"
-      - "**/*.png"
-      - "**/*.svg"
   pull_request:
     paths-ignore:
       - "docs/**"
@@ -37,7 +30,7 @@ jobs:
   nf-test-changes:
     name: nf-test-changes
     runs-on: # use self-hosted runners
-      - runs-on=$-nf-test-changes
+      - runs-on=${{ github.run_id }}-nf-test-changes
       - runner=4cpu-linux-x64
     outputs:
       shard: ${{ steps.set-shards.outputs.shard }}
@@ -71,7 +64,7 @@ jobs:
     needs: [nf-test-changes]
     if: ${{ needs.nf-test-changes.outputs.total_shards != '0' }}
     runs-on: # use self-hosted runners
-      - runs-on=$-nf-test
+      - runs-on=${{ github.run_id }}-nf-test
       - runner=4cpu-linux-x64
     strategy:
       fail-fast: false
@@ -87,7 +80,7 @@ jobs:
           - isMain: false
             profile: "singularity"
         NXF_VER:
-          - "24.04.2"
+          - "24.10.5"
           - "latest-everything"
     env:
       NXF_ANSI_LOG: false
@@ -99,23 +92,43 @@ jobs:
           fetch-depth: 0
 
       - name: Run nf-test
+        id: run_nf_test
         uses: ./.github/actions/nf-test
+        continue-on-error: ${{ matrix.NXF_VER == 'latest-everything' }}
         env:
-          NFT_DIFF: ${{ env.NFT_DIFF }}
-          NFT_DIFF_ARGS: ${{ env.NFT_DIFF_ARGS }}
           NFT_WORKDIR: ${{ env.NFT_WORKDIR }}
+          SENTIEON_AUTH_MECH: "GitHub Actions - token"
+          SENTIEON_ENCRYPTION_KEY: ${{ secrets.SENTIEON_ENCRYPTION_KEY }}
+          SENTIEON_LICENSE_MESSAGE: ${{ secrets.SENTIEON_LICENSE_MESSAGE }}
+          SENTIEON_LICSRVR_IP: ${{ secrets.SENTIEON_LICSRVR_IP }}
         with:
           profile: ${{ matrix.profile }}
           shard: ${{ matrix.shard }}
           total_shards: ${{ env.TOTAL_SHARDS }}
+
+      - name: Report test status
+        if: ${{ always() }}
+        run: |
+          if [[ "${{ steps.run_nf_test.outcome }}" == "failure" ]]; then
+            echo "::error::Test with ${{ matrix.NXF_VER }} failed"
+            # Add to workflow summary
+            echo "## ❌ Test failed: ${{ matrix.profile }} | ${{ matrix.NXF_VER }} | Shard ${{ matrix.shard }}/${{ env.TOTAL_SHARDS }}" >> $GITHUB_STEP_SUMMARY
+            if [[ "${{ matrix.NXF_VER }}" == "latest-everything" ]]; then
+              echo "::warning::Test with latest-everything failed but will not cause workflow failure. Please check if the error is expected or if it needs fixing."
+            fi
+            if [[ "${{ matrix.NXF_VER }}" != "latest-everything" ]]; then
+              exit 1
+            fi
+          fi
+
   confirm-pass:
     needs: [nf-test]
     if: always()
     runs-on: # use self-hosted runners
-      - runs-on=$-confirm-pass
+      - runs-on=${{ github.run_id }}-confirm-pass
       - runner=2cpu-linux-x64
     steps:
-      - name: One or more tests failed
+      - name: One or more tests failed (excluding latest-everything)
         if: ${{ contains(needs.*.result, 'failure') }}
         run: exit 1
 
@@ -134,11 +147,3 @@ jobs:
           echo "DEBUG: toJSON(needs) = ${{ toJSON(needs) }}"
           echo "DEBUG: toJSON(needs.*.result) = ${{ toJSON(needs.*.result) }}"
           echo "::endgroup::"
-
-      - name: Clean Workspace # Purge the workspace in case it's running on a self-hosted runner
-        if: always()
-        run: |
-          ls -la ./
-          rm -rf ./* || true
-          rm -rf ./.??* || true
-          ls -la ./

.github/workflows/release-announcements.yml

@@ -30,7 +30,7 @@ jobs:
   bsky-post:
     runs-on: ubuntu-latest
     steps:
-      - uses: zentered/bluesky-post-action@4aa83560bb3eac05dbad1e5f221ee339118abdd2 # v0.2.0
+      - uses: zentered/bluesky-post-action@6461056ea355ea43b977e149f7bf76aaa572e5e8 # v0.3.0
         with:
           post: |
             Pipeline release! ${{ github.repository }} v${{ github.event.release.tag_name }} - ${{ github.event.release.name }}!

.nf-core.yml

@@ -10,15 +10,15 @@ lint:
   nextflow_config:
     - config_defaults:
         - params.ribo_database_manifest
-nf_core_version: 3.3.1
+nf_core_version: 3.3.2
 repository_type: pipeline
 template:
-  author: "Harshil Patel, Phil Ewels, Rickard Hammar\xE9n"
-  description: RNA sequencing analysis pipeline for gene/isoform quantification and
-    extensive quality control.
+  author: "Harshil Patel, Phil Ewels, Rickard Hammarén"
+  description: RNA sequencing analysis pipeline for gene/isoform quantification
+    and extensive quality control.
   force: false
   is_nfcore: true
   name: rnaseq
   org: nf-core
   outdir: .
-  version: 3.19.0
+  version: 3.20.0

.pre-commit-config.yaml

@@ -4,7 +4,7 @@ repos:
     hooks:
       - id: prettier
         additional_dependencies:
-          - prettier@3.5.0
+          - prettier@3.6.2
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
     hooks:

CHANGELOG.md

@@ -3,7 +3,37 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-# 3.19.0 - 2025-06-06
+## 3.20.0
+
+### Credits
+
+Special thanks to the following for their contributions to the release:
+
+- [Friederike Hanssen](https://github.com/friederikehanssen)
+- [Ido Tamir](https://github.com/idot)
+- [Jonathan Manning](https://github.com/pinin4fjords)
+- [Maxime Garcia](https://github.com/maxulysse)
+- [Usman Rashid](https://github.com/GallVp)
+
+### Enhancements & fixes
+
+- [PR #1568](https://github.com/nf-core/rnaseq/pull/1568) - Bump version after release 3.19.0
+- [PR #1571](https://github.com/nf-core/rnaseq/pull/1571) - For umitools use only umi_dedup.sorted.log in multiqc_report
+- [PR #1573](https://github.com/nf-core/rnaseq/pull/1573) - Fix salmon.merged.SummarizedExperiment.rds name collision
+- [PR #1585](https://github.com/nf-core/rnaseq/pull/1585) - Update awsfulltest.yml to restore aligner-wise outputs
+- [PR #1580](https://github.com/nf-core/rnaseq/pull/1580) - Template update for nf-core/tools v3.3.2
+- [PR #1590](https://github.com/nf-core/rnaseq/pull/1590) - Addition of Sentieon STAR
+- [PR #1594](https://github.com/nf-core/rnaseq/pull/1594) - Exclude star rsem pca from snaps
+- [PR #1595](https://github.com/nf-core/rnaseq/pull/1595) - Exclude unstable star_rsem clusterings from snaps
+
+### Software dependencies
+
+| Dependency | Old version | New version |
+| ---------- | ----------- | ----------- |
+| `MultiQC`  | 1.29        | 1.30        |
+| `Sentieon` |             | 202503.01   |
+
+## [[3.19.0](https://github.com/nf-core/rnaseq/releases/tag/3.19.0)] - 2025-06-10
 
 ### Credits
 
@@ -15,6 +45,7 @@ Special thanks to the following for their contributions to the release:
 - [Ben Sherman](https://github.com/bentsherman)
 - [Dave Carlson](https://github.com/davidecarlson)
 - [Gabriel Lichtenstein](https://github.com/glichtenstein)
+- [Jonathan Manning](https://github.com/pinin4fjords)
 - [Lorenzo Fontana](https://github.com/fntlnz)
 - [Matthias Hörtenhuber](https://github.com/mashehu)
 - [Milos Micik](https://github.com/milos7250)
@@ -41,7 +72,7 @@ Special thanks to the following for their contributions to the release:
 - [PR #1565](https://github.com/nf-core/rnaseq/pull/1565) - Improve reproducibility with Conda
 - [PR #1567](https://github.com/nf-core/rnaseq/pull/1567) - Prerelease 3.19.0 fixes
 
-# 3.18.0 - 2024-12-19
+## [[3.18.0](https://github.com/nf-core/rnaseq/releases/tag/3.18.0)] - 2024-12-19
 
 ### Credits