Updating AnVIL branch to latest Galaxy Helm

.github/workflows/packaging.yml

@@ -20,7 +20,7 @@ jobs:
     name: Package and push from PR
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
            persist-credentials: false
       - uses: cloudve/helm-ci@master
@@ -36,7 +36,7 @@ jobs:
     name: Package and push manual invocation
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
            persist-credentials: false
       - uses: cloudve/helm-ci@master
@@ -51,13 +51,20 @@ jobs:
     needs: [ package-from-pr, package-from-manual ]
     name: Create a tag and GitHub release for this version.
     runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ github.token }}
     if: |
       always() 
       && contains(needs.*.result, 'success')
       && !contains(needs.*.result, 'failure')
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
       - name: Tag and release
         run: |
+          git config user.name "GitHub Actions Bot"
+          git config user.email "<>"
           version=v$(cat galaxy/Chart.yaml | grep ^version: | awk '{print $2}')
           git tag -a $version -m "Automatic release of $version"
           git push origin $version

.github/workflows/test.yaml

@@ -34,7 +34,7 @@ jobs:
       - name: Start k8s locally
         uses: jupyterhub/action-k3s-helm@v3
         with:
-          k3s-version: v1.25.15+k3s2  # releases:  https://github.com/k3s-io/k3s/tags
+          k3s-version: v1.28.7+k3s1  # releases:  https://github.com/k3s-io/k3s/tags
           metrics-enabled: false
           traefik-enabled: false
       - name: Verify function of k8s, kubectl, and helm

README.md

@@ -1,4 +1,4 @@
-# Galaxy Helm Chart (v4)
+# Galaxy Helm Chart (v5)
 
 [Galaxy](https://galaxyproject.org/) is a data analysis platform focusing on
 accessibility, reproducibility, and transparency of primarily bioinformatics
@@ -8,7 +8,7 @@ updates, upgrades, and rollbacks.
 
 ## Supported software versions
 
-- Kubernetes 1.22+
+- Kubernetes 1.27+
 - Helm 3.5+
 
 ## Kubernetes cluster
@@ -272,6 +272,8 @@ jobHandlers:
     failureThreshhold: 3
 ```
 
+# Additional Configurations
+
 ## Extra File Mappings
 
 The `extraFileMappings` field can be used to inject files to arbitrary paths in the `nginx` deployment, as well as any of the `job`, `web`, or `workflow` handlers, and the `init` jobs.
@@ -420,28 +422,76 @@ The Galaxy application can be horizontally scaled for the web, job, or workflow
 by setting the desired values of the `webHandlers.replicaCount`,
 `jobHandlers.replicaCount`, and `workflowHandlers.replicaCount` configuration options.
 
-## Galaxy versions
+## Cron jobs
+
+Two Cron jobs are defined by default.  One to clean up Galaxy's database and one to clean up the `tmp` directory.  By default, these
+jobs run at 02:05 (the database maintenance script) and 02:15 (`tmp` directyory cleanup). Users can 
+change the times the cron jobs are run by changing the `schedule` field in the `values.yaml` file:
+
+```yaml
+cronJobs:
+  maintenance:
+    schedule: "30 6 * * *" # Execute the cron job at 6:30 UTC
+```
+or by specifying the `schedule` on the command line when instaling Galaxy:
+```bash
+# Schedule the maintenance job to run at 06:30 on the first day of each month
+helm install galaxy -n galaxy galaxy/galaxy --set cronJobs.maintenance.schedule="30 6 1 * *"
+```
+To disable a cron job after Galaxy has been deployed simply set the enabled flag for that job to false:
+
+
+```bash
+helm upgrade galaxy -n galaxy galaxy/galaxy --reuse-values --set cronJobs.maintenance.enabled=false
+```
+
+### Run a CronJob manually
+
+Cron jobs can be invoked manually with tools such as [OpenLens](https://github.com/MuhammedKalkan/OpenLens)
+or from the command line with `kubectl`
+```bash
+kubectl create job --namespace <namespace> <job name> --from cronjob/galaxy-cron-maintenance 
+```
+This will run the cron job regardless of the `schedule` that has been set.
+
+**Note:** the name of the cron job will be `{{ .Release.Name }}-cron-<job name>` where the `<job name>`
+is the name (key) used in the `values.yaml` file.
+
+### CronJob configuration
 
-Some changes introduced in the chart sometimes rely on changes in the Galaxy
-container image, especially in relation to the Kubernetes runner. This table
-keeps track of recommended Chart versions for particular Galaxy versions as
-breaking changes are introduced. Otherwise, the Galaxy image and chart should be
-independently upgrade-able. In other words, upgrading the Galaxy image from
-`21.05` to `21.09` should be a matter of `helm upgrade my-galaxy cloudve/galaxy
---reuse-values --set image.tag=21.09`.
+The following fields can be specified when defining cron jobs.
+
+| Name | Definition                                                                                                                                | Required |
+|---|-------------------------------------------------------------------------------------------------------------------------------------------|----------|
+| enabled | `true` or `false`.  If `false` the cron job will not be run.  Default is `true` | **Yes**  |
+| schedule | When the job will be run.  Use tools such as [crontab.guru](https://crontab.guru) for assistance determining the proper schedule string   | **Yes**  |
+| defaultEnv | `true` or `false`. See the `galaxy.podEnvVars` macro in `_helpers.tpl` for the list of variables that will be defined. Default is `false` | No       |
+| extraEnv | Define extra environment variables that will be available to the job | No       |
+| securityContext | Specifies a `securityContext` for the job. Typically used to set `runAsUser` | No       |
+| image | Specify the Docker container used to run the job | No       |
+| command | The command to run | **Yes**  |
+| args | Any command line arguments that should be passed to the `command` | No       |
+| extraFileMappings | Allow arbitrary files to be mounted from config maps | No       |
+
+### Notes
+
+If specifying the Docker `image` both the `resposity` and `tag` MUST be specified.
+```yaml
+  image:
+    repository: quay.io/my-organization/my-image
+    tag: "1.0"  
+```
 
+The `extraFileMappings` block is similar to the global `extraFileMappings` except the file will only be mounted for that cron job.
+The following fields can be specified for each file.
 
-| Chart version        | Galaxy version   | Description     |
-| :------------------ | :--------------- | :-------------- |
-| `5.0`               | `22.05`          | Needs at least container image 22.05 as Galaxy switched from uwsgi to gunicorn  |
-| `4.0`               | `21.05`          | Needs [Galaxy PR#11899](https://github.com/galaxyproject/galaxy/pull/11899) for eliminating the CVMFS. If running chart 4.0+ with Galaxy image `21.01` or below, use the CVMFS instead with `--set setupJob.downloadToolConfs.enabled=false --set cvmfs.repositories.cvmfs-gxy-cloud=cloud.galaxyproject.org --set cvmfs.galaxyPersistentVolumeClaims.cloud.storage=1Gi --set cvmfs.galaxyPersistentVolumeClaims.cloud.storageClassName=cvmfs-gxy-cloud --set cvmfs.galaxyPersistentVolumeClaims.cloud.mountPath=/cvmfs/cloud.galaxyproject.org` |
+| Name | Definition | Required |
+|---|---|----------|
+| mode | The file mode (permissions) assigned to the file | No       |
+| tpl | If set to `true` the file contents will be run through Helm's templating engine. Defaults to `false` | No       |
+| content | The contents of the file | **Yes**  | 
 
-## Funding
 
-- _Version 3+_: Galaxy Project, Genomics Virtual Laboratory (GVL)
+See the `example` cron job included in the `values.yaml` file for a full example.
 
-- _Version 2_: Genomics Virtual Laboratory (GVL), Galaxy Project, and European
-  Commission (EC) H2020 Project PhenoMeNal, grant agreement number 654241.
 
-- _Version 1_: European Commission (EC) H2020 Project PhenoMeNal, grant
-  agreement number 654241.

galaxy/disabled/configmap-galaxy.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+metadata:
+  name: {{ .Release.Name }}-galaxy-config
+  labels:
+    {{- include "galaxy.labels" $ | nindent 4 }}
+kind: ConfigMap
+data:
+  galaxy.yml: |
+    {{- .Values.galaxy | toYaml | nindent 4 }}

galaxy/templates/_helpers.tpl

@@ -83,6 +83,13 @@ postgresql.fullname string and then prepend the release name to form the service
 {{- end -}}
 {{- end -}}
 
+{{/*
+Generate the connection string needed to connect to a Postres database
+*/}}
+{{- define "galaxy-postgresql.connection-string" -}}
+{{- printf "postgresql://%s:%s@%s/galaxy%s" .Values.postgresql.galaxyDatabaseUser (include "galaxy.galaxyDbPassword" .) (include "galaxy-postgresql.fullname" .) .Values.postgresql.galaxyConnectionParams -}}
+{{- end -}}
+
 {{/*
 Return the rabbitmq cluster to use
 */}}

galaxy/templates/configmap-cvmfs-fix.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:

galaxy/templates/configmap-extra-files.yaml

@@ -1,5 +1,6 @@
 {{- range $key, $entry := .Values.extraFileMappings -}}
 {{- if $entry }}
+---
 apiVersion: v1
 metadata:
   # Extract the filename portion only
@@ -20,9 +21,9 @@ data:
   {{- else }}
     {{- $entry.content | nindent 4 }}
   {{- end }}
----
 {{- end }}
 {{- end }}
+---
 apiVersion: v1
 metadata:
   name: {{ include "galaxy.fullname" $ }}-probedb-py
@@ -32,5 +33,3 @@ kind: ConfigMap
 data:
   probedb.py: |
     {{- (.Files.Get "scripts/probedb.py") | nindent 4 }}
-
----

galaxy/templates/configmap-galaxy-rules.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:

galaxy/templates/configmap-grafana-dashboard.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.influxdb.enabled }}
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:

galaxy/templates/configmap-nginx.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:

galaxy/templates/configs-galaxy.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 metadata:
   name: {{ include "galaxy.fullname" . }}-configs

galaxy/templates/cronjob-maintenance.yaml

@@ -1,47 +1,118 @@
+{{ range $key, $cronjob := .Values.cronJobs }}
+---
 apiVersion: batch/v1
 kind: CronJob
 metadata:
-  name: {{ include "galaxy.fullname" . }}-maintenance
+  name: {{ include "galaxy.fullname" $ }}-cron-{{ $key }}
   labels:
-    {{- include "galaxy.labels" . | nindent 4 }}
+    {{- include "galaxy.labels" $ | nindent 4 }}
 spec:
-  schedule: "0 2 * * *"
+  {{- if $cronjob.enabled }}
+  schedule: {{ $cronjob.schedule | quote }}
+  {{- else }}
+  # Set an impossible date so that the cronjob is still defined, but effectively disabled. 
+  #  This will allow the cronjob to be run manually if needed.
+  schedule: "0 0 30 2 *"
+  {{- end }}
   jobTemplate:
     spec:
       template:
         spec:
+          {{- if $cronjob.securityContext }}
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- with .Values.nodeSelector }}
+            {{- toYaml $cronjob.securityContext | nindent 12 }}
+          {{- end}}
+          {{- if $cronjob.nodeSelector }}
           nodeSelector:
-            {{- toYaml . | nindent 16 }}
+            {{- toYaml $cronjob.nodeSelector | nindent 12 }}
+          {{- else if $.Values.nodeSelector }}
+          nodeSelector:
+            {{- toYaml $.Values.nodeSelector | nindent 12 }}
           {{- end }}
           containers:
-          - name: galaxy-maintenance
-            image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-            imagePullPolicy: {{ .Values.image.pullPolicy }}
-            # delete all tmp files older than walltime limit
+          - name: galaxy-cron-{{ $key }}
+            {{- if $cronjob.image }}
+            image: {{ $cronjob.image.repository }}:{{ $cronjob.image.tag }}
+            {{- else }}
+            image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
+            {{- end }}
+            imagePullPolicy: {{ $.Values.image.pullPolicy }}
+            {{- if or $cronjob.defaultEnv $cronjob.extraEnv }}
+            env:
+            {{- if $cronjob.defaultEnv }}
+            {{- include "galaxy.podEnvVars" $}}
+            {{- end }}
+            {{- if $cronjob.extraEnv }}
+            {{- range $env := $cronjob.extraEnv }}
+            - name: {{ $env.name }}
+              value: {{ tpl $env.value $ | quote }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
             command:
-              - find
-              - {{ .Values.persistence.mountPath }}/tmp
-              - '!'
-              - -newermt
-              - -{{ (index .Values "configs" "job_conf.yml" "runners" "k8s" "k8s_walltime_limit" | default 604800) }} seconds
-              - -type
-              - f
-              - -exec
-              - rm
-              - '{}'
-              - ;
+            {{- range $cmd := $cronjob.command }}
+              - {{ tpl $cmd $ | quote }}
+            {{- end}}
+            {{- if $cronjob.args }}
+            args:
+              {{- range $arg := $cronjob.args }}
+              - {{ tpl $arg $ | quote }}
+              {{- end }}
+            {{- end }}
             volumeMounts:
             - name: galaxy-data
-              mountPath: {{ .Values.persistence.mountPath }}
+              mountPath: {{ $.Values.persistence.mountPath }}
+            {{- range $key, $entry := $cronjob.extraFileMappings }}
+            - name: {{ include "galaxy.getExtraFilesUniqueName" $key }}
+              mountPath: {{ $key }}
+              subPath: {{ include "galaxy.getFilenameFromPath" $key }}
+            {{- end }}
           volumes:
           - name: galaxy-data
-            {{- if .Values.persistence.enabled }}
+            {{- if $.Values.persistence.enabled }}
             persistentVolumeClaim:
-              claimName: {{ template "galaxy.pvcname" . }}
+              claimName: {{ template "galaxy.pvcname" $ }}
             {{- else }}
             emptyDir: {}
             {{- end }}
+          {{- range $key, $entry := $cronjob.extraFileMappings }}
+          - name: {{ include "galaxy.getExtraFilesUniqueName" $key }}
+            {{- if $entry.useSecret }}
+            secret:
+              secretName: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $key) }}
+            {{- else }}
+            configMap:
+              name: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $key) }}
+            {{- end }}
+            {{- if $entry.mode }}
+              defaultMode: {{ $entry.mode }}
+            {{- end }}
+          {{- end }}
           restartPolicy: OnFailure
+{{- if $cronjob.extraFileMappings }}
+{{- range $name, $entry := $cronjob.extraFileMappings }}
+---
+apiVersion: v1
+metadata:
+  # Extract the filename portion only
+  name: {{ printf "%s-%s" (include "galaxy.fullname" $) (include "galaxy.getExtraFilesUniqueName" $name) }}
+  labels:
+    {{- include "galaxy.labels" $ | nindent 4 }}
+{{- if $entry.useSecret }}
+kind: Secret
+type: Opaque
+stringData:
+{{- else }}
+kind: ConfigMap
+data:
+{{- end }}
+  {{- include "galaxy.getFilenameFromPath" $name | nindent 2 }}: |
+  {{- if $entry.tpl }}
+    {{- tpl (tpl $entry.content $) $ | nindent 4 }}
+  {{- else }}
+    {{- $entry.content | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{- end }}

galaxy/templates/deployment-celery-beat.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:

galaxy/templates/deployment-celery.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata: