Conda lock files

[edmundmiller]

Closes #2193

Follow up to #4080. This will add conda lock files whenever the environment.yml gets updated, and then pass that to wave.

[edmundmiller]

Status update:

This PR doesn't really do anything for us until we adopt wave.

Main issue was the GitHub action can't commit the lock file back for whatever permissions issue.

[pinin4fjords]

This is pretty frickin' awesome, lock files have been on my xmas list for ages.

My only questions surround how these lock files will actually get used. As-is. the conda and container directives are unchanged for this module, so behaviour in use will be unchanged.

We spoke on Slack about how I thought (and others disagreed) that we should also change the container directive to use what Wave spits back. I also wonder how we could make it so that people deploying via Conda could get a static environment built off the lock file?

[pinin4fjords]

@adamrtalbot raises the excellent point that lock files will be architecture-specific. So maybe what we need is actually a conda-lock-amd64.txt, conda-lock-arm64.txt? Then workflows would need to be run with architecture-specific configurations referencing these?

[adamrtalbot]

@adamrtalbot raises the excellent point that lock files will be architecture-specific. So maybe what we need is actually a conda-lock-amd64.txt, conda-lock-arm64.txt? Then workflows would need to be run with architecture-specific configurations referencing these?

Can you embed multiple architectures in a lock file? The docs kinda say you can: https://github.com/conda/conda-lock?tab=readme-ov-file#platform-specification

[pinin4fjords]

Can you embed multiple architectures in a lock file? The docs kinda say you can: https://github.com/conda/conda-lock?tab=readme-ov-file#platform-specification

YAAAAS!

 conda-lock -f environment.yml -p osx-64 -p linux-64
Spec hash already locked for ['osx-arm64']. Skipping solve.
Locking dependencies for ['linux-64', 'osx-64']...
INFO:conda_lock.conda_solver:linux-64 using specs ['bioconda::multiqc=1.23']
...

Good man. We would probably want to put them in the environment.yml, given that cross-platform compatibility will vary.

[pinin4fjords]

So, I tested why the lock file didn't work, and I think it's because of the default unified lock files. To get a lock file compatible with Nextflow (which just does like this), you have to render it to a platform specific one:

conda-lock render -p osx-64  
Rendering lockfile(s) for osx-64...
 - Install lock using : conda create --name YOURENV --file conda-osx-64.lock

We can also just do:

conda-lock --kind explicit -f environment.yml

... which automatically renders to all the specified platforms.

In any case, for nextflow as-is, we will need platform-specific lockfiles.

[edmundmiller]

Awesome! I didn't really want to have 4+ lock files floating around. I didn't know this was a possibility, great find!

[pinin4fjords]

I'm afraid we're stuck with those 4 lock files, unless we do that rendering dynamically somehow.

[pinin4fjords]

@adamrtalbot raises the excellent point that lock files will be architecture-specific. So maybe what we need is actually a conda-lock-amd64.txt, conda-lock-arm64.txt? Then workflows would need to be run with architecture-specific configurations referencing these?

Can you embed multiple architectures in a lock file? The docs kinda say you can: https://github.com/conda/conda-lock?tab=readme-ov-file#platform-specification

@adamrtalbot unfortunately I just discovered that the reason @edmundmiller 's new conda declaration didn't work is probably because of unified configs. So absent a fix to Nextflow we'll be needing platform-specific ones.

Edit: Paolo nixed my idea for supporting unified lock files. So we are definitely limited to the platform-specific ones.

[pinin4fjords]

So basically I think we'll need to do like this

[pinin4fjords]

Suggested change

	conda-lock lock $MAMBA --file "${{ matrix.files }}" --kind lock --platform linux-64 --lockfile "${{steps.lockfile-name.outputs.result}}"
	conda-lock lock $MAMBA --file "${{ matrix.files }}" --kind explicit --platform linux-64 --lockfile "${{steps.lockfile-name.outputs.result}}"
	mv conda-linux-64.lock conda-lock-linux-64.yml

Nextflow needs it to be a .yml, but use of --kind explicit means we get .lock files, so we'll need to do some file renaming.

Platforms should probably be set in the environment.ymls actually.

[edmundmiller]

Can we just do...

Suggested change

	conda-lock lock $MAMBA --file "${{ matrix.files }}" --kind lock --platform linux-64 --lockfile "${{steps.lockfile-name.outputs.result}}"
	conda-lock lock $MAMBA --file "${{ matrix.files }}" --kind lock --platform linux-64 --lockfile "${{steps.lockfile-name.outputs.result}}".yml

[edmundmiller]

Doesn't look like that works 😞

[pinin4fjords]

The explicit thing is important. It makes you a lock file for each platform which is consumable by conda env create, and therefore by Nextflow.

But by doing explicit you lose control over the naming of the multiple outputs, and Nextflow needs .yml, hence the rename hack I suggested.

[pinin4fjords]

Suggested change

	git commit -m "[automated] autogenerated conda-lock file"
	git commit -m "[automated] autogenerated conda-lock files"

[edmundmiller]

It should just be a single commit per lock file I think?

[pinin4fjords]

One lock file per platform

[pinin4fjords]

Suggested change

	conda "${moduleDir}/conda-lock.yml"
	conda "${moduleDir}/conda-lock-linux-64.yml"

[pinin4fjords]

(I'm obviously not proposing we actually change modules for platform specificity, just illustrating).

[edmundmiller]

I think tracking them at this point might keep us sane though 😅

[pinin4fjords]

Because the lock files will be platform specific they can't go directly on the modules. I think we'd need platform-specific configs at the workflow level that referenced all the lockfiles.

[pinin4fjords]

Suggested change

	**/conda-lock.yml
	**/conda-lock*.yml