Merge branch 'master' into add-nodeselectors

Author: munishchouhan

.github/workflows/claude.yml

@@ -0,0 +1,48 @@
+name: Claude PR Assistant
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-code-action:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        with:
+          anthropic_api_key: ${{ secrets.ENG_ANTHROPIC_API_KEY }}
+          # Or use OAuth token instead:
+          # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          timeout_minutes: "60"
+          # mode: tag  # Default: responds to @claude mentions
+          # Optional: Restrict network access to specific domains only
+          # experimental_allowed_domains: |
+          #   .anthropic.com
+          #   .github.com
+          #   api.github.com
+          #   .githubusercontent.com
+          #   bun.sh
+          #   registry.npmjs.org
+          #   .blob.core.windows.net

CLAUDE.md

@@ -0,0 +1,76 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+Wave is a containers provisioning service that allows building container images on-demand and acts as a proxy for container registries. It's built with Java/Groovy using the Micronaut framework and follows a microservices architecture.
+
+## Key Commands
+
+### Development
+- **Run development server**: `./run.sh` (runs with continuous compilation and file watching)
+- **Build project**: `./gradlew assemble` or `make compile`
+- **Run tests**: `./gradlew test` or `make check`
+- **Run specific test**: `./gradlew test --tests 'TestClassName'`
+- **Build container image**: `./gradlew jibDockerBuild` or `make image`
+- **Generate code coverage**: `./gradlew jacocoTestReport` (runs automatically after tests)
+
+### Environment Setup
+Wave requires several environment variables for registry authentication:
+- `DOCKER_USER`/`DOCKER_PAT` for Docker Hub
+- `QUAY_USER`/`QUAY_PAT` for Quay.io
+- `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for AWS ECR
+- `AZURECR_USER`/`AZURECR_PAT` for Azure Container Registry
+
+## Architecture
+
+### Core Services
+- **ContainerBuildService**: Manages container image building (Docker/Kubernetes strategies)
+- **ContainerMirrorService**: Handles container mirroring operations
+- **ContainerScanService**: Security vulnerability scanning
+- **RegistryProxyService**: Acts as proxy between clients and registries
+- **BlobCacheService**: Caches container layers and artifacts
+- **JobManager**: Handles async job processing and queuing
+
+### Key Controllers
+- **ContainerController**: Main API for container provisioning (`/container-token`)
+- **BuildController**: Container build operations
+- **ScanController**: Security scanning endpoints
+- **RegistryProxyController**: Registry proxy functionality
+
+### Storage & Persistence
+- Uses PostgreSQL with Micronaut Data JDBC
+- Redis for caching and distributed state
+- Object storage (AWS S3) for blob/artifact storage
+- Kubernetes for production container builds
+
+### Configuration
+- Main config: `src/main/resources/application.yml`
+- Environment-specific configs in `src/main/resources/application-*.yml`
+- Uses Micronaut's configuration system with property injection
+
+## Technology Stack
+- **Framework**: Micronaut 4.x with Netty runtime
+- **Language**: Groovy with Java 21+
+- **Build Tool**: Gradle with custom conventions
+- **Container**: JIB for multi-platform builds (AMD64/ARM64)
+- **Database**: PostgreSQL with HikariCP connection pooling
+- **Cache**: Redis with Jedis client
+- **Testing**: Spock 2 framework
+- **Metrics**: Micrometer with Prometheus
+- **Security**: JWT authentication for Tower integration
+
+## Important Notes
+- The codebase uses custom Gradle conventions defined in `buildSrc/`
+- Container images are built using Amazon Corretto 25 with jemalloc
+- The service requires Kubernetes cluster for production builds
+- Rate limiting is implemented using Spillway library
+- All async operations use Reactor pattern with Micronaut Reactor
+
+## Release Process
+
+1. Update the `VERSION` file with a semantic version
+2. Update the `changelog.txt file with changes against previous release
+3. Commit VERSION and changelog.txt file adding the tag `[release]` in the commit comment first line.
+4. Git push to upstream master branch.

VERSION

@@ -1 +1 @@
-1.25.0
+1.25.2

adr/metrics.md

@@ -0,0 +1,78 @@
+---
+title: Usage metrics
+description: Overview of Wave's Redis-based usage metrics storage and tracking system
+date: 2025-09-17
+tags: [redis, metrics, keys, wave]
+---
+
+Wave can store usage metrics for specific dates and organizations in Redis.
+
+:::note
+To use metrics, enable `wave.metrics.enabled` in your Wave configuration file. See [Configuration reference](./configuration.md) for more information about Wave configuration files.
+:::
+
+## Keys
+
+When Wave makes a keys request:
+
+1. Wave increments the key with the current date. For example, `builds/d/2024-04-23`.
+1. **For authenticated requests**: If the request includes a Seqera Platform token, Wave also performs organization-specific tracking:
+    1. Wave extracts the domain from the user's email address using the access token to query Seqera Platform. For example, it extracts `seqera.io` from `[email protected]`.
+    1. Wave increments the key with the organization-specific keys. For example, `builds/o/seqera.io` and `builds/o/seqera.io/d/2024-04-23`.
+
+### Builds
+
+When you make a container build request, Wave increments the following `builds` keys:
+
+- `builds/d/<YYYY-MM-DD>`
+- `builds/o/<ORG>`
+- `builds/o/<ORG>/d/<YYYY-MM-DD>`
+
+### Pulls
+
+When you make a container build request, Wave increments the following keys:
+
+1. Wave tracks the container image pulls using `io.seqera.wave.filter.PullMetricsRequestsFilter`.
+1. Wave checks if the `Content-Type` header contains one of the following manifest values:
+   - `application/vnd.docker.distribution.manifest.v2+json`
+   - `application/vnd.oci.image.manifest.v1+json`
+   - `application/vnd.docker.distribution.manifest.v1+prettyjws`
+   - `application/vnd.docker.distribution.manifest.v1+json`
+1. Wave increments the following `pulls` keys:
+    - `pulls/d/<YYYY-MM-DD>`
+    - `pulls/o/<ORG>`
+    - `pulls/o/<ORG>/d/<YYYY-MM-DD>`
+1. **For Fusion-enabled containers**: If the pulled container uses Fusion, Wave increments the following `fusion` keys:
+    - `fusion/d/<YYYY-MM-DD>`
+    - `fusion/o/<ORG>`
+    - `fusion/o/<ORG>/d/<YYYY-MM-DD>`
+
+## Keys reference
+
+Wave stores usage metrics in Redis using the following key patterns:
+
+- `pulls/d/<YYYY-MM-DD>`
+- `pulls/o/<ORG>`
+- `pulls/o/<ORG>/d/<YYYY-MM-DD>`
+- `fusion/d/<YYYY-MM-DD>`
+- `fusion/o/<ORG>`
+- `fusion/o/<ORG>/d/<YYYY-MM-DD>`
+- `builds/d/<YYYY-MM-DD>`
+- `builds/o/<ORG>`
+- `builds/o/<ORG>/d/<YYYY-MM-DD>`
+- `pulls/a/<ARCH>/d/<YYYY-MM-DD>`
+- `pulls/o/<ORG>/a/<ARCH>`
+- `pulls/o/<ORG>/a/<ARCH>/d/<YYYY-MM-DD>`
+- `pulls/a/<ARCH>`
+- `fusion/a/<ARCH>/d/<YYYY-MM-DD>`
+- `fusion/o/<ORG>/a/<ARCH>`
+- `fusion/o/<ORG>/a/<ARCH>/d/<YYYY-MM-DD>`
+- `fusion/a/<ARCH>`
+- `builds/a/<ARCH>/d/<YYYY-MM-DD>`
+- `builds/o/<ORG>/a/<ARCH>`
+- `builds/o/<ORG>/a/<ARCH>/d/<YYYY-MM-DD>`
+- `builds/a/<ARCH>`
+- `mirrors/a/<ARCH>/d/<YYYY-MM-DD>`
+- `mirrors/o/<ORG>/a/<ARCH>`
+- `mirrors/o/<ORG>/a/<ARCH>/d/<YYYY-MM-DD>`
+- `mirrors/a/<ARCH>`

build.gradle

@@ -138,9 +138,10 @@ micronaut {
 //
 jib {
     from {
-        image = 'cr.seqera.io/public/nf-jdk:corretto-24-al2023-jemalloc'
+        image = 'cr.seqera.io/public/nf-jdk:corretto-25-al2023-jemalloc'
         platforms {
             platform { architecture = 'amd64'; os = 'linux' }
+            platform { architecture = 'arm64'; os = 'linux' }
         }
     }
     to {

changelog.txt

@@ -1,4 +1,20 @@
 # Wave changelog
+1.25.2 - 25 Sep 2025
+- Add CLAUDE.md documentation file [573c06ae]
+- Bump corretto-25-al2023-jemalloc as base image [715c594a]
+- Add Claude PR Assistant workflow [94f9f443]
+- Add ARM64 platform support to container build (#911) [12dd4978]
+
+1.25.1 - 22 Sep 2025
+- Fix links broken by renaming page (#892) [db0cacd9]
+- Remove unused env from jib task def [34718247]
+- Replace deprecated AppArmor annotation with securityContext field (#896) [e474e5c7]
+- Wv 217 remove app encoded values for seqera environment (#893) [e4eec429]
+- Bump buildkit to 0.23.2 in tests (#894) [fc24a4a0]
+- Bump MN version 4.9.3 [03b98e8d]
+- Bump buildkit version 0.23.2 [f31316d9]
+- Bump corretto-25-al2023-mimalloc as base image [46a6e2a9]
+
 1.25.0 - 1 Sep 2025
 - Fix Netty direct memory OOM after Micronaut 4.9.2 upgrade (#889) [d16ab5dd]
 - Support csi s3 driver in wave  (#875) [a425ddc5]

docs/configuration.md

@@ -283,7 +283,7 @@ Configure Redis with the following options:
 : Sets the minimum number of idle connections to maintain in the Redis connection pool (default: `0`).
 
 `redis.uri` *(required)*
-: Specifies the URI for connecting to Redis (default format: `redis://${REDIS_HOST:redis}:${REDIS_PORT:6379}`.
+: Specifies the URI for connecting to Redis (default format: `redis://${REDIS_HOST:redis}:${REDIS_PORT:6379}`).
   Can be set using the `${REDIS_URI}` environment variable.
 
 ### PostgreSQL
@@ -367,11 +367,11 @@ Configure how Wave sends email notifications on behalf of the service with the f
 
 `mail.from` *(required)*
 : Specifies the sender's email address for Wave notifications.
-  Can be set using the `${{MAIL_FROM}}}` environment variable.
+  Can be set using the `${MAIL_FROM}` environment variable.
 
 ## Metrics
 
-Configure how Wave Metrics service provides data about container builds and pulls per ip, container image, and user with the following options:
+Configure how Wave Metrics service provides data about container builds and pulls per organization and date with the following options:
 
 `wave.metrics.enabled` *(optional)*
 : Enables Wave metrics (default: `false`).