Merge branch 'master' into support-singularity-s3

Author: munishchouhan

.github/workflows/build-plugin-scanner.yml

@@ -0,0 +1,36 @@
+name: Build and publish Scanner container image
+
+on:
+  workflow_dispatch:
+    inputs:
+      trivy_version:
+        description: 'trivy version (e.g., 0.65.0)'
+        required: true
+        default: '0.65.0'
+      oras_version :
+        description : 'oras version (e.g., 1.3.0)'
+        required : true
+        default : '1.3.0'
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          registry: public.cr.seqera.io
+          username: ${{ vars.SEQERA_PUBLIC_CR_USERNAME  }}
+          password: ${{ secrets.SEQERA_PUBLIC_CR_PASSWORD }}
+
+      - name: Build and Push Image to public.cr.seqera.io
+        run: |
+          cd plugin-scanner
+          make all trivy_version=${{ github.event.inputs.trivy_version }} oras_version=${{ github.event.inputs.oras_version }}

.github/workflows/claude.yml

@@ -0,0 +1,48 @@
+name: Claude PR Assistant
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-code-action:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        with:
+          anthropic_api_key: ${{ secrets.ENG_ANTHROPIC_API_KEY }}
+          # Or use OAuth token instead:
+          # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          timeout_minutes: "60"
+          # mode: tag  # Default: responds to @claude mentions
+          # Optional: Restrict network access to specific domains only
+          # experimental_allowed_domains: |
+          #   .anthropic.com
+          #   .github.com
+          #   api.github.com
+          #   .githubusercontent.com
+          #   bun.sh
+          #   registry.npmjs.org
+          #   .blob.core.windows.net

CLAUDE.md

@@ -0,0 +1,76 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+Wave is a containers provisioning service that allows building container images on-demand and acts as a proxy for container registries. It's built with Java/Groovy using the Micronaut framework and follows a microservices architecture.
+
+## Key Commands
+
+### Development
+- **Run development server**: `./run.sh` (runs with continuous compilation and file watching)
+- **Build project**: `./gradlew assemble` or `make compile`
+- **Run tests**: `./gradlew test` or `make check`
+- **Run specific test**: `./gradlew test --tests 'TestClassName'`
+- **Build container image**: `./gradlew jibDockerBuild` or `make image`
+- **Generate code coverage**: `./gradlew jacocoTestReport` (runs automatically after tests)
+
+### Environment Setup
+Wave requires several environment variables for registry authentication:
+- `DOCKER_USER`/`DOCKER_PAT` for Docker Hub
+- `QUAY_USER`/`QUAY_PAT` for Quay.io
+- `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for AWS ECR
+- `AZURECR_USER`/`AZURECR_PAT` for Azure Container Registry
+
+## Architecture
+
+### Core Services
+- **ContainerBuildService**: Manages container image building (Docker/Kubernetes strategies)
+- **ContainerMirrorService**: Handles container mirroring operations
+- **ContainerScanService**: Security vulnerability scanning
+- **RegistryProxyService**: Acts as proxy between clients and registries
+- **BlobCacheService**: Caches container layers and artifacts
+- **JobManager**: Handles async job processing and queuing
+
+### Key Controllers
+- **ContainerController**: Main API for container provisioning (`/container-token`)
+- **BuildController**: Container build operations
+- **ScanController**: Security scanning endpoints
+- **RegistryProxyController**: Registry proxy functionality
+
+### Storage & Persistence
+- Uses PostgreSQL with Micronaut Data JDBC
+- Redis for caching and distributed state
+- Object storage (AWS S3) for blob/artifact storage
+- Kubernetes for production container builds
+
+### Configuration
+- Main config: `src/main/resources/application.yml`
+- Environment-specific configs in `src/main/resources/application-*.yml`
+- Uses Micronaut's configuration system with property injection
+
+## Technology Stack
+- **Framework**: Micronaut 4.x with Netty runtime
+- **Language**: Groovy with Java 21+
+- **Build Tool**: Gradle with custom conventions
+- **Container**: JIB for multi-platform builds (AMD64/ARM64)
+- **Database**: PostgreSQL with HikariCP connection pooling
+- **Cache**: Redis with Jedis client
+- **Testing**: Spock 2 framework
+- **Metrics**: Micrometer with Prometheus
+- **Security**: JWT authentication for Tower integration
+
+## Important Notes
+- The codebase uses custom Gradle conventions defined in `buildSrc/`
+- Container images are built using Amazon Corretto 25 with jemalloc
+- The service requires Kubernetes cluster for production builds
+- Rate limiting is implemented using Spillway library
+- All async operations use Reactor pattern with Micronaut Reactor
+
+## Release Process
+
+1. Update the `VERSION` file with a semantic version
+2. Update the `changelog.txt file with changes against previous release
+3. Commit VERSION and changelog.txt file adding the tag `[release]` in the commit comment first line.
+4. Git push to upstream master branch.

VERSION

@@ -1 +1 @@
-1.25.0
+1.26.1