squash version 0.1

Author: lkstrp

.github/workflows/push-image.yaml

@@ -0,0 +1,81 @@
+name: Docker Image
+
+on:
+  push:
+    branches:
+    - main
+    tags:
+    - "v*"
+  workflow_dispatch:
+
+permissions: {}
+
+env:
+  REGISTRY: ghcr.io
+  FULL_IMAGE_NAME: ghcr.io/${{ github.repository }}
+
+jobs:
+  push-image:
+    name: Build and push image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.FULL_IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=tag
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=sha,prefix=
+          type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: ./Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+
+  deploy-to-dev:
+    name: Deploy to dev
+    runs-on: ubuntu-latest
+    needs: push-image
+    if: github.ref == 'refs/heads/main'
+    environment:
+      name: dev
+      url: ${{ vars.APP_URL }}
+
+    steps:
+    - name: Deploy via SSH
+      uses: appleboy/ssh-action@v1.2.4
+      with:
+        host: ${{ secrets.SSH_HOST }}
+        username: ${{ secrets.SSH_USER }}
+        key: ${{ secrets.SSH_PRIVATE_KEY }}
+        port: ${{ secrets.SSH_PORT || 22 }}
+        fingerprint: ${{ secrets.SSH_HOST_FINGERPRINT }}
+        script: deploy dev

.gitignore

@@ -0,0 +1,14 @@
+.env
+ssh_key
+known_hosts
+config/*
+!config/*.example.yaml
+compose.yml
+CLAUDE.md
+.claude/
+.venv/
+__pycache__/
+*.egg-info/
+*.pyc
+.pytest_cache/
+.ruff_cache/

.pre-commit-config.yaml

@@ -0,0 +1,48 @@
+ci:
+  autoupdate_schedule: quarterly
+
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v6.0.0
+  hooks:
+  - id: check-added-large-files
+    args: ["--maxkb=2000"]
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+  - id: check-yaml
+  - id: check-json
+  - id: check-toml
+  - id: check-merge-conflict
+  - id: check-case-conflict
+  - id: mixed-line-ending
+
+  # Python - Ruff
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.14.10
+  hooks:
+      # Run the linter
+  - id: ruff
+    args: [--fix]
+      # Run the formatter
+  - id: ruff-format
+
+  # Find common spelling mistakes in comments and docstrings
+- repo: https://github.com/codespell-project/codespell
+  rev: v2.4.1
+  hooks:
+  - id: codespell
+    args: ['--ignore-regex=(\b[A-Z]+\b)', '--ignore-words-list=ue']
+    types_or: [python, rst, markdown]
+
+  # Do YAML formatting
+- repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
+  rev: v2.15.0
+  hooks:
+  - id: pretty-format-yaml
+    args: [--autofix, --indent, '2', --preserve-quotes]
+
+  # Detect secrets
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.30.0
+  hooks:
+  - id: gitleaks

Dockerfile

@@ -0,0 +1,46 @@
+# syntax=docker/dockerfile:1
+
+# Stage 1: Builder
+FROM python:3.13-slim AS builder
+
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y --no-install-recommends git curl ca-certificates && rm -rf /var/lib/apt/lists/*
+
+ADD https://astral.sh/uv/install.sh /uv-installer.sh
+RUN sh /uv-installer.sh && rm /uv-installer.sh
+
+ENV PATH="/root/.local/bin:$PATH"
+
+COPY pyproject.toml uv.lock ./
+COPY .git/ .git/
+COPY app/ app/
+
+RUN uv sync --frozen --no-dev --all-extras
+
+# Stage 2: Runtime
+FROM python:3.13-slim
+
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y --no-install-recommends sudo curl ca-certificates && rm -rf /var/lib/apt/lists/* && \
+    groupadd -r appuser -g 1000 && \
+    useradd -r -u 1000 -g appuser -m -s /bin/bash appuser && \
+    echo "appuser ALL=(ALL) NOPASSWD: /usr/bin/apt-get" >> /etc/sudoers.d/appuser && \
+    mkdir -p /data && \
+    chown -R appuser:appuser /data
+
+COPY --from=builder --chown=appuser:appuser /root/.local/bin/uv /usr/local/bin/uv
+COPY --from=builder --chown=appuser:appuser /app/.venv /app/.venv
+COPY --from=builder --chown=appuser:appuser /app/app /app/app
+COPY --chown=appuser:appuser pyproject.toml uv.lock ./
+COPY --chown=appuser:appuser entrypoint.sh /app/entrypoint.sh
+
+USER appuser
+
+ENV PATH="/app/.venv/bin:$PATH"
+
+EXPOSE 8000
+
+ENTRYPOINT ["/app/entrypoint.sh"]
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

README.md

@@ -0,0 +1,10 @@
+# snakedispatch
+
+Dispatches Snakemake workflows to compute backends.
+
+## Architecture
+
+- **Single-tenant service**: all API routes are trusted; auth is enforced at the network layer.
+- **Compute backends** (local, slurm_ssh) are abstracted behind `ComputeBackend` (`app/backends/base.py`). The backend is selected at startup from `config.yaml` and injected via FastAPI DI.
+- **Job lifecycle**: `PENDING` -> `SETUP` -> `RUNNING` -> `COMPLETED`/`FAILED`/`CANCELLED`. Orchestrated by `execute_job` in `app/tasks.py`; state persisted via `app/store.py`.
+- **snkmt DB sync**: Snakemake job-graph metadata (rule counts, file listings) is synced from the compute backend to a local SQLite file during execution and exposed via `/snkmt/*` endpoints. See `app/snkmt.py` for the query layer.

app/__init__.py

@@ -0,0 +1 @@
+"""snakedispatch - FastAPI microservice for dispatching workflows."""

app/backends/__init__.py

@@ -0,0 +1,20 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from app.backends.local import LocalBackend
+from app.config import LocalConfig, SlurmSSHConfig
+
+if TYPE_CHECKING:
+    from app.backends.base import ComputeBackend
+
+
+def create_backend(config: SlurmSSHConfig | LocalConfig) -> ComputeBackend:
+    """Create the appropriate backend from config."""
+    if isinstance(config, LocalConfig):
+        return LocalBackend(config)
+    from app.backends.slurm_ssh import (  # noqa: PLC0415, I001  # requires [slurm]
+        SlurmSSHBackend,
+    )
+
+    return SlurmSSHBackend(config)