Skip to content

Fix: External DRS URIs in lm10 snapshots break /repository/files (#7660) #7683

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dsotirho-ucsc merged 3 commits into from
Jan 21, 2026
Merged

Fix: External DRS URIs in lm10 snapshots break /repository/files (#7660) #7683

dsotirho-ucsc merged 3 commits into from
Jan 21, 2026

Conversation

@nadove-ucsc
Copy link
Contributor

@nadove-ucsc nadove-ucsc commented Jan 7, 2026
edited by dsotirho-ucsc
Loading

Linked issues: #7660

Checklist

Author

  • PR is assigned to the author
  • Status of PR is In progress
  • PR is a draft
  • Target branch is develop
  • Name of PR branch matches issues/<GitHub handle of author>/<issue#>-<slug>
  • PR is linked to all issues it (partially) resolves
  • Status of linked issues is In progress
  • PR description links to linked issues
  • PR title matches1 that of a linked issue or comment in PR explains why they're different
  • PR title references all linked issues
  • For each linked issue, there is at least one commit whose title references that issue

1 when the issue title describes a problem, the corresponding PR
title is Fix: followed by the issue title

Author (partiality)

  • Added p tag to titles of partial commits
  • This PR is labeled partial or completely resolves all linked issues
  • This PR partially resolves each of the linked issues or does not have the partial label

Author (reindex)

  • Added r tag to commit title or the changes introduced by this PR will not require reindexing of any deployment
  • This PR is labeled reindex:dev or the changes introduced by it will not require reindexing of dev
  • This PR is labeled reindex:anvildev or the changes introduced by it will not require reindexing of anvildev
  • This PR is labeled reindex:anvilprod or the changes introduced by it will not require reindexing of anvilprod
  • This PR is labeled reindex:prod or the changes introduced by it will not require reindexing of prod
  • This PR is labeled reindex:partial and its description documents the specific reindexing procedure for dev, anvildev, anvilprod and prod or requires a full reindex or carries none of the labels reindex:dev, reindex:anvildev, reindex:anvilprod and reindex:prod

Author (API changes)

  • This PR and its linked issues are labeled API or this PR does not modify a REST API
  • Added a (A) tag to commit title for backwards (in)compatible changes or this PR does not modify a REST API
  • Updated REST API version number in app.py or this PR does not modify a REST API

Author (upgrading deployments)

  • Ran make docker_images.json and committed the resulting changes or this PR does not modify azul_docker_images, or any other variables referenced in the definition of that variable
  • Documented upgrading of deployments in UPGRADING.rst or this PR does not require upgrading deployments
  • Added u tag to commit title or this PR does not require upgrading deployments
  • This PR is labeled upgrade or does not require upgrading deployments
  • This PR is labeled deploy:shared or does not modify docker_images.json, and does not require deploying the shared component for any other reason
  • This PR is labeled deploy:gitlab or does not require deploying the gitlab component
  • This PR is labeled deploy:runner or does not require deploying the runner image

Author (hotfixes)

  • Added F tag to main commit title or this PR does not include permanent fix for a temporary hotfix
  • Reverted the temporary hotfixes for any linked issues or the none of the stable branches (anvilprod and prod) have temporary hotfixes for any of the issues linked to this PR

Author (before every review)

  • Rebased PR branch on develop, squashed fixups from prior reviews
  • Ran make requirements_update or this PR does not modify Dockerfile, environment, requirements*.txt, common.mk, Makefile or environment.boot
  • Added R tag to commit title or this PR does not modify requirements*.txt
  • This PR is labeled reqs or does not modify requirements*.txt
  • make integration_test passes in personal deployment or this PR does not modify functionality that could affect the IT outcome
  • PR is awaiting requested review from a peer
  • Status of PR is Review requested
  • PR is assigned to only the peer and the author

Peer reviewer (after approval)

Note that after requesting changes, the PR must be assigned to only the author.

  • Actually approved the PR
  • PR is not a draft
  • PR is awaiting requested review from system administrator
  • Status of PR is Review requested
  • PR is assigned to only the system administrator and the author

System administrator (after approval)

  • Actually approved the PR
  • Labeled linked issues as demo or no demo
  • Commented on linked issues about demo expectations or all linked issues are labeled no demo
  • Decided if PR can be labeled no sandbox
  • A comment to this PR details the completed security design review
  • PR title is appropriate as title of merge commit
  • N reviews label is accurate
  • Status of PR is Approved
  • PR is assigned to only the operator and the author

Operator

  • Checked reindex:… labels and r commit title tag
  • Checked that demo expectations are clear or all linked issues are labeled no demo
  • Squashed PR branch and rebased onto develop
  • Sanity-checked history
  • Pushed PR branch to GitHub

Operator (deploy .shared and .gitlab components)

  • Ran _select dev.shared && CI_COMMIT_REF_NAME=develop make -C terraform/shared apply_keep_unused or this PR is not labeled deploy:shared
  • Ran _select dev.gitlab && CI_COMMIT_REF_NAME=develop make -C terraform/gitlab apply or this PR is not labeled deploy:gitlab
  • Ran _select anvildev.shared && CI_COMMIT_REF_NAME=develop make -C terraform/shared apply_keep_unused or this PR is not labeled deploy:shared
  • Ran _select anvildev.gitlab && CI_COMMIT_REF_NAME=develop make -C terraform/gitlab apply or this PR is not labeled deploy:gitlab
  • Checked the items in the next section or this PR is labeled deploy:gitlab
  • PR is assigned to only the system administrator and the author or this PR is not labeled deploy:gitlab

System administrator (post-deploy of .gitlab component)

  • Background migrations for dev.gitlab are complete or this PR is not labeled deploy:gitlab
  • Background migrations for anvildev.gitlab are complete or this PR is not labeled deploy:gitlab
  • PR is assigned to only the operator and the author

Operator (deploy runner image)

  • Ran _select dev.gitlab && make -C terraform/gitlab/runner or this PR is not labeled deploy:runner
  • Ran _select anvildev.gitlab && make -C terraform/gitlab/runner or this PR is not labeled deploy:runner

Operator (sandbox build)

  • Added sandbox label or PR is labeled no sandbox
  • Pushed PR branch to GitLab dev or PR is labeled no sandbox
  • Pushed PR branch to GitLab anvildev or PR is labeled no sandbox
  • Build passes in sandbox deployment or PR is labeled no sandbox
  • Build passes in anvilbox deployment or PR is labeled no sandbox
  • Reviewed build logs for anomalies in sandbox deployment or PR is labeled no sandbox
  • Reviewed build logs for anomalies in anvilbox deployment or PR is labeled no sandbox
  • Deleted unreferenced indices in sandbox or this PR does not remove catalogs or otherwise causes unreferenced indices in sandbox
  • Deleted unreferenced indices in anvilbox or this PR does not remove catalogs or otherwise causes unreferenced indices in anvilbox
  • Started reindex in sandbox or this PR is not labeled reindex:dev
  • Started reindex in anvilbox or this PR is not labeled reindex:anvildev
  • Checked for failures in sandbox or this PR is not labeled reindex:dev
  • Checked for failures in anvilbox or this PR is not labeled reindex:anvildev

Operator (merge the branch)

  • All status checks passed and the PR is mergeable
  • The title of the merge commit starts with the title of this PR
  • Added PR # reference to merge commit title
  • Collected commit title tags in merge commit title but only included p if the PR is also labeled partial
  • Pushed merge commit to GitHub
  • Status of PR is Merged lower
  • Status of blocked issues is Triage or no issues are blocked on the linked issues

Operator (main build)

  • Pushed merge commit to GitLab dev
  • Pushed merge commit to GitLab anvildev
  • Build passes on GitLab dev
  • Reviewed build logs for anomalies on GitLab dev
  • Build passes on GitLab anvildev
  • Reviewed build logs for anomalies on GitLab anvildev
  • Ran _select dev.shared && make -C terraform/shared apply or this PR is not labeled deploy:shared
  • Ran _select anvildev.shared && make -C terraform/shared apply or this PR is not labeled deploy:shared
  • Deleted PR branch from GitHub
  • PR is assigned to only the operator
  • Deleted PR branch from GitLab dev
  • Deleted PR branch from GitLab anvildev
  • Status of linked issues is Lower, or Triage, if PR is partial

Operator (reindex)

  • Deindexed all unreferenced catalogs in dev or this PR is neither labeled reindex:partial nor reindex:dev
  • Deindexed all unreferenced catalogs in anvildev or this PR is neither labeled reindex:partial nor reindex:anvildev
  • Deindexed specific sources in dev or this PR is neither labeled reindex:partial nor reindex:dev
  • Deindexed specific sources in anvildev or this PR is neither labeled reindex:partial nor reindex:anvildev
  • Indexed specific sources in dev or this PR is neither labeled reindex:partial nor reindex:dev
  • Indexed specific sources in anvildev or this PR is neither labeled reindex:partial nor reindex:anvildev
  • Started reindex in dev or this PR does not require reindexing dev
  • Started reindex in anvildev or this PR does not require reindexing anvildev
  • Checked for, triaged and possibly requeued messages in both fail queues in dev or this PR does not require reindexing dev
  • Checked for, triaged and possibly requeued messages in both fail queues in anvildev or this PR does not require reindexing anvildev
  • Emptied fail queues in dev or this PR does not require reindexing dev
  • Emptied fail queues in anvildev or this PR does not require reindexing anvildev
  • Restarted the Data Browser pipeline for the ucsc/hca/dev branch on GitLab in dev or this PR does not require reindexing dev
  • Restarted the Data Browser pipeline for the ucsc/lungmap/dev branch on GitLab in dev or this PR does not require reindexing dev
  • Restarted deploy_browser job in the GitLab pipeline for this PR in dev or this PR does not require reindexing dev
  • Restarted the Data Browser pipeline for the ucsc/anvil/anvildev branch on GitLab in anvildev or this PR does not require reindexing anvildev
  • Restarted deploy_browser job in the GitLab pipeline for this PR in anvildev or this PR does not require reindexing anvildev

Operator (mirroring)

  • Started mirroring in dev or this PR does not require mirroring dev
  • Started mirroring in anvildev or this PR does not require mirroring anvildev
  • Checked for, triaged and possibly requeued messages in mirror fail queue in dev or this PR does not require mirroring dev
  • Checked for, triaged and possibly requeued messages in mirror fail queue in anvildev or this PR does not require mirroring anvildev
  • Emptied mirror fail queue in dev or this PR does not require mirroring dev
  • Emptied mirror fail queue in anvildev or this PR does not require mirroring anvildev

Operator

  • Propagated the deploy:shared, deploy:gitlab, deploy:runner, API, reindex:partial, reindex:anvilprod and reindex:prod labels to the next promotion PRs or this PR carries none of these labels
  • Propagated any specific instructions related to the deploy:shared, deploy:gitlab, deploy:runner, API, reindex:partial, reindex:anvilprod and reindex:prod labels, from the description of this PR to that of the next promotion PRs or this PR carries none of these labels
  • PR is assigned to no one

Shorthand for review comments

  • L line is too long
  • W line wrapping is wrong
  • Q bad quotes
  • F other formatting problem

@nadove-ucsc nadove-ucsc self-assigned this Jan 7, 2026
@nadove-ucsc nadove-ucsc linked an issue Jan 7, 2026 that may be closed by this pull request
External DRS URIs in lm10 snapshots break /repository/files #7660
Open
@coveralls
Copy link

coveralls commented Jan 7, 2026
edited
Loading

Coverage Status

coverage: 85.065% (-0.04%) from 85.108%
when pulling 1cceb9d on issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files
into f3bdd08 on develop.

@codecov
Copy link

codecov bot commented Jan 7, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 48.23529% with 44 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.84%. Comparing base (f3bdd08) to head (1cceb9d).
⚠️ Report is 4 commits behind head on develop.

Files with missing lines Patch % Lines
test/integration_test.py 0.00% 21 Missing ⚠️
src/azul/drs.py 65.21% 8 Missing ⚠️
src/azul/plugins/__init__.py 63.15% 7 Missing ⚠️
src/azul/service/download_controller.py 16.66% 5 Missing ⚠️
src/azul/indexer/mirror_service.py 0.00% 2 Missing ⚠️
src/azul/plugins/repository/tdr.py 88.88% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #7683      +/-   ##
===========================================
- Coverage    84.88%   84.84%   -0.05%     
===========================================
  Files          157      157              
  Lines        22943    22970      +27     
===========================================
+ Hits         19476    19489      +13     
- Misses        3467     3481      +14

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nadove-ucsc nadove-ucsc force-pushed the issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files branch from ac35d04 to bd193f0 Compare January 7, 2026 22:43
@nadove-ucsc
Copy link
Contributor Author

nadove-ucsc commented Jan 8, 2026

IT passes using seed from #7660 (comment)

dsotirho-ucsc
dsotirho-ucsc previously approved these changes Jan 8, 2026
View reviewed changes
Copy link
Contributor

@dsotirho-ucsc dsotirho-ucsc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

@dsotirho-ucsc dsotirho-ucsc marked this pull request as ready for review January 8, 2026 18:10
hannes-ucsc
hannes-ucsc requested changes Jan 8, 2026
View reviewed changes
src/azul/plugins/repository/tdr.py Outdated
else:
# Compact DRS URIs cannot be parsed by furl
_, _, drs_host, *_ = self.file.drs_uri.split('/')
if drs_host != config.tdr_service_url.host:
Copy link
Member

@hannes-ucsc hannes-ucsc Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is right. A compact identifier-based DRS URI can resolve to a URL that points to TDR's DRS implementation. I believe this is the case for AnVIL. And in that case, while we don't want to send the token to identifiers.org, we do want to send it to TDR. So in other words, we need to make this decision at the HTTP(S) URL level, not the DRS URI level.

@hannes-ucsc hannes-ucsc added the 1 review [process] Lead requested changes once label Jan 8, 2026
@hannes-ucsc hannes-ucsc removed their assignment Jan 8, 2026
@nadove-ucsc nadove-ucsc force-pushed the issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files branch from bd193f0 to 13f12b6 Compare January 9, 2026 00:06
@nadove-ucsc
Copy link
Contributor Author

nadove-ucsc commented Jan 9, 2026
edited
Loading

IT passes using seed from #7660 (comment)

Passed again on commit b1d14f5d6 cde1624b6

@nadove-ucsc nadove-ucsc requested review from aednichols and removed request for aednichols January 9, 2026 00:34
@nadove-ucsc nadove-ucsc force-pushed the issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files branch 2 times, most recently from b1b9ff8 to cde1624 Compare January 13, 2026 03:02
@hannes-ucsc hannes-ucsc force-pushed the issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files branch 3 times, most recently from cf1a352 to 434c500 Compare January 19, 2026 07:18
hannes-ucsc
hannes-ucsc reviewed Jan 20, 2026
View reviewed changes
Copy link
Member

@hannes-ucsc hannes-ucsc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I implemented a different approach for the auth part. If you'd like, I can elaborate in PL on why I prefer it.

This passes IT in my personal deployment but please test thoroughly. I'd like to see evidence that with the IT seed pinned, the same file from the lm10 is downloaded.

@hannes-ucsc hannes-ucsc removed their assignment Jan 20, 2026
@nadove-ucsc
Copy link
Contributor Author

nadove-ucsc commented Jan 21, 2026
edited
Loading

I'd like to see evidence that with the IT seed pinned, the same file from the lm10 is downloaded.

The reproduction I've been using is from dev, not prod, so the affected files are in lm2[-it], not lm10[-it].

Excerpt from the gitlab log of a failed IT run:

Beginning sub-test [repository_files] {'catalog': 'lm2-it'}
2026-01-03 07:22:53,657    INFO MainThread test.integration_test: Making GET request to 'https://service.dev.singlecell.gi.ucsc.edu/fetch/repository/files/e3120445-aa13-421d-b4e9-728e5bc8ed1c?catalog=lm2-it&version=2025-01-07T21%3A14%3A38.183927Z'
2026-01-03 07:22:53,657    INFO MainThread test.integration_test: … without a request body
2026-01-03 07:22:53,658    INFO MainThread test.integration_test: … without request headers
2026-01-03 07:22:54,717    INFO MainThread test.integration_test: Got 500 response after 1.059s from GET to https://service.dev.singlecell.gi.ucsc.edu/fetch/repository/files/e3120445-aa13-421d-b4e9-728e5bc8ed1c?catalog=lm2-it&version=2025-01-07T21%3A14%3A38.183927Z
...
<several failed retries of the same request>
...
2026-01-03 07:22:55,824    INFO MainThread test.integration_test: Failed sub-test [repository_files] {'catalog': 'lm2-it'}

  test_indexing (integration_test.IndexingIntegrationTest.test_indexing) [repository_files] (catalog='lm2-it') ... ERROR

Reproduction on dev using the same file in a non-IT catalog:

$ curl 'https://service.dev.singlecell.gi.ucsc.edu/fetch/repository/files/e3120445-aa13-421d-b4e9-728e5bc8ed1c?catalog=lm2&version=2025-01-07T21%3A14%3A38.183927Z' 
{"Code":"InternalServerError","Message":"An internal server error occurred.","RequestId":"9cf361f3-78ad-4264-a4bf-e363b5109e78"}

Excerpt from local IT run on issue branch with pinned seed:

2026-01-20 22:24:43,195    INFO MainThread test.integration_test: Beginning sub-test [repository_files] {'catalog': 'lm2-it'}
2026-01-20 22:24:43,196    INFO MainThread test.integration_test: Making GET request to 'https://service.nadove.dev.singlecell.gi.ucsc.edu/fetch/repository/files/e3120445-aa13-421d-b4e9-728e5bc8ed1c?catalog=lm2-it&version=2025-01-07T21%3A14%3A38.183927Z'
2026-01-20 22:24:43,196    INFO MainThread test.integration_test: … without a request body
2026-01-20 22:24:43,197    INFO MainThread test.integration_test: … without request headers
2026-01-20 22:24:43,988    INFO MainThread test.integration_test: Got 401 response after 0.791s from GET to https://service.nadove.dev.singlecell.gi.ucsc.edu/fetch/repository/files/e3120445-aa13-421d-b4e9-728e5bc8ed1c?catalog=lm2-it&version=2025-01-07T21%3A14%3A38.183927Z
2026-01-20 22:24:43,988    INFO MainThread test.integration_test: … with response headers HTTPHeaderDict({'Content-Type': 'application/json', 'Content-Length': '176', 'Connection': 'keep-alive', 'Date': 'Wed, 21 Jan 2026 06:24:43 GMT', 'X-Amzn-Trace-Id': 'Root=1-6970712b-67d00c974a67b2ef2429b4a4;Parent=013859565d7af306;Sampled=0;Lineage=1:18653585:0', 'x-amzn-RequestId': 'babbd795-12dd-4574-96db-7298d616f94d', 'Referrer-Policy': 'strict-origin-when-cross-origin', 'X-XSS-Protection': '1; mode=block', 'Access-Control-Allow-Origin': '*', 'Strict-Transport-Security': 'max-age=63072000; includeSubDomains; preload', 'Access-Control-Allow-Headers': 'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key', 'X-Frame-Options': 'DENY', 'Content-Security-Policy': "default-src 'self';img-src 'self' data:;script-src 'self';style-src 'self';frame-ancestors 'none';form-action 'self'", 'x-amz-apigw-id': 'Xhae1F7joAMEYEw=', 'Cache-Control': 'no-store', 'X-Content-Type-Options': 'nosniff', 'X-Cache': 'Error from cloudfront', 'Via': '1.1 9a73196754a728e88fd24c5b433d6d52.cloudfront.net (CloudFront)', 'X-Amz-Cf-Pop': 'SFO53-P10', 'X-Amz-Cf-Id': 'r0PZO8zqDTI_neWcTcy9piMmGyAjbRqgzuUpuzGW-HknrnEBsKbzTQ=='})
2026-01-20 22:24:43,988    INFO MainThread test.integration_test: … with a response body of length 176 being b'{"Code":"UnauthorizedError","Message":"Unexpected response from https://gen3.biodatacatalyst.nhlbi.nih.gov/ga4gh/drs/v1/objects/011c00e5-3449-4cd5-9723-55be4094219b/access/gs"}'
2026-01-20 22:24:43,989    INFO MainThread test.integration_test: Successful sub-test [repository_files] {'catalog': 'lm2-it'}

@nadove-ucsc nadove-ucsc force-pushed the issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files branch from 434c500 to e16ce89 Compare January 21, 2026 06:33
@hannes-ucsc
Copy link
Member

hannes-ucsc commented Jan 21, 2026
edited
Loading

Security design review

  • Security design review completed; this PR does not
    • affect authentication; for example: Fix: External DRS URIs in lm10 snapshots break /repository/files (#7660) #7683 (comment)
      • OAuth 2.0 with the application (API or Swagger UI)
      • Authentication of developers with Google Cloud APIs
      • Authentication of developers with AWS APIs
      • Authentication with a GitLab instance in the system
      • Password and 2FA authentication with GitHub
      • API access token authentication with GitHub
      • Authentication with Terra
    • … affect the permissions of internal users like access to
      • Cloud resources on AWS and GCP
      • GitLab repositories, projects and groups, administration
      • an EC2 instance via SSH
      • GitHub issues, pull requests, commits, commit statuses, wikis, repositories, organizations
    • … affect the permissions of external users like access to
      • TDR snapshots
    • … affect permissions of service or bot accounts
      • Cloud resources on AWS and GCP
    • … affect audit logging in the system, like
      • adding, removing or changing a log message that represents an auditable event
      • changing the routing of log messages through the system
    • … affect monitoring of the system
    • … introduce a new software dependency like
      • Python packages on PYPI
      • Command-line utilities
      • Docker images
      • Terraform providers
    • … add an interface that exposes sensitive or confidential data at the security boundary
    • … affect the encryption of data at rest
    • … require persistence of sensitive or confidential data that might require encryption at rest
    • … require unencrypted transmission of data within the security boundary
    • … affect the network security layer; for example by
      • modifying, adding or removing firewall rules
      • modifying, adding or removing security groups
      • changing or adding a port a service, proxy or load balancer listens on
  • Documentation on any unchecked boxes is provided in comments below

@hannes-ucsc
Copy link
Member

hannes-ucsc commented Jan 21, 2026
edited
Loading

Security design review

This fixes an issue that exposed a user's Google OAuth2 access token, as well as as the public service account's access token, to the administrators/operators of gen3.biodatacatalyst.nhlbi.nih.gov. No production environments were affected by that issue because no files using DRS URIs that resolve to that domain currently exist in any production deployment. The issue only affects dev and colocated personal and sandbox deployments. In the affected deployments, the operators of that .gov domain could have used the token to access the Terra development deployment on the user's behalf, provided that the user attempted to download a file from the mock-lm10 snapshot in TDR dev. The Terra development deployment is for testing purposes and hosts no sensitive data. A log analysis revealed that no logged-in users actually attempted to download an affected file, so no user tokens were actually exposed. Instead, only the token of the public SA was exposed to the operators of gen3.biodatacatalyst.nhlbi.nih.gov. The public SA has the lowest possible privileges (read publicly available information), so ultimately no sensitive information was exposed.

@dsotirho-ucsc dsotirho-ucsc force-pushed the issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files branch from e16ce89 to 1cceb9d Compare January 21, 2026 20:07
@dsotirho-ucsc dsotirho-ucsc added the sandbox [process] Resolution is being verified in sandbox deployment label Jan 21, 2026
@dsotirho-ucsc dsotirho-ucsc merged commit 43979ac into develop Jan 21, 2026
10 checks passed
@dsotirho-ucsc dsotirho-ucsc mentioned this pull request Jan 21, 2026
Open
@dsotirho-ucsc dsotirho-ucsc deleted the issues/nadove-ucsc/7660-external-drs-uris-lm10-break-repository-files branch January 21, 2026 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hannes-ucsc hannes-ucsc hannes-ucsc approved these changes

@dsotirho-ucsc dsotirho-ucsc dsotirho-ucsc left review comments

Assignees

No one assigned

Labels

1 review [process] Lead requested changes once sandbox [process] Resolution is being verified in sandbox deployment

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

External DRS URIs in lm10 snapshots break /repository/files

5 participants

@nadove-ucsc @coveralls @hannes-ucsc @dsotirho-ucsc