Merge branch 'master' into fix-azure-low-priority-vm-deprecation

Author: adamrtalbot

docs/reference/config.md

@@ -428,6 +428,10 @@ The following settings are available:
 `azure.batch.pools.<name>.lowPriority`
 : Enable the use of low-priority VMs (default: `false`).
 
+: :::{warning}
+  As of September 30, 2025, Low Priority VMs will no longer be supported in Azure Batch accounts that use Batch Managed mode for pool allocation. You may continue to use this setting to configure Spot VMs in Batch accounts configured with User Subscription mode.
+  :::
+
 `azure.batch.pools.<name>.maxVmCount`
 : Specify the max of virtual machine when using auto scale option.
 

plugins/nf-codecommit/build.gradle

@@ -38,7 +38,9 @@ dependencies {
     compileOnly 'org.pf4j:pf4j:3.12.0'
 
     api ('javax.xml.bind:jaxb-api:2.4.0-b180830.0359')
-    api ('com.amazonaws:aws-java-sdk-codecommit:1.12.777')
+    api ('software.amazon.awssdk:codecommit:2.31.64')
+    api ('software.amazon.awssdk:sso:2.31.64')
+    api ('software.amazon.awssdk:ssooidc:2.31.64')
 
     testImplementation(testFixtures(project(":nextflow")))
     testImplementation project(':nextflow')

plugins/nf-codecommit/src/main/nextflow/cloud/aws/codecommit/AwsCodeCommitCredentialProvider.groovy

@@ -16,6 +16,8 @@
 
 package nextflow.cloud.aws.codecommit
 
+import software.amazon.awssdk.auth.credentials.AwsCredentials
+
 import javax.crypto.Mac
 
 /*
@@ -40,12 +42,11 @@ import java.security.MessageDigest
 import java.security.NoSuchAlgorithmException
 import java.text.SimpleDateFormat
 
-import com.amazonaws.auth.AWSCredentials
-import com.amazonaws.auth.AWSCredentialsProvider
-import com.amazonaws.auth.AWSSessionCredentials
-import com.amazonaws.auth.AWSStaticCredentialsProvider
-import com.amazonaws.auth.BasicAWSCredentials
-import com.amazonaws.auth.DefaultAWSCredentialsProviderChain
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials
 import groovy.transform.CompileStatic
 import groovy.util.logging.Slf4j
 import nextflow.exception.AbortOperationException
@@ -201,23 +202,23 @@ final class AwsCodeCommitCredentialProvider extends CredentialsProvider {
     }
 
     /**
-     * Get the AWSCredentials. If an AWSCredentialProvider was specified, use that,
-     * otherwise, create a new AWSCredentialsProvider. If the username and password are
-     * provided, use those directly as AWSCredentials. Otherwise, use the
-     * {@link DefaultAWSCredentialsProviderChain} as is standard with AWS applications.
+     * Get the AWSCredentials. If an AwsCredentialProvider was specified, use that,
+     * otherwise, create a new AwsCredentialsProvider. If the username and password are
+     * provided, use those directly as AwsCredentials. Otherwise, use the
+     * {@link DefaultCredentialsProvider} as is standard with AWS applications.
      * @return the AWS credentials.
      */
-    private AWSCredentials retrieveAwsCredentials() {
-        AWSCredentialsProvider credsProvider
+    private AwsCredentials retrieveAwsCredentials() {
+        AwsCredentialsProvider credsProvider
         if ( username && password ) {
             log.debug "Creating a static AWS credentials provider"
-            credsProvider = new AWSStaticCredentialsProvider( new BasicAWSCredentials( username, password ))
+            credsProvider = StaticCredentialsProvider.create( AwsBasicCredentials.create(username,password) )
         }
         else {
             log.debug "Creating a default AWS credentials provider chain"
-            credsProvider = new DefaultAWSCredentialsProviderChain()
+            credsProvider = DefaultCredentialsProvider.builder().build()
         }
-        return credsProvider.getCredentials()
+        return credsProvider.resolveCredentials()
     }
 
     /**
@@ -260,14 +261,14 @@ final class AwsCodeCommitCredentialProvider extends CredentialsProvider {
         String awsSecretKey
 
         try {
-            AWSCredentials awsCredentials = retrieveAwsCredentials()
+            AwsCredentials awsCredentials = retrieveAwsCredentials()
             StringBuilder awsKey = new StringBuilder();
-            awsKey.append(awsCredentials.getAWSAccessKeyId());
-            awsSecretKey = awsCredentials.getAWSSecretKey();
-            if (awsCredentials instanceof AWSSessionCredentials) {
-                AWSSessionCredentials sessionCreds = (AWSSessionCredentials) awsCredentials;
-                if ( sessionCreds.getSessionToken() ) {
-                    awsKey.append('%').append(sessionCreds.getSessionToken())
+            awsKey.append(awsCredentials.accessKeyId());
+            awsSecretKey = awsCredentials.secretAccessKey();
+            if (awsCredentials instanceof AwsSessionCredentials) {
+                AwsSessionCredentials sessionCreds = (AwsSessionCredentials) awsCredentials;
+                if ( sessionCreds.sessionToken() ) {
+                    awsKey.append('%').append(sessionCreds.sessionToken())
                 }
             }
             awsAccessKey = awsKey.toString()
@@ -322,7 +323,7 @@ final class AwsCodeCommitCredentialProvider extends CredentialsProvider {
     /**
      * @param awsCredentialProvider the awsCredentialProvider to set
      */
-    void setAwsCredentialsProvider(AWSCredentialsProvider awsCredentialsProvider) {
+    void setAwsCredentialsProvider(AwsCredentialsProvider awsCredentialsProvider) {
         this.awsCredentialsProvider = awsCredentialsProvider
     }
 

plugins/nf-codecommit/src/main/nextflow/cloud/aws/codecommit/AwsCodeCommitRepositoryProvider.groovy

@@ -16,16 +16,16 @@
 
 package nextflow.cloud.aws.codecommit
 
-import com.amazonaws.SdkClientException
-import com.amazonaws.auth.AWSStaticCredentialsProvider
-import com.amazonaws.auth.BasicAWSCredentials
-import com.amazonaws.auth.DefaultAWSCredentialsProviderChain
-import com.amazonaws.services.codecommit.AWSCodeCommit
-import com.amazonaws.services.codecommit.AWSCodeCommitClientBuilder
-import com.amazonaws.services.codecommit.model.AWSCodeCommitException
-import com.amazonaws.services.codecommit.model.GetFileRequest
-import com.amazonaws.services.codecommit.model.GetRepositoryRequest
-import com.amazonaws.services.codecommit.model.RepositoryMetadata
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials
+import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider
+import software.amazon.awssdk.core.exception.SdkException
+import software.amazon.awssdk.regions.Region
+import software.amazon.awssdk.services.codecommit.CodeCommitClient
+import software.amazon.awssdk.services.codecommit.model.CodeCommitException
+import software.amazon.awssdk.services.codecommit.model.GetFileRequest
+import software.amazon.awssdk.services.codecommit.model.GetRepositoryRequest
+import software.amazon.awssdk.services.codecommit.model.RepositoryMetadata
 import groovy.transform.CompileStatic
 import groovy.transform.Memoized
 import groovy.util.logging.Slf4j
@@ -56,22 +56,21 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
     }
 
     private String region
-    private AWSCodeCommit client
+    private CodeCommitClient client
     private String repositoryName
 
 
-    protected AWSCodeCommit createClient(AwsCodeCommitProviderConfig config) {
-        final builder = AWSCodeCommitClientBuilder
-                .standard()
-                .withRegion(region)
+    protected CodeCommitClient createClient(AwsCodeCommitProviderConfig config) {
+        final builder = CodeCommitClient.builder()
+                .region(Region.of(region))
         if( config.user && config.password ) {
-            final creds = new BasicAWSCredentials(config.user, config.password)
+            final creds = AwsBasicCredentials.create(config.user, config.password)
             log.debug "AWS CodeCommit using username=$config.user; password=${StringUtils.redact(config.password)}"
-            builder.withCredentials( new AWSStaticCredentialsProvider(creds) )
+            builder.credentialsProvider( StaticCredentialsProvider.create(creds) )
         }
         else {
             log.debug "AWS CodeCommit using default credentials chain"
-            builder.withCredentials( new DefaultAWSCredentialsProviderChain() )
+            builder.credentialsProvider( DefaultCredentialsProvider.builder().build() )
         }
         builder.build()
     }
@@ -84,12 +83,13 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
     }
 
     private RepositoryMetadata getRepositoryMetadata() {
-        final request = new GetRepositoryRequest()
-                .withRepositoryName(repositoryName)
+        final request = GetRepositoryRequest.builder()
+                .repositoryName(repositoryName)
+                .build()
 
         return client
                 .getRepository(request)
-                .getRepositoryMetadata()
+                .repositoryMetadata()
     }
 
     /** {@inheritDoc} **/
@@ -136,16 +136,16 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
     @Override
     byte[] readBytes( String path ) {
 
-        final request = new GetFileRequest()
-            .withRepositoryName(repositoryName)
-            .withFilePath(path)
+        final builder = GetFileRequest.builder()
+            .repositoryName(repositoryName)
+            .filePath(path)
         if( revision )
-            request.withCommitSpecifier(revision)
+            builder.commitSpecifier(revision)
 
         try {
             return client
-                    .getFile( request )
-                    .getFileContent()?.array()
+                    .getFile( builder.build() )
+                    .fileContent()?.asByteArray()
         }
         catch (Exception e) {
             checkMissingCredsException(e)
@@ -160,9 +160,9 @@ class AwsCodeCommitRepositoryProvider extends RepositoryProvider {
                 "Unable to load AWS credentials",
                 "The security token included in the request is invalid",
                 "The request signature we calculated does not match the signature you provided"]
-        if( e !instanceof SdkClientException )
+        if( e !instanceof SdkException )
             return
-        if( e instanceof AWSCodeCommitException && e.message?.startsWith("Could not find path") ) {
+        if( e instanceof CodeCommitException && e.message?.startsWith("Could not find path") ) {
             // it cannot find the request file
             return
         }

plugins/nf-codecommit/src/test/nextflow/cloud/aws/codecommit/AwsCodeCommitRepositoryProviderTest.groovy

@@ -26,7 +26,7 @@ import spock.lang.Specification
  * @author Paolo Di Tommaso <[email protected]>
  */
 @IgnoreIf({System.getenv('NXF_SMOKE')})
-@Requires({System.getenv('AWS_ACCESS_KEY_ID') && System.getenv('AWS_SECRET_ACCESS_KEY')})
+//@Requires({System.getenv('AWS_ACCESS_KEY_ID') && System.getenv('AWS_SECRET_ACCESS_KEY')})
 class AwsCodeCommitRepositoryProviderTest extends Specification {
 
     def 'should get repo url' () {