Skip to content

Commit 6b705f1

Browse files
edmundmillerclaude
andcommitted
feat: add iGenomes Pulumi infrastructure project
Add comprehensive Pulumi project for managing iGenomes S3 infrastructure with proper import workflow and 1Password integration. ## Features - S3 bucket import for ngi-igenomes (AWS Open Data Registry) - Secure credential management via 1Password - Modular architecture (config, providers, infrastructure, utils) - Comprehensive documentation (README, CLAUDE.md, Context7 guide) - Protected resources with read-only tracking approach - Rich metadata exports for integration with nf-core ecosystem ## Project Structure - `__main__.py`: Main Pulumi program with S3 import logic - `src/`: Modular source code organization - `config/`: Environment variable loading and validation - `providers/`: AWS provider configuration - `infrastructure/`: S3 bucket import implementation - `utils/`: Centralized constants - Documentation: - `README.md`: Comprehensive user documentation (320+ lines) - `CLAUDE.md`: AI assistant context (360+ lines) - `CONTEXT7.md`: AWS SDK documentation guide - `SETUP_VERIFICATION.md`: Verification and testing guide - `test_setup.sh`: Automated setup verification script - `.envrc`: 1Password credential loading configuration ## Security - All credentials from 1Password (never in git) - Protected resources prevent accidental deletion - Read-only tracking for AWS Open Data bucket - Extensive ignore_changes for properties we can't manage ## Integration - Follows AWSMegatests project patterns - Uses shared S3 backend (nf-core-pulumi-state) - Consistent 1Password integration approach - Ready for nf-core infrastructure ecosystem 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
1 parent 11f5cce commit 6b705f1

File tree

18 files changed

+1759
-0
lines changed

18 files changed

+1759
-0
lines changed

pulumi/igenomes/.envrc

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
#!/usr/bin/env bash
2+
# Environment configuration for iGenomes Pulumi project
3+
# This file loads AWS credentials from 1Password
4+
5+
# Set 1Password account
6+
export OP_ACCOUNT="nf-core"
7+
8+
# AWS Configuration
9+
export AWS_DEFAULT_REGION="eu-west-1" # iGenomes bucket is in Ireland
10+
11+
# Load AWS credentials from 1Password
12+
# Secret: "AWS - Phil - iGenomes" in Shared vault
13+
export AWS_ACCESS_KEY_ID=$(op item get "AWS - Phil - iGenomes" --vault "Shared" --fields "Access Key" 2>/dev/null || echo "")
14+
export AWS_SECRET_ACCESS_KEY=$(op item get "AWS - Phil - iGenomes" --vault "Shared" --fields "Secret Key" 2>/dev/null || echo "")
15+
16+
# Pulumi Configuration
17+
export PULUMI_BACKEND_URL="s3://nf-core-pulumi-state?region=eu-north-1&awssdk=v2"
18+
19+
# Verify credentials are loaded
20+
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
21+
echo "⚠️ Warning: Failed to load AWS credentials from 1Password"
22+
echo " Make sure you're authenticated: eval \$(op signin)"
23+
echo " And that the secret 'AWS - Phil - iGenomes' exists in the 'Shared' vault"
24+
else
25+
echo "✅ AWS credentials loaded from 1Password"
26+
echo " Region: $AWS_DEFAULT_REGION"
27+
fi

pulumi/igenomes/.gitignore

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# Python
2+
__pycache__/
3+
*.py[cod]
4+
*$py.class
5+
*.so
6+
.Python
7+
.venv/
8+
venv/
9+
ENV/
10+
env/
11+
12+
# Pulumi
13+
.pulumi/
14+
*.pyc
15+
16+
# IDE
17+
.vscode/
18+
.idea/
19+
*.swp
20+
*.swo
21+
22+
# OS
23+
.DS_Store
24+
Thumbs.db
25+
26+
# Environment
27+
.env
28+
.envrc.local
29+
30+
# Secrets
31+
secrets/
32+
*.pem
33+
*.key

0 commit comments

Comments
 (0)