A command-line tool for validating, encrypting, uploading and downloading submissions to/from a GDC/GRZ (Genomrechenzentrum).
This tool provides a way to validate files, encrypt/decrypt files using the crypt4gh library and upload/download the encrypted files to an S3 bucket of a GDC/GRZ. It also logs the progress and outcomes of these operations in a metadata file.
It is recommended to have the following folder structure for a single submission:
EXAMPLE_SUBMISSION
├── files
│ ├── aaaaaaaa00000000aaaaaaaa00000000_blood_normal.read1.fastq.gz
│ ├── aaaaaaaa00000000aaaaaaaa00000000_blood_normal.read2.fastq.gz
│ ├── aaaaaaaa00000000aaaaaaaa00000000_blood_normal.vcf
│ ├── aaaaaaaa00000000aaaaaaaa00000000_blood_tumor.read1.fastq.gz
│ ├── aaaaaaaa00000000aaaaaaaa00000000_blood_tumor.read2.fastq.gz
│ ├── aaaaaaaa00000000aaaaaaaa00000000_blood_tumor.vcf
│ ├── target_regions.bed
└── metadata
└── metadata.json
The current version of the tool requires the working_dir to have at least as much free disk space as the total size of the data being submitted.
crypt4gh.crypt4gh.boto3).boto3).Beside of the disk space requirements for the submission data, this tool also requires a linux environment, e.g.:
The recommended method to install this tool is using the conda package manager.
conda (recommended)If conda is not yet available on your system, we recommend to install the Miniforge conda distribution by running the following commands:
curl -L -O "https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-$(uname)-$(uname -m).sh"
bash Miniforge3-$(uname)-$(uname -m).sh
There are also alternative ways to install conda:
Next, install the grz-cli tool:
# create conda environment and activate it
conda create -n grz-tools -c conda-forge -c bioconda "grz-cli"
conda activate grz-tools
Use the following command to update the tool:
conda update -n grz-tools -c conda-forge -c bioconda grz-cli
pip (not recommended)While installation via pip is possible, it is not recommended because users must ensure
that the correct Python version is already installed and that they are using a virtual python environment.
pip install grz-cli
Use the following command to update the tool:
pip upgrade grz-cli
Docker images are available via biocontainers at https://biocontainers.pro/tools/grz-cli.
The build process can take at least a few days after the Bioconda release, so double-check that the latest version in Bioconda is also the latest Docker image version.
The configuration file will be provided by your associated GRZ, please place it into ~/.config/grz-cli/config.yaml.
The tool requires a configuration file in YAML format to specify the S3 bucket and other options. For an exemplary configuration, see resources/config.yaml.
S3 access and secret key can be listed either in the config file or as environment variable (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).
After preparing your submission as outlined above, you can use the following commands to validate, encrypt and upload the submission:
# Validate the submission
grz-cli validate --submission-dir EXAMPLE_SUBMISSION
# Encrypt the submission
grz-cli encrypt --submission-dir EXAMPLE_SUBMISSION
# Upload the submission
grz-cli upload --submission-dir EXAMPLE_SUBMISSION
In case of issues, please re-run your commands with grz-cli --log-level DEBUG --log-file <your-log-file.log> [...] and submit the log file to the GRZ data steward!
grz-cli provides a command-line interface with the following subcommands:
It is recommended to run this command before continuing with encryption and upload. Progress files are stored relative to the submission directory.
--submission-dir: Path to the submission directory containing both 'metadata/' and 'files/' directories [Required]Example usage:
grz_cli validate --submission-dir foo
If a working directory is not provided, then the current directory is used automatically. The log-files are going to be stored in the sub-folder of the working directory.
Files are stored in a folder named encrypted_files as a sub-folder of the working directory.
-s, --submission-dir: Path to the submission directory containing both 'metadata/' and 'files/' directories [Required]-c, --config-file: Path to config file [optional]grz-cli encrypt --submission-dir foo
Upload the submission into a S3 structure of a GRZ.
-s, --submission-dir: Path to the submission directory containing both 'metadata/' and 'encrypted_files/' directories [Required]-c, --config-file: Path to config file [optional]Example usage:
grz-cli upload --submission-dir foo
Please note that binary files used for testing are managed with Git LFS, which will be needed to clone them locally with the git repository.
To run the tests, navigate to the root directory of your project and invoke pytest.
Alternatively, install uv and tox and run uv run tox.
First, install uv.
We recommend using Conda or Pixi.
After cloning the desired branch of the grz-tools repo locally, you can run grz-cli directly from the repo using:
uv run --project path/to/cloned/grz-tools grz-cli --help
This project is licensed under the MIT License — see the LICENSE file for details.
Parts of crypt4gh code is used in modified form
FAQs
Tool for validation, encryption and upload of MV submissions to GDCs.
We found that grz-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
Security News
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.