Skip to content

Fix some issues in onsite#634

Merged
ypriverol merged 2 commits into
bigbio:devfrom
weizhongchun:dev
Jan 5, 2026
Merged

Fix some issues in onsite#634
ypriverol merged 2 commits into
bigbio:devfrom
weizhongchun:dev

Conversation

@weizhongchun

@weizhongchun weizhongchun commented Jan 5, 2026

Copy link
Copy Markdown
Contributor

User description

PR checklist

  • This comment contains a description of changes (with reason).
  • If you've fixed a bug or added code that should be tested, add tests!
  • If you've added a new tool - have you followed the pipeline conventions in the contribution docs
  • If necessary, also make a PR on the bigbio/quantms branch on the nf-core/test-datasets repository.
  • Make sure your code lints (nf-core pipelines lint).
  • Ensure the test suite passes (nextflow run . -profile test,docker --outdir <OUTDIR>).
  • Check for unexpected warnings in debug mode (nextflow run . -profile debug,test,docker --outdir <OUTDIR>).
  • Usage Documentation in docs/usage.md is updated.
  • Output Documentation in docs/output.md is updated.
  • CHANGELOG.md is updated.
  • README.md is updated (including new tool citations and authors/contributors).

PR Type

Bug fix, Enhancement


Description

  • Refactored optional flags handling in ONSITE module

    • Consolidated repeated flag variables into single optional_flags list
    • Improved command string formatting and readability
  • Updated git_sha for onsite module dependency

  • Fixed meta.yml output section formatting


Diagram Walkthrough

flowchart LR
  A["ONSITE module<br/>command building"] -->|"Refactor optional<br/>flags handling"| B["Consolidated<br/>flag variables"]
  A -->|"Update git_sha"| C["Dependency<br/>version bump"]
  A -->|"Fix meta.yml"| D["Output section<br/>formatting"]
Loading

File Walkthrough

Relevant files
Dependencies
modules.json
Update onsite module git_sha                                                         

modules.json

  • Updated git_sha for bigbio/onsite module from
    e4f16df2acb2c084a5043840212d0fb52f69fbbc to
    ffe3c99ee867c4d7d6400f95d0b5658eccf16212
+1/-1     
Enhancement
main.nf
Refactor optional flags handling in algorithms                     

modules/bigbio/onsite/main.nf

  • Refactored optional flags handling in ascore algorithm block by
    consolidating add_decoys, compute_all_scores, and debug into single
    optional_flags variable
  • Applied same refactoring pattern to phosphors algorithm block
  • Applied same refactoring pattern to lucxor algorithm block with
    disable_split_by_charge, compute_all_scores, and debug flags
  • Simplified final command execution by trimming algorithm_cmd and
    removing unnecessary backslash continuation
+7/-14   
Bug fix
meta.yml
Fix meta.yml output section formatting                                     

modules/bigbio/onsite/meta.yml

  • Added missing output: section header before meta output description
  • Fixed YAML structure formatting for proper output documentation
+1/-0     

@coderabbitai

coderabbitai Bot commented Jan 5, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@qodo-code-review

Copy link
Copy Markdown
Contributor

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
Supply chain dependency

Description: The PR updates the pinned git_sha for the bigbio/onsite module dependency, which is a
supply-chain risk if the new commit (ffe3c99ee867c4d7d6400f95d0b5658eccf16212) has not
been reviewed/verified and could introduce malicious or vulnerable code into the pipeline.

modules.json [43-46]

Referred Code
"onsite": {
    "branch": "main",
    "git_sha": "ffe3c99ee867c4d7d6400f95d0b5658eccf16212",
    "installed_by": ["modules"]
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Pipefail not set: The new piped execution ${algorithm_cmd.trim()} 2>&1 | tee ... may mask onsite
failures unless the script enables pipefail, requiring verification of pipeline error
propagation.

Referred Code
${algorithm_cmd.trim()} 2>&1 | tee ${id_file.baseName}_${algorithm}.log

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status:
Unreviewed log content: The change to always pipe tool output into tee writes full stderr/stdout to a log file,
which may include sensitive sample information depending on onsite verbosity and inputs
and should be verified.

Referred Code
${algorithm_cmd.trim()} 2>&1 | tee ${id_file.baseName}_${algorithm}.log

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Shell arg injection: The refactored command assembly concatenates optional flags and interpolated parameters
into a shell command string without clear escaping/quoting guarantees, which could allow
malformed values (e.g., with spaces/shell metacharacters) to alter execution.

Referred Code
    def optional_flags = [add_decoys, compute_all_scores, debug].findAll { it }.join(' \\\n            ')
    algorithm_cmd = """
    onsite ascore \\
        -in ${mzml_file} \\
        -id ${id_file} \\
        -out ${id_file.baseName}_ascore.idXML \\
        --fragment-mass-tolerance ${fragment_tolerance} \\
        --fragment-mass-unit ${fragment_unit}${optional_flags ? ' \\\n            ' + optional_flags : ''}
    """
} else if (algorithm == 'phosphors') {
    // PhosphoRS: uses -in, -id, -out, --fragment-mass-unit
    fragment_unit = params.onsite_fragment_unit ?: 'Da'
    def optional_flags = [add_decoys, compute_all_scores, debug].findAll { it }.join(' \\\n            ')
    algorithm_cmd = """
    onsite phosphors \\
        -in ${mzml_file} \\
        -id ${id_file} \\
        -out ${id_file.baseName}_phosphors.idXML \\
        --fragment-mass-tolerance ${fragment_tolerance} \\
        --fragment-mass-unit ${fragment_unit}${optional_flags ? ' \\\n            ' + optional_flags : ''}
    """


 ... (clipped 42 lines)

Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review

Copy link
Copy Markdown
Contributor

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Normalize here-doc indentation

Replace .trim() with .stripIndent().trim() when processing the algorithm_cmd
multiline string to correctly remove all leading indentation.

modules/bigbio/onsite/main.nf [111]

-${algorithm_cmd.trim()} 2>&1 | tee ${id_file.baseName}_${algorithm}.log
+${algorithm_cmd.stripIndent().trim()} 2>&1 | tee ${id_file.baseName}_${algorithm}.log
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: This is a good suggestion for improving code robustness. Using stripIndent() is the idiomatic Groovy way to handle multiline strings, making the code cleaner and less prone to indentation-related shell errors.

Medium
  • More

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the ONSITE module to improve code maintainability and fixes a YAML formatting issue. The changes consolidate repeated optional flag handling into a cleaner, DRY (Don't Repeat Yourself) implementation that also fixes a subtle bug where empty flag strings would create malformed command lines with unnecessary backslash continuations.

Key changes:

  • Consolidated optional flags handling across all three algorithms (ascore, phosphors, lucxor) using findAll { it } to filter empty strings
  • Fixed missing output: section header in meta.yml that was causing improper YAML structure
  • Updated module dependency git_sha reference

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
modules/bigbio/onsite/main.nf Refactored optional flags handling to consolidate repeated code patterns and fix potential issues with empty flag strings; simplified command execution formatting
modules/bigbio/onsite/meta.yml Added missing output: section header to fix YAML structure
modules.json Updated git_sha for onsite module dependency to latest version

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ypriverol ypriverol merged commit ef6f0dd into bigbio:dev Jan 5, 2026
49 of 50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Development

Successfully merging this pull request may close these issues.

3 participants