Loculus is a software package to power microbial genomial databases.
Additional documentation for development is available in each folder's README. This file contains a high-level overview of the project and shared development information that is best kept in one place.
If you would like to develop with a full local loculus instance for development you need to:
- Deploy a local kubernetes instance: kubernetes
- Deploy the backend: backend
- Deploy the frontend/website: website
Note that if you are developing the backend or frontend/website in isolation a full local loculus instance is not required. See the individual READMEs for more information.
- Backend code is in
backend, seebackend/README.md - Frontend code is in
website, seewebsite/README.md - Sequence and metadata processing pipeline is in
preprocessingfolder, seepreprocessing/specification.md - Deployment code is in
kubernetes, seekubernetes/README.md. Check this for local development setup instructions. - Authorization is performed by our own keycloak instance. See config in
keycloak-imageandrealm-config. The keycloak login theme is built with a custom keycloakify build.
The following diagram shows a rough overview of the involved software components:
While the documentation is still a work in progress, a look at the .github/workflows folder might be helpful:
backend.ymlruns the backend tests and builds the backend docker imagewebsite.ymlruns the website tests and builds the website docker imagee2e-k3d.ymlruns the end-to-end tests
We use keycloak for authorization. The keycloak instance is deployed in the loculus namespace and exposed to the outside either under localhost:8083 or authentication-[your-argo-cd-path]. The keycloak instance is configured with a realm called loculus and a client called backend-client. The realm is configured to use the exposed url of keycloak as a frontend url.
For testing we added multiple users to the realm. The users are:
adminwith passwordadmin(login underyour-exposed-keycloak-url/admin/master/console/)testuser:testuser(read as username:testuser, passwordtestuser) andsuperuser:superuser(login underyour-exposed-keycloak-url/realms/loculus/account/)- and more testusers, for each browser in the e2e test following the pattern:
testuser_[processId]_[browser]:testuser_[processId]_[browser] - These testusers will be added to the
testGroupin the setup for e2e tests. If you change the number of browsers in the e2e test, you need to adaptwebsite/tests/playwrightSetup.tsaccordingly. - To validate that a user exists we also created a technical user for the backend with username
backendand passwordbackend. The technical user is authorized to view users and groups and in principle to manage its own account.
- Groups are entities managed by the backend, uniquely identified by a name.
- Every sequence entry is owned by the group that it was initially submitted for. Modifications (edits while awaiting approval, revisions, revocations) can only be made by members of that group.
- Each user can be a member of multiple groups.
- Users can create new groups, becoming the initial member automatically.
- Group members have the authority to add or remove other members.
- If the last user leaves a group, the group becomes 'dangling'—it exists but is no longer accessible, and a new group with the same name cannot be created.
- Admin users can manually delete a group directly on the DB but must transfer ownership of sequence entries to another group before doing so to fulfill the foreign key constraint.
For testing we added all users declared above to the group testGroup.
Contributions are very welcome!
Please see CONTRIBUTING.md
for more information or ping us in case you need help.