Method: projects.locations.pipelines.run

Runs a pipeline. The returned Operation's metadata field will contain a google.cloud.lifesciences.v2beta.Metadata object describing the status of the pipeline execution. The response field will contain a google.cloud.lifesciences.v2beta.RunPipelineResponse object if the pipeline completes successfully.

Note: Before you can use this method, the Life Sciences Service Agent must have access to your project. This is done automatically when the Cloud Life Sciences API is first enabled, but if you delete this permission you must disable and re-enable the API to grant the Life Sciences Service Agent the required permissions. Authorization requires the following Google IAM permission:

  • lifesciences.workflows.run

HTTP request

POST https://lifesciences.googleapis.com/v2beta/{parent=projects/*/locations/*}/pipelines:run

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

The project and location that this request should be executed against.

Authorization requires the following IAM permission on the specified resource parent:

  • lifesciences.workflows.run

Request body

The request body contains data with the following structure:

JSON representation
{
  "pipeline": {
    object (Pipeline)
  },
  "labels": {
    string: string,
    ...
  },
  "pubSubTopic": string
}
Fields
pipeline

object (Pipeline)

Required. The description of the pipeline to run.

labels

map (key: string, value: string)

User-defined labels to associate with the returned operation. These labels are not propagated to any Google Cloud Platform resources used by the operation, and can be modified at any time.

To associate labels with resources created while executing the operation, see the appropriate resource message (for example, VirtualMachine).

pubSubTopic

string

The name of an existing Pub/Sub topic. The server will publish messages to this topic whenever the status of the operation changes. The Life Sciences Service Agent account must have publisher permissions to the specified topic or notifications will not be sent.

Response body

If successful, the response body contains an instance of Operation.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Pipeline

Specifies a series of actions to execute, expressed as Docker containers.

JSON representation
{
  "actions": [
    {
      object (Action)
    }
  ],
  "resources": {
    object (Resources)
  },
  "environment": {
    string: string,
    ...
  },
  "encryptedEnvironment": {
    object (Secret)
  },
  "timeout": string
}
Fields
actions[]

object (Action)

The list of actions to execute, in the order they are specified.

resources

object (Resources)

The resources required for execution.

environment

map (key: string, value: string)

The environment to pass into every action. Each action can also specify additional environment variables but cannot delete an entry from this map (though they can overwrite it with a different value).

encryptedEnvironment

object (Secret)

The encrypted environment to pass into every action. Each action can also specify its own encrypted environment.

The secret must decrypt to a JSON-encoded dictionary where key-value pairs serve as environment variable names and their values. The decoded environment variables can overwrite the values specified by the environment field.

timeout

string (Duration format)

The maximum amount of time to give the pipeline to complete. This includes the time spent waiting for a worker to be allocated. If the pipeline fails to complete before the timeout, it will be cancelled and the error code will be set to DEADLINE_EXCEEDED.

If unspecified, it will default to 7 days.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

Action

Specifies a single action that runs a Docker container.

JSON representation
{
  "containerName": string,
  "imageUri": string,
  "commands": [
    string
  ],
  "entrypoint": string,
  "environment": {
    string: string,
    ...
  },
  "encryptedEnvironment": {
    object (Secret)
  },
  "pidNamespace": string,
  "portMappings": {
    integer: integer,
    ...
  },
  "mounts": [
    {
      object (Mount)
    }
  ],
  "labels": {
    string: string,
    ...
  },
  "credentials": {
    object (Secret)
  },
  "timeout": string,
  "ignoreExitStatus": boolean,
  "runInBackground": boolean,
  "alwaysRun": boolean,
  "enableFuse": boolean,
  "publishExposedPorts": boolean,
  "disableImagePrefetch": boolean,
  "disableStandardErrorCapture": boolean,
  "blockExternalNetwork": boolean
}
Fields
containerName

string

An optional name for the container. The container hostname will be set to this name, making it useful for inter-container communication. The name must contain only upper and lowercase alphanumeric characters and hyphens and cannot start with a hyphen.

imageUri

string

Required. The URI to pull the container image from. Note that all images referenced by actions in the pipeline are pulled before the first action runs. If multiple actions reference the same image, it is only pulled once, ensuring that the same image is used for all actions in a single pipeline.

The image URI can be either a complete host and image specification (e.g., quay.io/biocontainers/samtools), a library and image name (e.g., google/cloud-sdk) or a bare image name ('bash') to pull from the default library. No schema is required in any of these cases.

If the specified image is not public, the service account specified for the Virtual Machine must have access to pull the images from GCR, or appropriate credentials must be specified in the google.cloud.lifesciences.v2beta.Action.credentials field.

commands[]

string

If specified, overrides the CMD specified in the container. If the container also has an ENTRYPOINT the values are used as entrypoint arguments. Otherwise, they are used as a command and arguments to run inside the container.

entrypoint

string

If specified, overrides the ENTRYPOINT specified in the container.

environment

map (key: string, value: string)

The environment to pass into the container. This environment is merged with values specified in the google.cloud.lifesciences.v2beta.Pipeline message, overwriting any duplicate values.

In addition to the values passed here, a few other values are automatically injected into the environment. These cannot be hidden or overwritten.

GOOGLE_PIPELINE_FAILED will be set to "1" if the pipeline failed because an action has exited with a non-zero status (and did not have the IGNORE_EXIT_STATUS flag set). This can be used to determine if additional debug or logging actions should execute.

GOOGLE_LAST_EXIT_STATUS will be set to the exit status of the last non-background action that executed. This can be used by workflow engine authors to determine whether an individual action has succeeded or failed.

encryptedEnvironment

object (Secret)

The encrypted environment to pass into the container. This environment is merged with values specified in the google.cloud.lifesciences.v2beta.Pipeline message, overwriting any duplicate values.

The secret must decrypt to a JSON-encoded dictionary where key-value pairs serve as environment variable names and their values. The decoded environment variables can overwrite the values specified by the environment field.

pidNamespace

string

An optional identifier for a PID namespace to run the action inside. Multiple actions should use the same string to share a namespace. If unspecified, a separate isolated namespace is used.

portMappings

map (key: integer, value: integer)

A map of containers to host port mappings for this container. If the container already specifies exposed ports, use the PUBLISH_EXPOSED_PORTS flag instead.

The host port number must be less than 65536. If it is zero, an unused random port is assigned. To determine the resulting port number, consult the ContainerStartedEvent in the operation metadata.

mounts[]

object (Mount)

A list of mounts to make available to the action.

In addition to the values specified here, every action has a special virtual disk mounted under /google that contains log files and other operational components.

  • /google/logs

    All logs written during the pipeline execution.

  • /google/logs/output

    The combined standard output and standard error of all actions run as part of the pipeline execution.

  • /google/logs/action/*/stdout

    The complete contents of each individual action's standard output.

  • /google/logs/action/*/stderr

    The complete contents of each individual action's standard error output.

labels

map (key: string, value: string)

Labels to associate with the action. This field is provided to assist workflow engine authors in identifying actions (for example, to indicate what sort of action they perform, such as localization or debugging). They are returned in the operation metadata, but are otherwise ignored.

credentials

object (Secret)

If the specified image is hosted on a private registry other than Google Container Registry, the credentials required to pull the image must be specified here as an encrypted secret.

The secret must decrypt to a JSON-encoded dictionary containing both username and password keys.

timeout

string (Duration format)

The maximum amount of time to give the action to complete. If the action fails to complete before the timeout, it will be terminated and the exit status will be non-zero. The pipeline will continue or terminate based on the rules defined by the ALWAYS_RUN and IGNORE_EXIT_STATUS flags.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

ignoreExitStatus

boolean

Normally, a non-zero exit status causes the pipeline to fail. This flag allows execution of other actions to continue instead.

runInBackground

boolean

This flag allows an action to continue running in the background while executing subsequent actions. This is useful to provide services to other actions (or to provide debugging support tools like SSH servers).

alwaysRun

boolean

By default, after an action fails, no further actions are run. This flag indicates that this action must be run even if the pipeline has already failed. This is useful for actions that copy output files off of the VM or for debugging. Note that no actions will be run if image prefetching fails.

enableFuse

boolean

Enable access to the FUSE device for this action. Filesystems can then be mounted into disks shared with other actions. The other actions do not need the enableFuse flag to access the mounted filesystem.

This has the effect of causing the container to be executed with CAP_SYS_ADMIN and exposes /dev/fuse to the container, so use it only for containers you trust.

publishExposedPorts

boolean

Exposes all ports specified by EXPOSE statements in the container. To discover the host side port numbers, consult the ACTION_STARTED event in the operation metadata.

disableImagePrefetch

boolean

All container images are typically downloaded before any actions are executed. This helps prevent typos in URIs or issues like lack of disk space from wasting large amounts of compute resources.

If set, this flag prevents the worker from downloading the image until just before the action is executed.

disableStandardErrorCapture

boolean

A small portion of the container's standard error stream is typically captured and returned inside the ContainerStoppedEvent. Setting this flag disables this functionality.

blockExternalNetwork

boolean

Prevents the container from accessing the external network.

Secret

Holds encrypted information that is only decrypted and stored in RAM by the worker VM when running the pipeline.

JSON representation
{
  "keyName": string,
  "cipherText": string
}
Fields
keyName

string

The name of the Cloud KMS key that will be used to decrypt the secret value. The VM service account must have the required permissions and authentication scopes to invoke the decrypt method on the specified key.

cipherText

string

The value of the cipherText response from the encrypt method. This field is intentionally unaudited.

Mount

Carries information about a particular disk mount inside a container.

JSON representation
{
  "disk": string,
  "path": string,
  "readOnly": boolean
}
Fields
disk

string

The name of the disk to mount, as specified in the resources section.

path

string

The path to mount the disk inside the container.

readOnly

boolean

If true, the disk is mounted read-only inside the container.

Resources

The system resources for the pipeline run.

At least one zone or region must be specified or the pipeline run will fail.

JSON representation
{
  "regions": [
    string
  ],
  "zones": [
    string
  ],
  "virtualMachine": {
    object (VirtualMachine)
  }
}
Fields
regions[]

string

The list of regions allowed for VM allocation. If set, the zones field must not be set.

zones[]

string

The list of zones allowed for VM allocation. If set, the regions field must not be set.

virtualMachine

object (VirtualMachine)

The virtual machine specification.

VirtualMachine

Carries information about a Compute Engine VM resource.

JSON representation
{
  "machineType": string,
  "preemptible": boolean,
  "labels": {
    string: string,
    ...
  },
  "disks": [
    {
      object (Disk)
    }
  ],
  "network": {
    object (Network)
  },
  "accelerators": [
    {
      object (Accelerator)
    }
  ],
  "serviceAccount": {
    object (ServiceAccount)
  },
  "bootDiskSizeGb": integer,
  "cpuPlatform": string,
  "bootImage": string,
  "nvidiaDriverVersion": string,
  "enableStackdriverMonitoring": boolean,
  "dockerCacheImages": [
    string
  ],
  "volumes": [
    {
      object (Volume)
    }
  ],
  "reservation": string
}
Fields
machineType

string

Required. The machine type of the virtual machine to create. Must be the short name of a standard machine type (such as "n1-standard-1") or a custom machine type (such as "custom-1-4096", where "1" indicates the number of vCPUs and "4096" indicates the memory in MB). See Creating an instance with a custom machine type for more specifications on creating a custom machine type.

preemptible

boolean

If true, allocate a preemptible VM.

labels

map (key: string, value: string)

Optional set of labels to apply to the VM and any attached disk resources. These labels must adhere to the name and value restrictions on VM labels imposed by Compute Engine.

Labels keys with the prefix 'google-' are reserved for use by Google.

Labels applied at creation time to the VM. Applied on a best-effort basis to attached disk resources shortly after VM creation.

disks[]

object (Disk)

The list of disks to create and attach to the VM.

Specify either the volumes[] field or the disks[] field, but not both.

network

object (Network)

The VM network configuration.

accelerators[]

object (Accelerator)

The list of accelerators to attach to the VM.

serviceAccount

object (ServiceAccount)

The service account to install on the VM. This account does not need any permissions other than those required by the pipeline.

bootDiskSizeGb

integer

The size of the boot disk, in GB. The boot disk must be large enough to accommodate all of the Docker images from each action in the pipeline at the same time. If not specified, a small but reasonable default value is used.

cpuPlatform

string

The CPU platform to request. An instance based on a newer platform can be allocated, but never one with fewer capabilities. The value of this parameter must be a valid Compute Engine CPU platform name (such as "Intel Skylake"). This parameter is only useful for carefully optimized work loads where the CPU platform has a significant impact.

For more information about the effect of this parameter, see https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform.

bootImage

string

The host operating system image to use.

Currently, only Container-Optimized OS images can be used.

The default value is projects/cos-cloud/global/images/family/cos-stable, which selects the latest stable release of Container-Optimized OS.

This option is provided to allow testing against the beta release of the operating system to ensure that the new version does not interact negatively with production pipelines.

To test a pipeline against the beta release of Container-Optimized OS, use the value projects/cos-cloud/global/images/family/cos-beta.

nvidiaDriverVersion
(deprecated)

string

The NVIDIA driver version to use when attaching an NVIDIA GPU accelerator. The version specified here must be compatible with the GPU libraries contained in the container being executed, and must be one of the drivers hosted in the nvidia-drivers-us-public bucket on Google Cloud Storage.

enableStackdriverMonitoring

boolean

Whether Stackdriver monitoring should be enabled on the VM.

dockerCacheImages[]

string

The Compute Engine Disk Images to use as a Docker cache. The disks will be mounted into the Docker folder in a way that the images present in the cache will not need to be pulled. The digests of the cached images must match those of the tags used or the latest version will still be pulled. The root directory of the ext4 image must contain image and overlay2 directories copied from the Docker directory of a VM where the desired Docker images have already been pulled. Any images pulled that are not cached will be stored on the first cache disk instead of the boot disk. Only a single image is supported.

volumes[]

object (Volume)

The list of disks and other storage to create or attach to the VM.

Specify either the volumes[] field or the disks[] field, but not both.

reservation

string

If specified, the VM will only be allocated inside the matching reservation. It will fail if the VM parameters don't match the reservation.

Disk

Carries information about a disk that can be attached to a VM.

See https://cloud.google.com/compute/docs/disks/performance for more information about disk type, size, and performance considerations.

Specify either Volume or Disk, but not both.

JSON representation
{
  "name": string,
  "sizeGb": integer,
  "type": string,
  "sourceImage": string
}
Fields
name

string

A user-supplied name for the disk. Used when mounting the disk into actions. The name must contain only upper and lowercase alphanumeric characters and hyphens and cannot start with a hyphen.

sizeGb

integer

The size, in GB, of the disk to attach. If the size is not specified, a default is chosen to ensure reasonable I/O performance.

If the disk type is specified as local-ssd, multiple local drives are automatically combined to provide the requested size. Note, however, that each physical SSD is 375GB in size, and no more than 8 drives can be attached to a single instance.

type

string

The Compute Engine disk type. If unspecified, pd-standard is used.

sourceImage

string

An optional image to put on the disk before attaching it to the VM.

Network

VM networking options.

JSON representation
{
  "network": string,
  "usePrivateAddress": boolean,
  "subnetwork": string
}
Fields
network

string

The network name to attach the VM's network interface to. The value will be prefixed with global/networks/ unless it contains a /, in which case it is assumed to be a fully specified network resource URL.

If unspecified, the global default network is used.

usePrivateAddress

boolean

If set to true, do not attach a public IP address to the VM. Note that without a public IP address, additional configuration is required to allow the VM to access Google services.

See https://cloud.google.com/vpc/docs/configure-private-google-access for more information.

subnetwork

string

If the specified network is configured for custom subnet creation, the name of the subnetwork to attach the instance to must be specified here.

The value is prefixed with regions/*/subnetworks/ unless it contains a /, in which case it is assumed to be a fully specified subnetwork resource URL.

If the * character appears in the value, it is replaced with the region that the virtual machine has been allocated in.

Accelerator

Carries information about an accelerator that can be attached to a VM.

JSON representation
{
  "type": string,
  "count": string
}
Fields
type

string

The accelerator type string (for example, "nvidia-tesla-k80").

Only NVIDIA GPU accelerators are currently supported. If an NVIDIA GPU is attached, the required runtime libraries will be made available to all containers under /usr/local/nvidia. The driver version to install must be specified using the NVIDIA driver version parameter on the virtual machine specification. Note that attaching a GPU increases the worker VM startup time by a few minutes.

count

string (int64 format)

How many accelerators of this type to attach.

ServiceAccount

Carries information about a Google Cloud service account.

JSON representation
{
  "email": string,
  "scopes": [
    string
  ]
}
Fields
email

string

Email address of the service account. If not specified, the default Compute Engine service account for the project will be used.

scopes[]

string

List of scopes to be enabled for this service account on the VM, in addition to the cloud-platform API scope that will be added by default.

Volume

Carries information about storage that can be attached to a VM.

Specify either Volume or Disk, but not both.

JSON representation
{
  "volume": string,

  // Union field storage can be only one of the following:
  "persistentDisk": {
    object (PersistentDisk)
  },
  "existingDisk": {
    object (ExistingDisk)
  },
  "nfsMount": {
    object (NFSMount)
  }
  // End of list of possible types for union field storage.
}
Fields
volume

string

A user-supplied name for the volume. Used when mounting the volume into Actions. The name must contain only upper and lowercase alphanumeric characters and hyphens and cannot start with a hyphen.

Union field storage.

storage can be only one of the following:

persistentDisk

object (PersistentDisk)

Configuration for a persistent disk.

existingDisk

object (ExistingDisk)

Configuration for a existing disk.

nfsMount

object (NFSMount)

Configuration for an NFS mount.

PersistentDisk

Configuration for a persistent disk to be attached to the VM.

See https://cloud.google.com/compute/docs/disks/performance for more information about disk type, size, and performance considerations.

JSON representation
{
  "sizeGb": integer,
  "type": string,
  "sourceImage": string
}
Fields
sizeGb

integer

The size, in GB, of the disk to attach. If the size is not specified, a default is chosen to ensure reasonable I/O performance.

If the disk type is specified as local-ssd, multiple local drives are automatically combined to provide the requested size. Note, however, that each physical SSD is 375GB in size, and no more than 8 drives can be attached to a single instance.

type

string

The Compute Engine disk type. If unspecified, pd-standard is used.

sourceImage

string

An image to put on the disk before attaching it to the VM.

ExistingDisk

Configuration for an existing disk to be attached to the VM.

JSON representation
{
  "disk": string
}
Fields
disk

string

If disk contains slashes, the Cloud Life Sciences API assumes that it is a complete URL for the disk. If disk does not contain slashes, the Cloud Life Sciences API assumes that the disk is a zonal disk and a URL will be generated of the form zones/<zone>/disks/<disk>, where <zone> is the zone in which the instance is allocated. The disk must be ext4 formatted.

If all Mount references to this disk have the readOnly flag set to true, the disk will be attached in read-only mode and can be shared with other instances. Otherwise, the disk will be available for writing but cannot be shared.

NFSMount

Configuration for an NFSMount to be attached to the VM.

JSON representation
{
  "target": string
}
Fields
target

string

A target NFS mount. The target must be specified as `address:/mount".