1 of 100

DNAnexus Documentation

Overview

Using the DNAnexus Platform

Get to know commonly used features in a series of short, task-oriented tutorials.

Learn to access and use the Platform via both its command-line interface and its user interface.

Learn to manage data, users, and work on the Platform, via its API. Create and share reusable pipelines, applications for analyzing data, custom viewers, and workflows.

Administrator

This section is targeted towards organizational leads who have the permission to enable others to use DNAnexus for scientific purposes. Operations include managing organization permissions, billing, and authentication to the platform.

Download, install, and get started using the DNAnexus Platform SDK, the DNAnexus upload and download agents, and dxCompiler.

Get details on new features, changes, and bug fixes for each Platform and toolkit release.

Getting Started

Get to know features you'll use every day, in these short, task-oriented tutorials.

You must set up billing for your account before you can perform an analysis, or upload or egress data. Follow these instructions to set up billing.

Running a Single App

Creating and Running a Workflow

Monitoring Jobs and Viewing Results

Visualizing Data

Learn More

See these Key Concepts pages for more in-depth treatments of topics that are covered briefly here:

For a step-by-step written tutorial to using the Platform via its UI, see .

For a step-by-step written tutorial to using the Platform via its CLI, see .

For a more in-depth video intro to the Platform, watch the .

Additional Tutorials

As a developer, you may be interested in the following:

As a bioinformatician, see the walkthrough and other content in the .

DNAnexus Essentials

Learn to upload data, create a project, run an analysis, and visualize results.

Learn More

See these Key Concepts pages to learn more about how the DNAnexus Platform works, and how to get the most from it:

Projects

Get up and running quickly using the Platform via both its user interface (UI) and its command-line interface (CLI):

Learn the basics of developing for the Platform:

Key Concepts

By understanding projects, organizations, apps, and workflows, you'll improve your understanding of the DNAnexus Platform.

Bash

Bash Helpers

Learn to build an applet that performs a basic SAMtools count with the aid of bash helper variables.

Source Code

SAMtools count

View full source code on GitHub

This applet performs a basic samtools view -c {bam} command, referred to as "SAMtools count", on the DNAnexus Platform.

Download BAM Files

For bash scripts, inputs to a job execution become environment variables. The inputs from the dxapp.json file are formatted as shown below:

The object mappings_bam, a DNAnexus link containing the file ID of that file, is available as an environmental variable in the applet's execution. Use the command dx download to download the BAM file. By default, downloading a file preserves the filename of the object on the platform.

SAMtools Count

Use the bash helper variable mappings_bam_name for file inputs. For these inputs, the DNAnexus Platform creates a bash variable [VARIABLE]_name that holds the platform filename. Because the file was downloaded with default parameters, the worker filename matches the platform filename. The helper variable [VARIABLE]_prefix contains the filename minus any suffixes specified in the input field patterns (for example, the platform removes the trailing .bam to create [VARIABLE]_prefix).

Upload Result

Use command to upload data to the platform. This uploads the file into the job container, a temporary project that holds onto files associated with the job. When running the command dx upload with the flag --brief, the command returns only the file ID.

Job containers are an integral part of the execution process. To learn more see .

Associate With Output

The output of an applet must be declared before the applet is even built. Looking back to the dxapp.json file, you see the following:

The applet declares a file type output named counts_txt. In the applet script, specify which file should be associated with the output counts_txt. On job completion, this file is copied from the temporary job container to the project that launched the job.

TensorBoard Example Web App

View full source code on GitHub

This example demonstrates how to run TensorBoard inside a DNAnexus applet.

TensorBoard is a web application used to visualize and inspect what is going on inside TensorFlow training. To use TensorBoard, your training script in TensorFlow must include code that saves specific data to a log directory where TensorBoard can then find the data to display it.

This example uses an example script from the TensorBoard authors. For more guidance on how to use TensorBoard, check out the TensorFlow website (external link).

Creating the web application

The applet code runs a training script, which is placed in resources/home/dnanexus/ to make it available in the current working directory of the worker, and then it starts TensorBoard on port 443 (HTTPS).

Run the training script in the background to start TensorBoard immediately, which lets you see the results while training is still running. This is particularly important for long-running training scripts.

For all web apps, if everything is running smoothly and no errors are encountered (the ideal case), the line of code that starts the server keeps it running forever. The applet stops only when it is terminated. This also means that any lines of code after the server starts are not executed.

As with all web apps, the dxapp.json must include "httpsApp": {"ports":[443], "shared_access": "VIEW"} to tell the worker to expose port 443.

Creating an applet on DNAnexus

Build the asset with the libraries first:

Take the record ID it outputs and add it to the dxapp.json for the applet.

Then build the applet

Once it spins up, you can go to that job's designated URL based on its job ID, https://job-xxxx.dnanexus.cloud/, to see the result.

Git Dependency

View full source code on GitHub

What does this applet do?

This applet performs a basic SAMtools count of alignments present in an input BAM.

Prerequisites

The app must have network access to the hostname where the git repository is located. In this example, access.network is set to:

To learn more about access and network fields see .

How is the SAMtools dependency added?

SAMtools is cloned and built from the repository. The following is a closer look at the dxapp.json file's runSpec.execDepends property:

The execDepends value is a JSON array of dependencies to resolve before the applet source code is run. In this applet, the git fetch dependencies for htslib and SAMtools are specified. Dependencies resolve in the order listed. Specify htslib first, before the SAMtools build_commands, because newer versions of SAMtools depend on htslib. An overview of each property in the git dependency:

package_manager - Details the type of dependency and how to resolve. .
url - Must point to the server containing the repository. In this case, a GitHub URL.

The build_commands are executed from the destdir. Use cd when appropriate.

How is SAMtools called in the `src` script?

Because "destdir": "/home/dnanexus" is set in dxapp.json, the git repository is cloned to the same directory from which the script executes. The example directory's structure:

The SAMtools command in the app script is samtools/samtools.

Applet Script

You can build SAMtools in a directory that is on the $PATH or add the binary directory to $PATH. Keep this in mind for your app(let) development.

Parallel by Region (sh)

This applet performs a basic SAMtools count on a series of sliced (by canonical chromosome) BAM files in parallel using wait (Ubuntu 14.04+).

View full source code on GitHub

How is the SAMtools dependency provided?

The SAMtools dependency is resolved by declaring an Apt-Get package in the dxapp.json runSpec.execDepends.

Debugging

The command set -e -x -o pipefail assists you in debugging this applet:

-e causes the shell to immediately exit if a command returns a non-zero exit code.
-x prints commands as they are executed, which is useful for tracking the job's status or pinpointing the exact execution failure.
-o pipefail

The *.bai file was an optional job input. You can check for a empty or unset var using the bash built-in test [[ - z ${var}} ]]. You can then download or create a *.bai index as needed.

Parallel Run

Bash's system allows for convenient management of multiple processes. In this example, bash commands are run in the background as the maximum job executions are controlled in the foreground. You can place processes in the background using the character & after a command.

Job Output

Once the input BAM has been sliced, counted, and summed, the output counts_txt is uploaded using the command . The following directory structure required for dx-upload-all-outputs is below:

In your applet, upload all outputs by creating the output directory and then using dx-upload-all-outputs to upload the output files.

Parallel xargs by Chr

This applet slices a BAM file by canonical chromosome then performs a parallelized samtools view -c using xargs. Type man xargs for general usage information.

View full source code on GitHub

How is the SAMtools dependency provided?

The SAMtools compiled binary is placed directory in the <applet dir>/resources directory. Any files found in the resources/ directory are uploaded so that they are present in the root directory of the worker. In this case:

When this applet is run on a worker, the resources/ folder is placed in the worker's root directory /:

/usr/bin is part of the $PATH variable, so the script can reference the samtools command directly, for example, samtools view -c ....

Parallel Run

Splice BAM

First, download the BAM file and slice it by canonical chromosome, writing the *bam file names to another file.

To split a BAM by regions, you need a *.bai index. You can either create an app(let) which takes the *.bai as an input or generate a *.bai in the applet. In this tutorial, you generate the *.bai in the applet, sorting the BAM if necessary.

Xargs SAMtools view

In the previous section, you recorded the name of each sliced BAM file into a record file. Next, perform a samtools view -c on each slice using the record file as input.

Upload results

The results file is uploaded using the standard bash process:

Upload a file to the job execution's container.
Provide the DNAnexus link as a job's output using the script dx-jobutil-add-output <output name>

Precompiled Binary

This tutorial showcases packaging a precompiled binary in the resources/ directory of an app(let).

View full source code on GitHub

Precompiling a Binary

In this applet, the SAMtools binary was precompiled on an Ubuntu machine. A user can do this compilation on an Ubuntu machine of their own, or they can use the Cloud Workstation app to build and compile a binary. On the Cloud Workstation, the user can download the SAMtools source code and compile it in the worker environment, ensuring that the binary runs on future workers.

See in the App library for more information.

Resources Directory

The SAMtools precompiled binary is placed in the <applet dir>/resources/ directory. Any files found in the resources/ directory are packaged, uploaded to the Platform, and then extracted in the root directory \ of the worker. In this case, the resources/ dir is structured as follows:

When this applet is run on a worker, the resources/ directory is placed in the worker's root directory /:

The SAMtools command is available because the respective binary is visible from the default $PATH variable. The directory /usr/bin/ is part of $PATH, so the script can reference the samtools command directly:

R Shiny Example Web App

This is an example web applet that demonstrates how to build and run an R Shiny application on DNAnexus.

View full source code on GitHub

Creating the web application

Inside the dxapp.json, you would add "httpsApp": {"ports":[443], "shared_access": "VIEW"} to tell the worker to expose this port.

R Shiny needs two scripts, server.R and ui.R, which should be under resources/home/dnanexus/my_app/. When a job starts based on this applet, the resources directory is copied onto the worker, and since the ~/ path on the worker is /home/dnanexus, that means you have ~/my_app with those two scripts inside.

From the main applet script code.sh, start shiny pointing to ~/my_app, serving its mini-application on port 443.

For all web apps, if everything is running smoothly and no errors are encountered (the ideal case), the line of code that starts the server keeps it running indefinitely. The applet stops only when it is terminated. This also means that any lines of code after the server starts are not executed.

Modifying this example for your own applet

To make your own applet with R Shiny, copy the source code from this example and modify server.R and ui.R inside resources/home/dnanexus/my_app.

How to rebuild the shiny asset

To build the asset, run the dx build_asset command and pass shiny-asset, that is the name of the directory holding dxasset.json:

This outputs a record ID record-xxxx that you can then put into the applet's dxapp.json in place of the existing one:

Build the applet

Build and run the applet itself:

Once it spins up, you can go to that job's designated URL based on its job ID, https://job-xxxx.dnanexus.cloud/, to see the result.

Python

Dash Example Web App

This is an example web app made with Dash, which in turn uses Flask underneath.

View full source code on GitHub

Creating the web application

After configuring an app with Dash, start the server on port 443.

Inside the dxapp.json, you would add "httpsApp": {"ports":[443], "shared_access": "VIEW"} to tell the worker to expose this port.

The rest of these instructions apply to building any applet with dependencies stored in an asset.

Creating an applet on DNAnexus

Install the and , then run dx-app-wizard with default options.

Creating the asset

dash-asset specifies all the packages and versions needed. These come from the .

Add these into dash-asset/dxasset.json:

Build the asset:

Use the asset from the applet

Add this asset to the applet's dxapp.json:

Build the applet

Build and run the applet itself:

You can always use dx ssh job-xxxx to ssh into the worker and inspect what's going on or experiment with quick changes Then go to that job's special URL https://job-xxxx.dnanexus.cloud/ and see the result!

Optional local testing

The main code is in dash-web-app/resources/home/dnanexus/my_app.py with a local launcher script called local_test.py in the same folder. This allows you to launch the same core code in the applet locally to quickly iterate. This is optional because you can also do all testing on the platform itself.

Install locally the same libraries listed above.

To launch the web app locally:

Once it spins up, you can go to that job's designated URL based on its job ID, https://job-xxxx.dnanexus.cloud/, to see the result.

TensorBoard Example Web App

This example demonstrates how to run TensorBoard inside a DNAnexus applet.

TensorBoard is a web application used to visualize and inspect what is going on inside TensorFlow training. To use TensorBoard, the training script in TensorFlow needs to include code that saves specific data to a log directory where TensorBoard can then find the data to display it.

This example uses an example script from the TensorBoard authors. For more guidance on how to use TensorBoard, check out the TensorFlow website ().

Concurrent Computing Tutorials

Learn important terminology before using parallel and distributed computing paradigms on the DNAnexus Platform.

Many definitions and approaches exist for tackling the concept of parallelization and distributing workloads in the cloud (Here's a on the subject). To help make the documentation easier to understand, when discussing concurrent computing paradigms this guide refers to:

Parallel: Using multiple threads or logical cores to concurrently process a workload.
Distributed: Using multiple machines (in this case instances in the cloud) that communicate to concurrently process a workload.

Parallel

User

In this section, learn to access and use the Platform via both its command-line interface (CLI) and its user interface (UI).

To use the CLI, you need to .

If you're not familiar with the dx client, check the .

This section provides detailed instructions on using the dx client to perform such common actions as logging in, selecting projects, listing, copying, moving, and deleting objects, and launching and monitoring jobs. Details on using the UI are included throughout, as applicable.

Projects

A project is a collaborative workspace on the DNAnexus Platform where you can store objects such as files, applets, and workflows. Within projects, you can run apps and workflows. You can also share a project with other users by giving them access to it. Read about projects in the Key Concepts section.

Running Apps and Workflows

Job Notifications

Learn how to set job notification thresholds on the DNAnexus Platform.

A license is required to use the functionality described on this page. Contact for more information.

Being notified of when a job may be stuck can help users to troubleshoot problems. On DNAnexus, users can set to limit the amount of time their jobs can run, or set a threshold on how long a job can take to run before the user is notified. The notification threshold can be specified in the executable at compile time via or .

When the threshold is reached for a , the system sends an email notification to both the user who launched the executable and the org admin.

Executions and Time Limits

Learn about different types of time limits on executions, and how they can affect your executions on the DNAnexus Platform.

Types of Time Limits

On the DNAnexus Platform, executions are subject to two independent time limits: job timeouts, and execution tree expirations.

Apps and Workflows Glossary

Learn key terms used to describe apps and workflows.

On the DNAnexus Platform, the following terms are used when discussing apps and workflows:

Execution: An analysis or job.
- Root execution: The initial analysis or job that's created when a user makes an API call to run a workflow, app, or applet. Analyses and jobs created from a job via /executable-xxxx/run API call with detach flag set to true are also root executions.
- Execution tree: The set of all jobs and/or analyses that are created because of running a root execution.
Analysis: An analysis is created when a workflow is run. It consists of some number of stages, each of which consists of either another analysis (if running a workflow) or a job (if running an app or applet).
- Parent analysis: Each analysis is the parent analysis to each of the jobs that are created to run its stages.
Job: A job is a unit of execution that is run on a worker in the cloud. A job is created when an app or applet is run, or when a job spawns another job.
- Origin job: The job created when an app or applet is run by either a user or an analysis. An origin job always executes the "" entry point.
- Master job: The job created when an app or applet is run by a user, job, or analysis. A master job always executes the "main" entry point. All origin jobs are also master jobs.
Job-based object reference: A hash containing a job ID and an output field name. This hash is given in the input or output of a job. Once the specified job has transitioned to the "done" state, it is replaced with the specified job's output field.

Kaplan-Meier Survival Curve

Learn to build and use Kaplan-Meier Survival Curve charts in the Cohort Browser.

An Apollo license is required to use Cohort Browser on the DNAnexus Platform. Org approval may also be required. for more information.

Building a Kaplan-Meier Survival Curve Chart

Scatter Plot

Learn to build and use scatter plots in the Cohort Browser.

An Apollo license is required to use Cohort Browser on the DNAnexus Platform. Org approval may also be required. for more information.

When to Use Scatter Plots

Stacked Row Chart

Learn to build and use stacked row charts in the Cohort Browser.

An Apollo license is required to use Cohort Browser on the DNAnexus Platform. Org approval may also be required. for more information.

When to Use Stacked Row Charts

JupyterLab Quickstart

In this tutorial, you will learn how to create and run a notebook in JupyterLab on the platform, download data from the notebook, and upload results to the platform.

JupyterLab is accessible to all users of the UK Biobank Research Analysis Platform and the Our Future Health Trusted Research Environment.

A license is required to access JupyterLab on the DNAnexus Platform. for more information.

FreeSurfer in JupyterLab

Learn how to use FreeSurfer in JupyterLab.

JupyterLab is accessible to all users of the UK Biobank Research Analysis Platform and the Our Future Health Trusted Research Environment.

A license is required to access JupyterLab on the DNAnexus Platform. Contact DNAnexus Sales for more information.

About FreeSurfer

FreeSurfer is a software package for the analysis and visualization of structural and functional neuroimaging data from cross-sectional or longitudinal studies.

The FreeSurfer package comes pre-installed with the IMAGE_PROCESSING .

FreeSurfer License Registration

To use FreeSurfer on the DNAnexus Platform, you need a valid FreeSurfer license. You can register for the FreeSurfer license at the .

Using the FreeSurfer License on DNAnexus

To use the FreeSurfer license, complete the following steps:

Upload the license text file to your project on the DNAnexus Platform.
Launch the JupyterLab app and specify the IMAGE_PROCESSING feature.
Once JupyterLab is running, open your existing notebook (or a new notebook) and download the license file into the FREESURFER_HOME directory.

The commands to download the license file are as follows:

Python kernel: !dx download license.txt -o $FREESURFER_HOME
Bash kernel: dx download license.txt -o $FREESURFER_HOME

MONAI in JupyterLab

Using MONAI Core, MONAI Label/3D Slicer (SlicerJupyter) via JupyterLab

Medical Open Network for AI () is a framework built for deep learning in healthcare imaging. To use MONAI on the DNAnexus Platform, with the MONAI_ML feature, which includes:

: PyTorch-based framework for deep learning in healthcare imaging.
: An intelligent image labeling and learning tool designed to create training datasets and build AI annotation models. It provides a server-client framework that integrates with imaging viewers.

Apollo Apps

Spark Applications

A license is required to access Spark functionality on the DNAnexus Platform. Contact DNAnexus Sales for more information.

The Spark application is an extension of the current app(let) framework. App(let)s have a for their VM (instance type, OS, packages). This has been extended to allow for an additional optional with type=dxspark.

Calling /app(let)-xxxx/run for Spark apps creates a Spark cluster (+ master VM).
The master VM (where the app shell code runs) acts as the driver node for Spark.
Code in the master VM leverages the Spark infrastructure.

Spark apps can be launched over a distributed Spark cluster.

Example Applications

Objects

Uploading and Downloading Files

Projects

Learn to use projects to collaborate, organize your work, manage billing, and control access to files and executables.

About Projects

Within the DNAnexus Platform, a project is first and foremost a means of enabling users to collaborate, by providing them with shared access to specific data and tools.

Projects have a series of features designed for collaboration, helping project members coordinate and organize their work, and ensuring appropriate control over both data and tools.

See the for details on how to create a project, share it with other users, and run an analysis.

Managing Project Content

A key function of each project is to serve as a shared storehouse of data objects used by project members as they collaborate.

Click on a project's Manage tab to see a list of all the data objects stored in the project. Within the Manage screen, you can browse and manage these objects, with the range of available actions for an object dependent on its type.

The following are four common actions you can perform on objects from within the Manage screen.

Downloading Files

You can directly download file objects from the system.

Select the file's row.
Click More Actions (⋮).
From the list of available actions, select Download.

Getting More Information on Objects

To learn more about an object:

Select its row, then click the Show Info Panel button - the "i" icon - in the upper corner of the Manage screen.
Select the row showing the name of the object about which you want to know more. An info panel opens on the right, displaying a range of information about the object. This includes its unique ID, as well as metadata about its owner, time of creation, size, tags, properties, and more.

Deleting Objects

Deletion is permanent and cannot be undone.

To delete an object:

Select its row.
Click More Actions (⋮).
From the list of available actions, select Delete.

Copying Data to Another Project

To copy a data object or objects to another project, you must have CONTRIBUTE or ADMINISTER access to that project.

Select the object or objects you want to copy to a new project, by clicking the box to the left of the name of each object in the objects list.
Click the Copy button in the upper right corner of the Manage screen. A modal window opens.
Select the project to which you want to copy the object or objects, then select the location within the project to which the objects should be copied.

Adding Project Members

You can collaborate on the platform by . On sharing a project with a user, or group of users in an , they become project members, with access at one of the levels described below. Project access can be revoked at any time by a project administrator.

Removing Project Members

To remove a user or org from a project to which you have ADMINISTER access:

On the project's Manage screen, click the Share Project button - the "two people" icon - in the top right corner of the page. A modal window opens, showing a list of project members.
Find the row showing the user you want to remove from the project.
Move your mouse over that row, then click the Remove from Members button at the right end of the row.

Project Access Levels

Access Level

Description

Project Access Levels: Two Examples

Suppose you have a set of samples sequenced at your lab, and you have a collaborator who's interested in three of the samples. You can upload the data associated with those samples into a new project, then share that new project with your collaborator, granting them VIEW access.

Alternatively, suppose that you and your collaborator are working on the same tissue samples, but each of you wants to try a different sequencing process. You can create a new project, then upload your sequenced data to the project. Then grant your collaborator UPLOAD access to the project, allowing them to upload their data. You both are then able to use each other's data to perform downstream analyses.

Restricting Access to Executables

A project admin can configure a project to allow project members to run only specific executables as . The list of allowed executables is set by entering the following command, via the CLI:

This command overwrites any existing list of allowed executables.

To discard the allowed executables list, that is, let project members run all available executables as root executions, enter the following command:

Executables that are called by a permitted executable can run even if they are not included in the list.

Project Data Access Controls

Users with ADMINISTER access to a project can restrict the ability of project members to view, copy, delete, and download project data. The project-level boolean flags below provide fine-grained data access control. All data access control flags default to false and you can view and modify them via the CLI and the Platform API. In the project's Settings web screen, you can view and modify the protected, restricted, downloadRestricted, previewViewerRestricted, externalUploadRestricted, and containsPHI settings as described below.

protected: If set to true, only project members with ADMINISTER access to the project can delete project data. Otherwise, project members with ADMINISTER and CONTRIBUTE access can delete project data. This flag corresponds to the Delete Access policy in the project's Settings web interface screen.
restricted: If set to true,

PHI Data Protection

Only projects billed to org billing accounts can have PHI Data Protection enabled.

A license and a signed Business Associate Agreement are required to enable and use PHI Data Protection. for more information.

Protected Health Information, or PHI, is identifiable health information that can be linked to a specific person. On the DNAnexus Platform, PHI Data Protection safeguards the confidentiality and integrity of data in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

When PHI Data Protection is enabled for a project, it is subject to the following protective restrictions:

Data in this project cannot be cloned to other projects that do not have containsPHI set to true
Any jobs that run in non-PHI projects cannot access any data that can only be found in PHI projects
Job email notifications sent from the project refer to objects by object ID instead of by name, and other information in the notification may be elided. If you receive such a notification, you can view the elided information by logging onto the Platform and opening the notification and accessing it in the Notifications pane, accessible by clicking the "bell" icon at the far right end of the main menu.

Billing and Charges

On the DNAnexus Platform, running analyses, storing data, and egressing data are billable activities, and always take place within a specific project. Each project is associated with a billing account to which invoices are sent, covering all billable activities carried out within the project.

For information on configuring your billing account, see .

You link a project to a billing account, that is an organization that the expenses are billed to, when you .

Monthly Project Spending and Usage Limits

Licenses are required for both the Monthly Project Compute and Egress Usage Limit and Monthly Project Storage Spending Limit features. for more information.

The Monthly Project Usage Limit for Compute and Egress and Monthly Project Storage Spending Limit features can help project admins monitor and keep project costs under control. For more information, see .

In the project's Settings tab under the Usage Limits section, project admins can view the project's compute and egress usage limits.

For details on how to set and retrieve project-specific compute and egress usage limits, and storage spending limits, see the .

Transferring Project Billing Responsibility

Transferring Billing Responsibility to Another User

If you have ADMINISTER access to a project, you can transfer project billing responsibility to another user, by doing the following:

On the project's Settings screen, scroll down to the Administration section.
Click the Transfer Billing button. A modal window opens.
Enter the email address or username of the user to whom you want to transfer billing responsibility for the project.

The user receives an email notification of your request. To finalize the transfer, they need to log onto the Platform and formally accept it.

Transferring Billing Responsibility to an Org

If you have billable activities access in the org to which you wish to transfer the project, you can change the billing account of the project to the org. To do this, navigate to the project settings page by clicking on the gear icon in the project header. On the project settings page, you can then select which to which billing account the project should be billed.

If you do not have billable activities access in the org you wish to transfer the project to, you need to transfer the project to a user who does have this access. The recipient is then able to follow the instructions below to accept a project transfer on behalf of an org.

Cancelling a Transfer of Billing Responsibility

You can cancel a transfer of project billing responsibility, so long as it hasn't yet been formally accepted by the recipient. To do this:

Select All Projects from the Projects link in the main menu. Open the project. You see a Pending Project Ownership Transfer notification at the top of the screen.
Click the Cancel Transfer button to cancel the transfer.

Accepting a Transfer Request

When another user initiates a project transfer to you, you receive a project transfer request, via both an email, and a notification accessible by clicking the Notifications button - the "bell" - at the far right end of the main menu.

If you did not already have access to the project being transferred, you receive VIEW access and the project appears in the list on the Projects screen.

To accept the transfer:

Open the project. You see a Pending Project Ownership Transfer notification in the project header.
Click the Accept Transfer button.
Select a new billing account for the project from the dropdown of eligible accounts.

Projects with PHI Data Protection Enabled

If a project has PHI Data Protection enabled, it may only be transferred to an org billing account which also has PHI Data Protection enabled.

Project Sponsorship

A user or org can sponsor the cost of data storage in a project for a fixed term. During the sponsorship period, project members may copy this data to their own projects and store it there, without incurring storage charges.

On setting up the sponsorship, the sponsor sets it end date. The sponsor can change this end date at any time.

Billing responsibility for sponsored projects may not be transferred.

Sponsored projects may not be deleted, without the project sponsor first ending the sponsorship, by changing its end date to a date in the past.

For more information about sponsorship, contact .

Learn More

for detailed information on projects that are billed to an org.

Learn about accessing and working with projects via the CLI:

Learn about working with projects as a developer:

JupyterLab Reference

This page is a reference for most useful operations and features in the JupyterLab environment.

JupyterLab is accessible to all users of the UK Biobank Research Analysis Platform and the Our Future Health Trusted Research Environment.

A license is required to access JupyterLab on the DNAnexus Platform. Contact DNAnexus Sales for more information.

Download Files from the Project to the Local Execution Environment

Bash

You can download input data from a project using in a notebook cell:

The %%bash keyword converts the whole cell to a magic cell which allows you to run bash code in that cell without exiting the Python kernel. See examples of magic commands in the . The ! prefix achieves the same result:

Alternatively, the dx command can be executed from the .

Python

To download data with Python in the notebook, you can use the function:

Check the for details on how to download files and folders.

Upload Data from the Session to the Project

Bash

Any files from the execution environment can be uploaded to the project using :

Python

To upload data using Python in the notebook, you can use the function:

Check the for details on how to upload files and folders.

Download and Upload Data to Your Local Machine

By selecting a notebook or any other file on your computer and dragging it into the DNAnexus project file browser, you can upload the files directly to the project. To download a file, right-click on it and click Download (to local computer).

You may upload and download data to the in a similar way, that is, by dragging and dropping files to the execution file browser or by right-clicking on the files there and clicking Download.

Use the Terminal

It is useful to have a terminal provided by JupyterLab at hand, which uses bash shell by default and lets you execute shell scripts or interact with the platform via dx toolkit. For example, the following command confirms what the current project context is:

Running pwd shows you that the working directory of the execution environment is /opt/notebooks. The JupyterLab server is launched from this directory, which is also the default location of the output files generated in the notebooks.

To open a terminal window, go to File > New > Terminal or open it from the Launcher (using the "Terminal" box at the bottom). To open a Launcher, select File > New Launcher.

Install Custom Packages in the Session Environment

You can install pip, conda, apt-get, and other packages in the execution environment from the notebook:

By creating a , you can start subsequent sessions with these packages pre-installed by providing the snapshot as input.

Access Public and Private GitHub Repositories from the JupyterLab Terminal

You can access public GitHub repositories from the JupyterLab terminal using git clone command. By placing a private ssh key that's registered with your GitHub account in /root/.ssh/id_rsa you can clone private GitHub repositories using git clone and push any changes back to GitHub using git push from the JupyterLab terminal.

Below is a screenshot of a JupyterLab session with a terminal displaying a script that:

sets up ssh key to access a private GitHub repository and clones it,
clones a public repository,
downloads a JSON file from the DNAnexus project,

This animation shows the first part of the script in action:

Run Notebooks Non-Interactively

A command can be run in the JupyterLab Docker container without starting an interactive JupyterLab server. To do that, provide the cmd input and additional input files using the in input file array. The command runs in the directory where the JupyterLab server is started and notebooks are run, that is, /opt/notebooks/. Any output files generated in this directory are uploaded to the project and returned in the out output.

The cmd input makes it possible to use a papermill tool pre-installed in the JupyterLab environment that executes notebooks non-interactively. For example, to execute all the cells in a notebook and produce an output notebook:

where notebook.ipynb is the input notebook to papermill, which needs to be passed in the in input, and output_notebook.ipynb is the name of the output notebook, which stores the result of the cells' execution. The output is uploaded to the project at the end of the app execution.

If the snapshot parameter is specified, execution of cmd takes place in the specified Docker container. The duration argument is ignored when running the app with cmd. The app can be run from the command line with the --extra-args flag to limit the runtime, for example, dx run dxjupyterlab --extra-args '{"timeoutPolicyByExecutable": {"app-xxxx":{"\*": {"hours": 1}}}}'".

If cmd is not specified, the in parameter is ignored and the output of an app consists of an empty array.

Use newer NVIDIA GPU-accelerated software

If you are trying to use newer NVIDIA GPU-accelerated software, you may find that the NVIDIA GPU Driver kernel-mode driver NVIDIA.ko that is installed outside of the JupyterLab environment does not support the newer CUDA version required by your application. You can install packages to use the newer CUDA version required by your application by following the steps below in a JupyterLab terminal.

Session Inactivity

After 15 to 30 minutes of inactivity in the JupyterLab browser tabs, the system logs you out automatically from the JupyterLab session and displays a "Server Connection Error" message. To re-enter the JupyterLab session, reload the JupyterLab webpage and log into the platform to be redirected to the JupyterLab session.

Login and Logout

Learn how to log into and out of the DNAnexus Platform, via both the user interface and the command-line interface. Learn how to use tokens to log in, and how to set up two-factor authentication.

Logging In and Out via the User Interface

To log in via the user interface (UI), open the DNAnexus Platform login page and enter your username and password.

To log out via the UI, open your account menu and select Sign Out:

Logging In via the Command-Line Interface

To log in via the command-line interface (CLI), make sure you've . From the CLI, enter the command .

Next, enter your username, or, if you've logged in before on the same computer and your username is displayed, hit Return to confirm that you want to use it to log in. Then enter your password.

See below for directions on .

See the for detail on optional arguments that can be used with dx login.

Logging Out via the Command-Line Interface

When using the CLI, log out by entering the command .

If you use a token to log in, logging out invalidates that token. To log in again, you must .

See the for detail on optional arguments that can be used with dx logout.

Auto Logout

Session inactivity

By default, the system logs out users after 15 minutes of inactivity. Exceptions apply to users logged in with an that specifies a different session duration, or users in an org with a custom autoLogoutAfter policy.

for more information on setting a custom autoLogoutAfter policy for an org.

Credentials change

The system automatically logs out users when they change their account credentials. This happens immediately after the credentials change is complete. Exceptions apply to users logged in with an .

The following actions are considered credentials changes:

Change a password
Reset a password
Confirm a new email address after updating account email
Enable or disable multi-factor authentication (MFA)

By default, changing your credentials does not automatically terminate any running jobs or active downloads and uploads that are authenticated on your behalf. When you change your credentials, you can choose Revoke Active Tokens to terminate these running jobs and active transfers. See details on .

If you suspect your account may be compromised, we strongly recommend that you:

Opt-in to terminate any active jobs authenticated on your behalf.

Using Tokens

You can log in via the CLI, and stay logged in for a fixed length of time, by using an API token, also called an authentication token.

Exercise caution when sharing DNAnexus Platform tokens. Anyone with a token can access the Platform and impersonate you as a user. They gain your access level to any projects accessible by the token, enabling them to run jobs and potentially incur charges to your account.

Generating a Token

To generate a token, open your account menu and select My Profile.

Next, click on the API Tokens tab. Then click the New Token button:

The New Token form opens in a modal window:

Consider the following points when filling out the form:

The token provides access to each project at the level at which you have access. See the .
If the token provides access to a project within which you have PHI data access, it enables access to that PHI data.
Tokens without a specified expiration date expire in one month.

After completing the form, click Generate Token. The system generates a 32-character token and displays it with a confirmation message.

Copy your token immediately. The token is inaccessible after dismissing the confirmation message or navigating away from the API Tokens screen.

Using a Token to Log In

To log in with a token via the CLI, enter the command , followed by a valid 32-character token.

Token Use Cases

Tokens are useful in multiple scenarios, such as:

Logging in via the CLI with single sign-on enabled - If your organization uses , logging in via the CLI might require a token instead of a username and password.
Logging in via a script - Scripts can use tokens to authenticate with the Platform.

When incorporating a token into a script, take care to set the token's expiration date such that the script has Platform access for only as long as necessary. Ensure as well that the script only has access to that project or those projects to which it must have access, to function properly.

Revoking a Token

When you revoke API tokens, all running jobs and all active file uploads or downloads authenticated with those tokens are terminated immediately and fail with the . Any compute or egress charges incurred up to the point of termination remain billable to the account associated with those operations.

To revoke a token, navigate to the API Tokens screen within your profile on the UI. Select the token you want to revoke, then click the Revoke button:

In the Revoke Tokens Confirmation modal window, click the Yes, revoke it button. The token is revoked, and its name no longer appears in the list of tokens on the API Tokens screen.

When to Revoke a Token

Token shared too widely - Revoke a token if someone with whom you've shared the token should no longer be able to use it, or if you're not certain who has access to it.
Token no longer needed - Revoke a token if a script that uses it is no longer in use, or if a group that had been using it no longer needs access to the Platform, or in any other situation in which the token is no longer necessary.

Logging In Non-Interactively

Though logging in typically requires direct interaction with the Platform through the UI or CLI, non-interactive login is also possible. Scripts commonly automate both login and project selection.

Non-interactive login uses dx login with the --token argument. The command automates project selection. For manual project selection, add the argument to dx login.

Two-Factor Authentication

DNAnexus recommends adding two-factor authentication to your account, to provide an extra means of ensuring the security of all data to which you have access, on the Platform.

With two-factor authentication enabled, you must enter a two-factor authentication code to log into the Platform and access certain other services. This code is a time-based one-time password valid for a single session, generated by a third-party two-factor authenticator application, such as Google Authenticator.

Two-factor authentication protects your account by requiring both your credentials and an authentication code. This prevents unauthorized access even if your username and password are compromised.

Enabling Two-Factor Authentication

DNAnexus recommends using a time-based one-time password (TOTP)–compliant authenticator application on your mobile device. Popular options include Google Authenticator, Authy, Microsoft Authenticator, and 1Password. Google Authenticator is a free application that's available for both Apple iOS and Android mobile devices. Get it on or from the .

If you are unable to use a smartphone application, compatible two-factor authenticator applications that use the TOTP (time-based one-time password) algorithm exist for other platforms.

From your account menu, select Account Security.
In the Two-Factor Authentication section, click Enable 2FA.
Choose a TOTP-compatible authenticator application and click Next.

Save your backup codes before closing the setup dialog — they will not be accessible again after you close it. Store them in a secure location. Without backup codes and without access to your authenticator application, Platform login becomes impossible.

if you lose both your codes and access to your authenticator application.

Logging In with a Backup Code

If you lose access to your authenticator application, you can use a saved backup code to log in.

Navigate to the Platform login page and enter your username and password.
When prompted for your two-factor authentication code, enter one of your saved backup codes instead.

Each backup code can only be used once. Keep track of which codes you have used and store remaining codes securely.

If you lose access to both your authenticator application and your backup codes, you will not be able to log in to the Platform. for assistance.

Disabling Two-Factor Authentication

DNAnexus recommends keeping two-factor authentication enabled after activation. You can disable it manually, provided it has not been strictly enforced by your organization admin.

Turning off two-factor authentication logs you out of all active web sessions immediately and is treated as a . If you re-enable 2FA later, you will need to reconfigure your authenticator application by scanning a new QR code or entering a new secret key, and saving a new set of backup codes.

From your account menu, select Account Security.
In the Two-Factor Authentication section, click Turn Off.
In the confirmation dialog, enter your current password and either the 6-digit code from your authenticator app or a backup code.

If you used a backup code to log in to the Platform, you need a second backup code to confirm disabling 2FA in step 3, because each backup code can only be used once.

Troubleshooting Two-Factor Authentication

Code validation failures are most commonly caused by a time-desynchronization issue on your mobile device. This can occur in two ways:

Code invalid during setup — The Platform reports an invalid code immediately after scanning the QR code during initial 2FA setup.
Codes stopped working — You previously set up 2FA successfully, but newly generated codes are no longer accepted at login.

To resolve either issue, enable Automatic Date and Time in your device's system settings and restart your phone. This synchronizes your device clock with the server time required for the TOTP algorithm to generate valid codes.

Analyzing Somatic Variants

Analyze somatic variants, including cancer-specific filtering, visualization, and variant landscape exploration in the Cohort Browser.

An Apollo license is required to use Cohort Browser on the DNAnexus Platform. Org approval may also be required. Contact DNAnexus Sales for more information.

Explore and analyze datasets with somatic variant assays by opening them in the Cohort Browser and switching to the Somatic Variants tab. You can create cohorts based on somatic variants, visualize variant patterns, and examine detailed variant information.

You can analyze somatic variants across four main categories: Single Nucleotide Variants (SNVs) & Indels for small genomic changes, Copy Number Variants (CNVs) for alterations in gene copy numbers, Fusions for structural rearrangements involving gene coding sequences, and Structural Variants (SVs) for larger genomic rearrangements.

Somatic assay datasets are created using the .

Variant Classification

The somatic data model classifies all genomic variants into four main classes, defined by their size, structure, and representation in VCF files. Each variant type has specific criteria that must be met for classification.

Variant Type

Classification Criteria

Examples

Somatic Variants in Cohort Browser

CNVs and Fusions are also classified as Structural Variants in the Cohort Browser because they use symbolic allele representations (<CNV>, <DEL>, <DUP>, <BND>

Filtering by Somatic Variants

You can to include only samples with specific somatic variants.

To apply a somatic filter to your cohort:

For the cohort you want to edit, click Add Filter.
In Add Filter to Cohort > Assays > Variant (Somatic), select a genomic filter.
In Edit Filter: Variant (Somatic), specify the criteria:

You can specify up to 10 somatic variant filters for each cohort.

After you apply or edit filters, the participant count updates immediately. However, visualization tiles do not automatically refresh. Click Refresh Visualizations at the top of the dashboard to update all tiles. Click Refresh on individual tiles to update specific charts.

Working with Large Structural Variants (>10Mbp)

Structural variants larger than 10 megabases lack gene-level annotations, which limits how you can filter and visualize them. Use these alternative filtering approaches:

Filter by genomic coordinates: In the Genes / Effects filter, enter genomic coordinates in the format chr:start-end, for example, 17:7661779-7687538 for the TP53 gene region. Set the variant type scope to SV or CNV and leave consequence types blank. Find gene coordinates by typing the gene symbol in the search icon next to the Variants & Events table.
Filter by variant IDs: In the Variant IDs filter, enter up to 10 variant IDs in the format chr_pos_ref_alt, for example, 17_7674257_A_<DEL>

For comprehensive structural variant analysis, combine multiple filtering approaches. Use gene symbol filters to capture annotated structural variants ≤ 10Mbp, then add coordinate-based filters to include larger structural variants in the same genomic regions.

Large structural variants are visible in the table with full details, but they do not appear in the due to missing gene-level annotations.

Comparing Variant Patterns Across Your Cohort

The Variant Frequency Matrix provides a visual overview of how often somatic variants appear throughout your cohort. The matrix helps you identify variant patterns across tumor samples and discover which variants frequently occur together. You can also measure the mutation burden in different genes and compare how mutation profiles differ between two cohorts. This makes it easier to spot trends and relationships in your data that might not be apparent when examining individual variants.

The Variant Frequency Matrix is interactive. You can , and , and zoom in on specific genes or regions.

In the Variant Frequency Matrix, the rows represents genes and columns represent samples, both are sorted by variant frequency.

Sorted gene list: Genes are ranked from most to least frequently affected by variants. A sample is considered "affected" by a gene if it is a tumor sample with at least one detected variant of high or moderate impact in that gene's canonical transcript. Matched normal samples are not included in this calculation.
Sorted sample list: Samples are ordered by the total number of genes that contain variants. This ranking is independent of how frequently each individual gene is affected.

The Variant Frequency Matrix displays up to the top 50 genes with the most variants and up to 500 samples for any given cohort. The samples shown are the 500 with the highest number of genes containing variants. If your cohort has fewer than 500 samples, the matrix shows all samples.

Filtering by Genes and Consequences

By default, the Variant Frequency Matrix includes all genes and samples. To narrow your view, you can filter the matrix to specific classes of somatic variants, such as SNVs & Indels, Structural Variants, CNVs, or Fusions.

Using the legend in bottom right, you can focus on specific variants, events, or consequences. This allows you to better explore particular areas of interest, such as high-impact mutations or specific consequences relevant to your research.

When , the matrix can display the top 200 samples (columns) from both the primary and secondary cohorts. The top genes are selected and sorted by their variant frequency within the primary cohort.

Viewing Gene and Sample Details

The Variant Frequency Matrix is highly interactive, allowing you to quickly access more details and apply filters.

When you hover over a cell, the matrix shows a unique identifier for the sample, along with a breakdown of the variants detected in that gene, organized by their consequence type. You can copy the sample ID to your clipboard to apply it to a cohort filter.

When you hover over a gene ID on the left axis, the matrix shows more information about that gene. This includes a unique identifier for the gene, along with a quick breakdown of available external annotations, with direct links to the and databases (when available).

To create a filter, hover over the gene and click + Add to Filter, or copy the gene ID to your clipboard for use in a custom filter.

Color Coding and Consequences

The Variant Frequency Matrix uses color coding to represent the consequences of detected variants, providing a quick visual assessment of variant types. Only high and moderate impact consequences, as defined by , are included in this visualization.

Samples with two or more detected variants are color-coded as "Multi Hit", indicating a complex variant profile.

Exploring Gene-Level Mutation Patterns

The Lollipop Plot is a visualization tool that shows the somatic variants of a cohort on a single gene's canonical protein. With Lollipop Plot, you can identify mutation hotspots within a specific gene, understand the functional impact of variants in the context of protein domains, compare mutation patterns across different patient cohorts, and explore recurrent mutations in cancer driver genes.

Use the Go to Gene field to quickly navigate to a gene of interest, such as TP53.

When you hover over a lollipop, you can see details about the amino acid change, such as the HGVS notation and the frequency of that change in the current cohort. The plot also shows the location of each mutation along the protein sequence, with color coding to indicate the consequence type.

The Lollipop Plot displays SNV & Indel data from the same genomic region as the . When you change the genomic region in the table, the Lollipop Plot updates to reflect the change and the other way around.

Reading the Lollipop Plot

Each lollipop on the plot represents amino acid changes at a specific location.
The horizontal position (X axis) indicates the location of the change, while the height (Y axis) represents the frequency of that change within the current cohort.
Lollipops are color-coded by consequence based on the canonical transcript.

Examining Detailed Variant Information

The Variants & Events table displays details on the same genomic region as the . You can filter the table to focus on specific variant types, such as SNV & Indels, SV (Structural Variants), CNV, or Fusion.

Unlike the Variant Frequency Matrix, the Variants & Events table displays all structural variants including those larger than 10Mbp. Use this table to examine large SVs that may not appear in other visualizations.

Information displayed in the Variants & Events table includes:

Location of variant, with a link to its
Reference allele of variant
Alternate allele of variant

Exporting Variant Information

You can export the selected variants in the Variants & Events table as a list of variant IDs or a CSV file.

To copy a comma-separated list of variant IDs to your clipboard, select the set of IDs you want to copy, and click Copy.
To export variants as a CSV file, select the set of IDs you need, and click Download (.csv file).

Accessing External Annotations and Resources

In Variants & Events > Location column, you can click on the specific location to open the locus details.

The locus details show specific SNV & Indel variants as well as up to 200 structural variants overlapping with the specific location. For canonical transcripts, a blue indicator appears next to the transcript ID, identifying the primary transcript annotations.

The locus details include enhanced annotations to external resources:

Gene-level links - Direct links to gene information in external databases
Variant-level links - Links to variant-specific annotation resources

These links allow you to quickly navigate to external annotation resources for further information about genes or variants of interest.

Defining and Managing Cohorts

Create, filter, and manage patient cohorts using clinical, genomic, and other data fields in the Cohort Browser.

An Apollo license is required to use Cohort Browser on the DNAnexus Platform. Org approval may also be required. Contact DNAnexus Sales for more information.

Create comprehensive patient cohorts by filtering your datasets. You can combine, compare, and export your cohorts for further analysis.

If you'd like to visualize data in your cohorts, see Creating Charts and Dashboards.

Managing Cohorts

When you start exploring a dataset, Cohort Browser automatically creates a cohort that includes all patients/samples. You can then by adding filters, and repeat multiple times to create additional cohorts.

The Cohorts panel gives you an overview of your active cohorts on the dashboard (up to 2) and the recently used cohorts (up to 8) in your current session. These can be temporary unsaved cohorts as well as .

To change the active cohorts on the dashboard, you need to swap them between the Dashboard and Recent sections:

In Cohorts > Dashboard, click In Dashboard to remove a cohort from the dashboard.
In Cohorts > Recent, click Add to Dashboard next to the cohort you want to add to the dashboard.

This way you can quickly explore, , and iterate across multiple cohorts within a single session.

Defining Cohort Criteria

Adding Clinical and Phenotypic Filters

To apply a filter to your cohort:

For the cohort you want to edit, click Add Filter.
In Add Filter to Cohort > Clinical, select a data field to filter by.
Click Add Cohort Filter.

Adding Assay Filters

With multi-assay datasets, you can create cohorts by applying filters from multiple assay types and instances.

When adding filters, you can find assay types under the Assays tab. This allows you to create cohorts that combine different types of data. For example, you can filter patients based on both clinical characteristics and germline variants, merge somatic mutation criteria with gene expression levels, or build cohorts that span multiple assays of the same type.

To learn more about filtering by specific assay types, see:

When working with an omics dataset that includes multiple assays, such as a germline dataset with both WES and WGS assays, you can:

Choose specific assays for filtering.
Apply different filters per assay.
Create separate cohorts for different assays of the same type and compare results.

Filter Limits by Assay Type

The maximum number of filters allowed varies by assay type and is shared across all instances of that type:

Germline variant assays: 1 filter maximum
Somatic variant assays: Up to 10 filter criteria
Gene expression assays: Up to 10 filter criteria

Creating Filter Groups

If you add multiple filters from the same category, such as Patient or Sample, they automatically form a filter group.

By default, filters within a filter group are joined by the logical operator 'AND', meaning that all filters in the group must be satisfied for a record to be included in the cohort. You can change the logical operator used within the group to 'OR' by clicking on the operator.

Joining Multiple Filters

Join filters allow you to create cohorts by combining criteria across multiple related data entities within your dataset. This is useful when working with complex datasets that contain interconnected information, such as patient records linked to visits, medications, lab tests, or other clinical data.

Understanding Data Entities

An entity is a grouping of data around a unique item, event, or concept.

In the Cohort Browser, an entity can refer either to a data model object, such as patient or visit, or to a specific input parameter in the app.

Common examples of data entities include:

Patient: Demographics, medical history, baseline characteristics
Visit: Hospital admissions, appointments, encounters
Medication: Prescriptions, dosages, administration records

Creating Join Filters

To create join filters that span multiple data entities:

Start a new join filter: On the cohort panel, click Add Filter or, on a chart tile, click Cohort Filters > Add Cohort Filter.
Select secondary entity: Choose data fields from a secondary entity (different from your primary entity) to create the join relationship.
Add criteria to existing joins: To expand an existing join filter, click Add additional criteria on the row of the chosen filter.

Working with Logical Operators

Join filters support both AND as well as OR logical operators to control how criteria are combined:

AND logic: All specified criteria must be met
OR logic: Any of the specified criteria can be met

Key rules for logical operators:

Click on the operator buttons to switch between the AND logic and OR logic.
For a specific level of join filtering, joins are either all AND or all OR.
When using OR for join filters, the existence condition applies first: "where exists, join 1 OR join 2".

Building Complex Join Structures

As your filtering needs become more sophisticated, you can create multi-layered join structures:

Add criteria to branches: Further define secondary entities by adding additional criteria to existing join branches
Create nested joins: Add more layers of join filters that derive from the current branch
Automatic field filtering: The field selector automatically hides fields that are ineligible based on the current join structure

Practical Examples

The following examples show how join filters work in practice:

First Example Cohort - Separate Conditions: This cohort identifies all patients with a "high" or "medium" risk level who meet both of these conditions:
- Have a first hospital visit (visit instance = 1)
- Have had a "nasal swab" lab test at any point (not necessarily during the first visit)

Saving Cohorts

You can save your cohort selection to a as a by clicking Save Cohort in the top-right corner of the cohort panel.

Cohorts are saved with their applied filters, as well as the latest visualizations and dashboard layout. Like other dataset objects, you can find your saved cohorts under the Manage tab in your project.

To open a cohort, double-click it or click Explore Data.

Need to use your cohorts with a different dataset? If you want to apply your cohort definitions to a different Apollo Dataset, you can use the app to transfer your saved cohorts to a new target dataset.

Exporting Data from Cohorts

For each cohort, you can export a list of main entity IDs in your current cohort selection as a CSV file by clicking Export sample IDs.

Data Preview

On the Data Preview tab, you can export tabular information as record IDs or a CSV file. Select multiple table rows to see export options in the top-right corner. Exports include only the fields displayed in the Data Preview tab.

The Data Preview supports up to 30 columns per tab. Tables with 30-200 columns show column names only. In such cases, you can save cohorts but data is not queried. Tables with over 200 columns are not supported.

You can view up to 30,000 records in the Data Preview. If your cohort exceeds this size, the table may not display all data. For larger exports, use the .

If your view contains more than one table, such as a participants table and a hospital records table, exporting to CSV or TSV generates a separate file for each table.

Download Restrictions

The Cohort Browser follows your project's . When every copy of your dataset exists in projects with restricted download policies, downloads are blocked. However, if at least one copy exists in a project that allows downloads, then downloads are permitted.

Downloads are blocked if the database storing your dataset has restricted download permissions, preventing downloads from any Cohort Browser view of that dataset regardless of which project contains the cohort or dashboard.

Downloads are also blocked if the specific cohort or dashboard you're viewing has restricted download permissions, regardless of the underlying dataset permissions.

Combining Cohorts

You can create complex cohorts by combining existing cohorts from the same dataset.

Near the cohort name, click + > Combine Cohorts.
In the Cohorts panel, click Combine Cohorts.

You can also create a combined cohort based on the cohorts already being .

The Cohort Browser supports the following combination logic:

Once a combined cohort is created, you can inspect the combination logic and its original cohorts in the cohort filters section.

Cohorts already combined cannot be combined a second time.

Comparing Cohorts

You can compare two cohorts from the same dataset by adding both cohorts into the Cohort Browser.

To compare cohorts, click + next to the cohort name. You can create a new cohort, duplicate the current cohort, or load a previously saved cohort.

When comparing cohorts:

All visualizations are converted to show data from both cohorts.
You can continue to edit both cohorts and visualize the results dynamically.

You can compare a cohort with its complement in the dataset by selecting Compare / Combine Cohorts > Not In …. Similar to combining cohorts, you first need to save your current cohort before creating its not-in counterpart.

Cohorts created using Not In cannot be used for further creation of combined or not-in cohorts. "Not In" cohorts are linked to the cohort they are originally based on. Once a not-in cohort is created, further changes to the original cohort definition are not reflected.

Creating Cohorts via CLI

The dx command generates a new Cohort object on the platform using an existing Dataset or Cohort object, and a list of primary IDs. The filters are applied to the global primary key of the dataset/cohort object.

When the input is a CohortBrowser typed record, the existing filters are preserved and the output record has additional filters on the global primary key. The filters are combined in a way such that the resulting record is an intersection of the IDs present in the original input and the IDs passed through CLI.

For additional details, see the and example notebooks in the public GitHub repository, .

Using JupyterLab

Use Jupyter notebooks on the DNAnexus Platform to craft sophisticated custom analyses in your preferred coding language.

JupyterLab is accessible to all users of the UK Biobank Research Analysis Platform and the Our Future Health Trusted Research Environment.

A license is required to access JupyterLab on the DNAnexus Platform. Contact DNAnexus Sales for more information.

Jupyter notebooks are a popular way to track the work performed in computational experiments the way a lab notebook tracks the work done in a wet lab setting. JupyterLab is an application provided by DNAnexus that allows you to perform computational experiments on the DNAnexus Platform using Jupyter notebooks. JupyterLab allows users on the DNAnexus Platform to collaborate on notebooks and extends with options for directly accessing a DNAnexus project from the JupyterLab environment.

Why Use JupyterLab?

JupyterLab supports the use of Bioconductor and Bioconda, useful tools for bioinformatics analysis.

JupyterLab is a versatile application that can be used to:

Collaborate on exploratory analysis of data
Reproduce and fork work performed in computational analyses
Visualize and gain insights into data generated from biological experiments

The DNAnexus Platform offers two different JupyterLab apps. One is a general-purpose JupyterLab application. The other is Spark cluster-enabled, and can be used within the framework.

Both apps instantiate a JupyterLab server that allows for data analyses to be interactively performed in Jupyter notebooks on a DNAnexus worker.

The app contains all the features found in the general-purpose JupyterLab along with access to a fully-managed, on-demand Spark cluster for big data processing and translational informatics.

Version Information

JupyterLab 2.2 is the default version on the DNAnexus Platform. .

Creating Interactive Notebooks

A step-by-step guide on how to start with JupyterLab and create and edit Jupyter notebooks can be found in the .

JupyterLab Environments

Creating a JupyterLab session requires the use of two different environments:

The DNAnexus project (accessible through the web platform and the CLI).
The worker execution environment.

The Project on the DNAnexus Platform

You have direct access to the project in which the application is run from the JupyterLab session. The project file browser (which lists folders, notebooks, and other files in the project) can be accessed from the DNAnexus tab in the left sidebar or from the :

The project is selected when the JupyterLab app is started and cannot be subsequently changed.

The DNAnexus file browser shows:

Up to 1,000 of your most recently modified files and folders
All Jupyter notebooks in the project
Databases (Spark-enabled app only, limited to 1,000 most recent)

The file list refreshes automatically every 10 seconds. You can also refresh manually by clicking the circular arrow icon in the top right corner.

Need to see more files? Use dx ls in the terminal or access them programmatically through the API.

Worker Execution Environment

When you open and run a notebook from the the kernel corresponding to this notebook is started in the worker execution environment and is used to execute the notebook code. DNAnexus notebooks have a [DX] prepended to the notebook name in the tab of all opened notebooks.

The execution environment file browser is accessible from the left sidebar (notice the folder icon at the top) or from the terminal:

To create Jupyter notebooks in the worker execution environment, use the File menu. These notebooks are stored on the local file system of the JupyterLab execution environment and require persistence in a DNAnexus project. More information about saving appears in the .

Local vs. DNAnexus Notebooks

DNAnexus Notebooks

You can directly in the DNAnexus project as well as duplicate, delete, or download them to your local machine. Notebooks stored in your DNAnexus project, which are housed within the DNAnexus tab on the left sidebar, are fetched from and saved to the project on the DNAnexus Platform without being stored in the JupyterLab execution environment file system. These are referred to as "DNAnexus notebooks" and these notebooks persist in the DNAnexus project after the JupyterLab instance is terminated.

DNAnexus notebooks can be recognized by the [DX] that is prepended to its name in the tab of all opened notebooks.

DNAnexus notebooks can be created by clicking the DNAnexus Notebook icon from the Launcher tab that appears on starting the JupyterLab session, or by clicking the DNAnexus tab on the upper menu and then clicking "New notebook". The Launcher tab can also be opened by clicking File and then selecting "New Launcher" from the upper menu.

Local Notebooks

To create a new local notebook, click the File tab in the upper menu and then select "New" and then "Notebook". These non-DNAnexus notebooks can be saved to DNAnexus by dragging and dropping them in the DNAnexus file viewer in the left panel.

Accessing Data

In JupyterLab, users can access input data that is located in a DNAnexus project in one of the following ways.

For reading the input file multiple times or for reading a large fraction of the file in random order:
- Download the file from the DNAnexus project to the execution environment with dx download and access the downloaded local file from Jupyter notebook.

Uploading Data

Files, such as local notebooks, can be persisted in the DNAnexus project by using one of these options:

dx upload in bash console.
Drag the file onto the DNAnexus tab that is in the column of icons on the left side of the screen. This uploads the file into the selected DNAnexus folder.

Exporting DNAnexus Notebooks

Exporting DNAnexus notebooks to formats such as HTML or PDF is not supported. However, you can dx download the DNAnexus notebook from the current DNAnexus project to the JupyterLab environment and export the downloaded notebook. For exporting local notebook to certain formats, the following commands might be needed beforehand: apt-get update && apt-get install texlive-xetex texlive-fonts-recommended texlive-plain-generic.

Non-Interactive Execution of Notebooks

A command can be executed in the JupyterLab worker execution environment without starting an interactive JupyterLab server. To do that, provide the cmd input and additional input files using the in input file array to the JupyterLab app. The provided command runs in the /opt/notebooks/directory and any output files generated in this directory are uploaded to the project and returned in the out output field of the job that ran the JupyterLab app.

The cmd input makes it possible to use the papermill command that is pre-installed in the JupyterLab environment to execute notebooks non-interactively. For example, to execute all the cells in a notebook and produce an output notebook:

Where notebook.ipynb is the input notebook to the papermill command, which is passed to the dxjupyterlab app using the in input, and output_notebook.ipynb is the name of the output notebook, which contains the result of executing the input notebook and is uploaded to the project at the end of app's execution. See the for details.

Collaboration in the Cloud

Collaborators can work on notebooks in the project without the risk of overwriting each other's changes.

Notebook Locking During Editing

If a user has opened a specific notebook in a JupyterLab session, other users cannot open or edit the notebook. This is indicated by a red lock icon next to the notebook's name.

It is still possible to create a duplicate to see what changes are being saved in the locked notebook or to continue work on this "forked" version of the notebook. To copy a notebook, right-click on its name and select Duplicate. After a few seconds, a notebook with the same name and a "copy" suffix should appear in the project.

Once the editing user closes the notebook, the lock is released and anybody else with access to the project can open it.

Notebook Versioning

Whenever a notebook is saved in the project, it is uploaded to the platform as a new file that replaces the previous version, that is, the file of the same name. The previous version is moved to the .Notebook_archive folder with a timestamp suffix added to its name and its ID is saved in the properties of the new file. Saving notebooks directly in the project ensures that your analyses are not lost when the JupyterLab session ends.

If a notebook saved to the project exceeds 20 MB, it may no longer open in JupyterLab and could trigger a "JSON Parse Error." To recover your code, open an earlier version from the .Notebook_archive folder, or download the notebook to your local machine and clear the notebook's outputs using a local Jupyter editor before re-uploading.

Session Timeout Control

JupyterLab sessions begin with a set duration and shut down automatically at the end of this period. The timeout clock appears in the footer on the right side and can be adjusted using the Update duration button. The session terminates at the set timestamp even if the JupyterLab webpage is closed. Job lengths have an upper limit of 30 days, which cannot be extended.

A session can be terminated immediately from the top menu (DNAnexus > End Session).

Environment Snapshots

It is possible to save the current session environment and data and reload it later by creating a session snapshot (DNAnexus > Create Snapshot).

A JupyterLab session is , and a session snapshot file is a tarball generated by saving the Docker container state (with the docker commit and docker save commands). Any installed packages and files created locally are saved to a snapshot file, except for directories /home/dnanexus and /mnt/, which are not included. This file is then uploaded to the project to .Notebook_snapshots and can be passed as input the next time the app is started.

If many large files are created locally, the resulting snapshots take a long time to save and load. In general, it is recommended not to snapshot more than 1 GB of locally saved data/packages and rely on downloading larger files as needed.

Snapshots Created in Older Versions of JupyterLab

Snapshots created with JupyterLab versions older than 2.0.0 (released mid-2023) are not compatible with the current version. These previous snapshots contain tool versions that may conflict with the newer environment, potentially causing problems.

Using Previous Snapshots in the Current Version of JupyterLab

To use a snapshot from a previous version in the current version of JupyterLab, recreate the snapshot as follows:

Create a tarball incorporating all the necessary data files and packages.
Save the tarball in a project.
Launch the current version of JupyterLab.

Accessing an Older Snapshot in an Older Version of JupyterLab

If you don't want to have to recreate your older snapshot, you can run an and access the snapshot there.

Viewing Other Files in the Project

Viewing any other file types from your project, such as CSV, JSON, PDF files, images, or scripts, is convenient because JupyterLab displays them accordingly. For example, JSON files are collapsible and navigable and CSV files are presented in the tabular format.

However, editing and saving any open files from the project other than IPython notebooks results in an error.

Files larger than 20 MB display only their metadata in the JupyterLab file viewer. To access the full contents of a large file, download it using or the , or use the DNAnexus file browser on the platform.

Permissions in the JupyterLab Session

The JupyterLab apps are run in a specific project, defined at start time, and this project cannot be subsequently changed. The job associated with the JupyterLab app has CONTRIBUTE access to the project in which it is run.

When running the JupyterLab app, it is possible to view, but not update, other projects the user has access to. This enhanced scope is required to be able to read databases which may be located in different projects and cannot be cloned.

Running Jobs in the JupyterLab Session

Use dx run to start new jobs from within a notebook or the terminal. If the billTo for the project where your JupyterLab session runs does not have a license for detached executions, any started jobs run as subjobs of your interactive JupyterLab session. In this situation, the --project argument for dx run is ignored, and the job uses the JupyterLab session's workspace instead of the specified project. If a subjob fails or terminates on the DNAnexus Platform, the entire job tree—including your interactive JupyterLab session—terminates as well.

Jobs are limited to a runtime of 30 days. The system automatically terminates jobs running longer than 30 days.

Environment and Feature Options

The JupyterLab app is a Docker-based app that runs the JupyterLab server instance in a Docker container. The server runs on port 443. Because it's an HTTPS app, you can bring up the JupyterLab environment in a web browser using the URL https://job-xxxx.dnanexus.cloud, where job-xxxx is the ID of the job that runs the app. Only the user who launched the JupyterLab job has access to the JupyterLab environment. Other users see a "403 Permission Forbidden" message under the JupyterLab session's URL.

On the DNAnexus Platform, the JupyterLab server runs in a Python 3.9.16 environment, in a container running Ubuntu 20.04 as its operating system.

Feature Options

When launching JupyterLab, the feature options available are PYTHON_R, ML, IMAGE_PROCESSING, STATA, and MONAI_ML.

PYTHON_R (default option): Loads the environment with Python3 and R kernel and interpreter.
ML: Loads the environment with Python3 and machine learning packages, such as TensorFlow, PyTorch, CNTK as well as the image processing package Nipype, but it does not contain R.
IMAGE_PROCESSING

The JupyterLab environment is headless and command-line only. While FSL and FreeSurfer command-line tools are available for batch processing, GUI viewers such as fsleyes and freeview cannot be launched. To visualize results interactively, download the output files to your local machine.

STATA: Requires a license to run. See for more information about running Stata in JupyterLab.
MONAI_ML: Loads the environment with Python3 and extends the ML feature. This feature is ideal for medical imaging research involving machine learning model development and testing. It includes medical imaging frameworks designed for AI-powered analysis. For details, see .

For the full list of pre-installed packages, see the . This list includes details on feature-specific packages available when running the PYTHON_R, ML, IMAGE_PROCESSING, STATA, and MONAI_ML features.

Installing Additional Packages

Additional packages can be during a JupyterLab session. By creating a Docker container , users can then start subsequent sessions with the new packages pre-installed by providing the snapshot as input.

JupyterLab Documentation

For more information on the features and benefits of JupyterLab, see the .

Next Steps

Create your first notebooks by following the instructions in the guide.
See the guide for tips and info on the most useful JupyterLab features.

Running Workflows

You can run workflows from the command-line using the command dx run. The inputs to these workflows can be from any project for which you have VIEW access.

The examples here use the publicly available Exome Analysis Workflow (platform login required to access this link).

For information on how to run a Nextflow pipeline, see Running Nextflow Pipelines.

Running in Interactive Mode

Running dx run without specifying an input launches interactive mode. The system prompts for each required input, followed by options to select from a list of optional parameters to modify. Optional parameters include all modifiable parameters for each stage of the workflow. The interface outputs a JSON file detailing the input specified and generates an analysis ID of the form analysis-xxxx unique to this particular run of the workflow.

Below is an example of running the Exome Analysis Workflow from the public "Exome Analysis Demo" project.

Running in Non-Interactive Mode

You can specify each input on the command-line using the -i or --input flags using the syntax -i<stage ID>.<input name>=<input value>. <input-value> must take the form of a DNAnexus object ID or a file named in the project you have selected. It is also possible to specify the number of a stage in place of the stage ID for a given workflow, where stages are indexed starting at zero. The inputs in the following example are specified for the first stage of the workflow only to illustrate this point. The parentheses around the <input-value> in the help string are omitted when entering input.

Possible values for the input name field can be found by running the command dx run workflow-xxxx -h, as shown below using the Exome Analysis Workflow.

This help message describes the inputs for each stage of the workflow in the order they are specified. For each stage of the workflow, the help message first lists the required inputs for that stage, specifying the requisite type in the <input-value> field. Next, the message describes common options for that stage (as seen in that stage's corresponding UI on the platform). Lastly, it lists advanced command-line options for that stage. If any stage's input is linked to the output of a prior stage, the help message shows the default value for that stage as a DNAnexus link of the form

{"$dnanexus_link": {"outputField": "<prior stage output name>", "stage": "stage-xxxx" }}.

This link format can also be used to specify output from any prior stage in the workflow as input for the current stage.

For the Exome Analysis Workflow, one required input parameter needs to be specified manually: -ibwa_mem_fastq_read_mapper.reads_fastqgzs.

This parameter targets the first stage of the workflow. For convenience, use the stage number instead of the full stage ID. Since this is the first stage (and workflow stages are zero-indexed), replace bwa_mem_fastq_read_mapper with 0 like this: -i0.reads_fastqgzs.

The example below shows how to run the same Exome Analysis Workflow on a FASTQ file containing reads, as well as a BWA reference genome, using the default parameters for each subsequent stage.

Specifying Array Input

Array input can be specified by specifying multiple inputs for a single parameter in a stage. For example, the following flags would add files 1 through 3 to the file_inputs parameter for stage-xxxx of the workflow:

If no project is selected, or if the file is in another project, the project containing the files you wish to use must be specified as follows: -i<stage ID>.<input name>=<project id>:<file id>.

Job-Based Object References (JBORs)

The -i flag can also be used to specify (JBORs) with the syntax -i<stage ID or number>:<input name>=<job id>:<output name>. The --brief flag, when used with the command dx run, outputs only the execution's ID. You can also skip the interactive prompts confirming the execution using the -y flag. Calling dx run on a job with the --brief flag returns only the job ID of that execution, and you can skip being prompted to begin execution with the -y flag.

The example below calls the app (platform login required to access this link) to produce the sorted_bam output described in the help string produced by running dx run app-bwa_mem_fastq_read_mapper -h. This output is then used as input to the first stage of the featured on the DNAnexus Platform (platform login required to access this link).

Advanced Options

Quiet Output

Using the --brief flag at the end of a dx run command causes the command line to print the execution's analysis ID ("analysis-xxxx") instead of the input JSON for the execution. This ID can be saved for later reference.

Rerunning Analyses With Modified Settings

To modify specific settings from the previous analysis, you can run the command dx run --clone analysis-xxxx [options]. The [options] parameters override anything set by the --clone flag, and take the form of options passed as input from the command line.

The --clone flag does not copy the usage of the --allow-ssh or --debug-on flags, which must be set with the new execution. Only the applet, instance type, and input spec are copied. See the page for more information on the usage of these flags.

For example, the command below redirects the output of the analysis to the outputs/ folder and reruns all stages.

Only the outputs of stages rerun are placed in the destination specified.

Rerunning Specific Stages

When rerunning workflows, if a stage runs identically to how it ran in a previous analysis, the stage itself is not rerun. The outputs of that stage are not copied or rewritten in a new location. To rerun a specific stage, use the option --rerun-stage STAGE_ID to force a stage to be run again, where STAGE_ID is an ID of the form stage-xxxx, the stage's name, or the index of that stage (where the first stage of a workflow is indexed at 0). If you want to rerun all stages of an analysis, you can use --rerun-stage "*", where the asterisk is enclosed in quotes to prevent expansion of that variable into all folders in your current directory via globbing.

The command below reruns the third and final stage of analysis-xxxx

Specifying Analysis Output Folders

The --destination flag allows you to specify the path of the output of a workflow. By default, every output of every stage is written to the destination specified.

Specifying Output Folders

You can use the --stage-output-folder <stage_ID> <folder> command to specify the output destination of a particular stage in the analysis being run. In this command, stage_ID is the stage's name, or the index of that stage (where the first stage of a workflow is indexed at 0). The folder is the project and path to which you wish the stage to write using the syntax project-xxxx:/PATH where PATH is the path to the folder in project-xxxx where you wish to write outputs.

The following command reruns all stages of analysis-xxxx and sets the output destination of the first step of the workflow (BWA) to "mappings" in the current project:

Specifying Stage-Relative Output Folders

If you want to specify output folder of a stage within the current output folder of the entire analysis, you can use the flag --stage-relative-output-folder <stage_id> <folder>, where stage_id is the stage's name (stage-xxxx), or the index of that stage (where the first stage of a workflow is indexed at 0). For the folder argument, you can specify a quoted path to write the output of that stage that is relative to the output folder of the analysis.

The following command reruns all stages of analysis-xxxx, setting the output destination of the analysis to /exome_run, and the output destination of stage 0 to /exome_run/mappings in the current project:

Specifying a Different Instance Type

To specify the instance type of all stages in your analysis or a specific set of stages in your analysis, use the flag --instance-type. Specifically, the format --instance-type STAGE_ID=INSTANCE_TYPE allows you to set the instance type of a specific stage, while --instance-type INSTANCE_TYPE sets one instance type for all stages. The two options can be combined, for example, --instance-type mem2_ssd1_x2 --instance-type my_stage_0=mem3_ssd1_x16 sets all stages' instance types to mem2_ssd1_x2 except for the stage my_stage_0, for which mem3_ssd1_x16 is used.

Here STAGE_ID is an ID of a stage, the stage's name, or the index of that stage (where the first stage of a workflow is indexed at 0).

The example below reruns all stages of analysis-xxxx and specifies that the first and second stages should be run on mem1_ssd2_x8 and mem1_ssd2_x16 instances respectively:

Adding Metadata to an Analysis

This is identical to adding metadata to a job. See for details.

Monitoring an Analysis

Command line monitoring of an analysis is not available. For information about monitoring a job from the command line, see .

On the DNAnexus Platform, jobs are limited to a runtime of 30 days. Jobs that run longer than 30 days are automatically terminated.

Providing Input JSON

This is identical to providing an input JSON to a job. For more information, see .

As in running a workflow in non-interactive mode, inputs to a workflow must be specified as STAGE_ID.<input>. Here STAGE_ID is either an ID of the form stage-xxxx or the index of that stage in the workflow (starting with the first stage at index 0).

Running Apps and Applets

You can run apps and applets from the command-line using the command dx run. The inputs to these app(let)s can be from any project for which you have VIEW access. Or run from UI.

Running in Interactive Mode

If dx run is run without specifying any inputs, interactive mode launches. When you run this command, the platform prompts you for each required input, followed by a prompt to set any optional parameters. As shown below using the BWA-MEM FASTQ Read Mapper app (platform login required to access this link), after you are done entering inputs, you must confirm that you want the applet/app to run with the inputs you have selected.

Running in Non-interactive Mode

Naming Each Input

You can also specify each input parameter by name using the ‑i or ‑‑input flags with syntax ‑i<input name>=<input value>. Names of data objects in your project are resolved to the appropriate IDs and packaged correctly for the API method as shown below.

When specifying input parameters using the ‑i/‑‑input flag, you must use the input field names (not to be confused with their human-readable labels). To look up the input field names for an app, applet, or workflow, you can run the command dx run app(let)-xxxx -h, as shown below using the (platform login required to access this link).

The help message describes the inputs and outputs of the app, their types, and how to identify them when running the app from the command line. For example, from the above help message, the Swiss Army Knife app has two primary inputs: one or more file and a string to be executed on the command line, to be specified as -iin=file-xxxx and icmd=<string>, respectively.

The example below shows you how to run the same Swiss Army Knife app to sort a small BAM file using these inputs.

Specifying Array Input

To specify array inputs, reuse the ‑i/‑‑input flag for each input in the array and each file specified is appended into an array in the same order as it was entered on the command line. Below is an example of how to use the to index multiple BAM files (platform login required to access this link).

Job-Based Object References (JBORs)

(JBORs) can also be provided using the -i flag with syntax ‑i<input name>=<job id>:<output name>. Combined with the --brief flag (which allows dx run to output only the job ID) and the -y flag (to skip confirmation), you can string together two jobs using one command.

Below is an example of how to run the (platform login required to access this link), producing the output named sorted_bam as described in the dx help output by executing the command dx run app-bwa_mem_fastq_read_mapper -h. The sorted_bam output is then used as input for the (platform login required to access this link).

Advanced Options

Some examples of additional functionalities provided by dx run are listed below.

Quiet Output

Regardless of whether you run a job interactively or non-interactively, the command dx run always prints the exact input JSON with which it is calling the applet or app. If you don't want to print this verbose output, you can use the --brief flag which tells dx to print out only the job ID instead. This job ID can then be saved.

To run jobs without being prompted for confirmation, use the -y or --yes option. This is especially helpful when scripting or automating job submissions.

If you want to both skip confirmation and immediately monitor the job's progress, use -y --watch. This starts the job and displays its logs in your terminal as it runs.

Rerunning a Job With the Same Settings

If you are debugging applet-xxxx and wish to rerun a job you previously ran, using the same settings (destination project and folder, inputs, instance type requests), but use a new executable applet-yyyy, you can use the --clone flag.

In the above command, the command overrides the --clone job-xxxx command to use the executable (platform login required to access this link) rather than that used by the job.

If you want to modify some but not all settings from the previous job, you can run dx run <executable> --clone job-xxxx [options]. The command-line arguments you provide in [options] override the settings reused from --clone. For example, this is useful if you want to rerun a job with the same executable and inputs but a different instance type, or if you want to run an executable with the same settings but slightly different inputs.

The example shown below redirects the outputs of the job to the folder "outputs/".

While the --clone job-xxxx flag copies the applet, instance type, and inputs, it does not copy usage of the --allow-ssh or --debug-on flags. These must be re-specified for each job run. For more information, see the page.

Specifying the Job Output Folder

The --destination flag allows you to specify the full project-ID:/folder/ path in which to output the results of the app(let). If this flag is unspecified, the output of the job defaults to the present working directory, which can be determined by running .

In the above command, the flag --destination project-xxxx:/mappings instructs the job to output all results into the "mappings" folder of project-xxxx.

Specifying a Different Instance Type

The dx run --instance-type command allows you to specify the instance types to use for the job. More information is available by running the command dx run --instance-type-help.

Some apps and applets have multiple , meaning that different instance types can be specified for different functions executed by the app(let). In the example below, the (platform login required to access this link) is run while specifying the instance types for the entry points honey, ssake, ssake_insert, and main. Specifying the instance types for each entry point requires a JSON-like string, meaning that the string should be wrapped in single quotes, as explained earlier, and demonstrated below.

Adding Metadata to a Job

If you are running many jobs that have varying purposes, you can organize the jobs using metadata. Two types of metadata are available on the DNAnexus Platform: properties and tags.

Properties are key-value pairs that can be attached to any object on the platform, whereas tags are strings associated with objects on the platform. The --property flag allows you to attach a property to a job, and the --tag flag allows you to tag a job.

Adding metadata to executions does not affect the metadata of the executions' output files. Metadata on jobs make it easier for you to search for a particular job in your job history. This is useful when you want to tag all jobs run with a particular sample, for instance.

Specifying an App Version

If your current workflow is not using the most up-to-date version of an app, you can specify an older version when running your job. Append the app name with the version required, for example, app-xxxx/0.0.1 if the current version is app-xxxx/1.0.0.

Watching a Job

To monitor your job as it runs, use the --watch flag to display the job's logs in your terminal window as it progresses.

Providing Input JSON

You can also specify the input JSON in its entirety. To specify a data object, you must wrap it in (a key-value pair with a key of $dnanexus_link and value of the data object's ID). Because you are already providing the JSON in its entirety, as long as the applet/app ID can be resolved and the JSON can be parsed, confirmation before the job starts is not required. Three methods exist for entering the full input JSON, discussed in separate sections below.

From the CLI

If using the CLI to enter the full input JSON, you must use the flag ‑j/‑‑input‑json followed by the JSON in single quotes. Only single quotes should be used to wrap the JSON to avoid interfering with the double quotes used by the JSON itself.

From a File

If using a file to enter the input JSON, you must use the flag ‑f/‑‑input‑json‑file followed by the name of the JSON file.

From `stdin`

Entering the input JSON file using stdin is done the same way as entering the file using the -f flag with the substitution of using "-" as the filename. Below is an example that demonstrates how to echo the input JSON to stdin and pipe the output to the input of dx run. As before, use single quotes to wrap the JSON input to avoid interfering with the double quotes used by the JSON itself.

Getting Additional Information on `dx` run

Executing the dx run --help command shows the flags available to use with dx run. The message printed by this command is identical to the one displayed in the brief description of .

Cost Run Limits

The --cost-limit cost_limit sets the maximum cost of the job before termination. In case of workflows, it is the cost of the entire analysis job. For batch run, this limit applies per job. See the dx run --help command for more information.

Job Runtime Limits

On the DNAnexus Platform, jobs are limited to a runtime of 30 days. Jobs running longer than 30 days are automatically terminated.

Command Line Quickstart

Learn to use the dx client for command-line access to the full range of DNAnexus Platform features.

You must set up billing for your account before you can perform an analysis, or upload or egress data. Follow these instructions to set up billing.

The dx command-line client is included in the DNAnexus SDK (dx-toolkit). You can use the dx client to log into the Platform, to upload, browse, and organize data, and to launch analyses.

All the projects and data referenced in this Quickstart are publicly available, so you can follow along step-by-step.

Before You Begin

If you haven't already done so, , which includes the dx command-line client, as well as range of useful utilities.

Getting Help

As you work, use the as a reference.

On the command line, you can also enter dx help to see a list of commands, broken down by category. To see a list of commands from a particular category, enter dx help <category>.

To learn what a particular command does, enter dx help <command>, dx <command> -h, or dx <command> -help . For example, enter dx help ls to learn about the command dx ls:

Step 1: Log In

The first step is to . If you have not created a DNAnexus account, open the and sign up. User signup is not supported on the command line.

Your and your current project settings are saved in a local configuration file, and you can start accessing your project.

You can generate an authentication token from the online DNAnexus Platform .

Step 2: Explore

Public Projects

Look inside some public projects that have already been set up. From the command line, enter the command:

By running the command and picking a project, you perform the command-line equivalent of going to the project page for (platform login required to access this link) on the website. This is a DNAnexus-sponsored project containing popular genomes for use in analyses with your own data.

For more information about the dx select command, see the page.

DNAnexus-sponsored data is free to copy from this project as many times as needed.

List the data in the top-level directory of the project you've selected by running the command . View the contents of a folder by running the command dx ls <folder_name>.

When you use wildcard characters like * or ? with dx commands, always enclose the pattern in quotes. For example, use dx ls "*.fastq". Without quotes, your shell expands the wildcards against local files before passing them to dx. This produces unexpected results. For details, see .

You can avoid typing out the full name of the folder by typing in dx ls C and then pressing <TAB>. The folder name auto-completes from there.

You don't have to be in a project to inspect its contents. You can also look into another project, and a folder within the project, by giving the project name or ID, followed by a colon (:) and the folder path. Here, the contents of the publicly available project "Demo Data" are listed using both its name and ID.

As shown above, you can use the -l flag with dx ls to list more details about files, such as the time a file was last modified, its size (if applicable), and its full DNAnexus ID.

Describing DNAnexus Objects

You can use the command to learn more about on the platform. Given a DNAnexus object ID or name, dx describe returns detailed information about the object. dx describe only returns results for data objects to which you have access.

Besides describing data and projects (examples for which are shown below), you can also describe apps, jobs, and users.

Describing a File

Below, the reference genome file for C. Elegans located in the "Reference Genome Files: AWS US (East)" project that has been used is described (which should be accessible from other regions as well). You need to add a colon (:) after the project name, here that would be Reference Genome Files\: AWS US (East): .

Describing a Project

Below, the publicly available Reference Genome Files project that has been used is described.

Step 3: Create Your Own Project

Use the command to create a new project.

The text project-xxxx denotes a placeholder for a unique, immutable project ID. For more information about object IDs, see the page.

The project is ready for uploading data and running analyses.

The new command can also allow you to create other new data objects, including new orgs or users. Use the command dx help new to see additional information. For mode information, see the .

Step 4: Upload and Manage Your Data

To analyze a sample, use the command or the if installed. For this tutorial, download the file , which represents the first 25000 C. elegans reads from SRR070372. This file is used in the sample analysis below.

For uploading multiple or large files, use the . It compresses files and uploads them in parallel over multiple HTTP connections and supports resumable uploads.

The following command uploads the small-celegans-sample.fastq file into the current directory of the current project. The --wait flag tells to wait until uploading is complete before returning the prompt and describing the result.

If you run the same command but add the flag --brief, only the file ID (in the form of file-xxxx) is printed to the terminal. Other dx commands also accept the --brief flag and report only object IDs.

Examining Data

To take a quick look at the first few lines of the file you uploaded, use the command. By default, it prints the first 10 lines of the given file.

Run it on the file you uploaded and use the -n flag to ask for the first 12 lines (the first 3 reads) of the FASTQ file.

Downloading Data

If you'd like to download a file from the platform, use the command. This command uses the name of the file for the filename unless you specify your own with the -o or --output flag. The example below downloads the same C. elegans file that was uploaded previously.

About Metadata

Files have different available fields for metadata, such as "properties" (key-value pairs) and "tags".

Step 5: Analyze a Sample

For the next few steps, if you would like to follow along, you need a C. elegans FASTQ file. This tutorial maps the reads against the ce10 genome. If you haven't already, you can download and use the following FASTQ file, which contains the first 25,000 reads from SRR070372: .

You can also substitute your own reads file for a different species (though it may take longer to run the example). For convenience, DNAnexus has already imported a variety of reference genomes to the platform. If you have a FASTA file to use, upload it and create genome indices for BWA using the (platform login required to access these links).

The following walkthrough explains what each command does and shows which apps run. If you only want to convert a gzipped FASTQ file to a VCF via BWA and the FreeBayes Variant Caller, to see the commands required to run the apps.

Uploading Reads

If you have not yet done so, you can upload a FASTQ file for analysis.

For more information about using the command , see the page.

Mapping Reads

Next, use the (platform login required to access this link) to map the uploaded reads file to a reference genome.

Finding the App Name

If you don't know the command-line name of the app to run, you have two options:

Navigate to its web page from the (platform login required to access this link). The app's page shows how to run it from the command line. See the for details on the app used here (platform login required).
Alternatively, search for apps from the command line by running dx find apps. The command-line name appears in parentheses in the output (underlined below).

Installing and Running the App

Install the app using and check that it has been installed. While you do not always need to install an app to run it, you may find it useful as a bookmarking tool.

You can run the app using . When you run it without any arguments, it prompts you for required and then optional arguments. The reference file genomeindex_targz for this C. elegans sample is in a .tar.gz format and can be found in the Reference Genome folder of the region your project is in.

Monitoring Your Job

You can use the command to monitor jobs. The command prints out the log file of the job, including the STDOUT, STDERR, and INFO printouts.

You can also use the command dx describe job-xxxx to learn more about your job. If you don't know the job's ID, you can use the command to list all the jobs run in the current project, along with the user who ran them, their status, and when they began.

Additional options are available to restrict your search of previous jobs, such as by their names or when they were run.

Terminating Your Job

If for some reason you need to terminate your job before it completes, use the command .

After Your Job Finishes

You should see two new files in your project: the mapped reads in a BAM file, and an index of that BAM file with a .bai extension. You can refer to the output file by name or by the job that produced it using the syntax job-xxxx:<output field>. Try it yourself with the job ID you got from calling the BWA-MEM app!

Variant Calling

You can use the (platform login required to access this link) to call variants on your BAM file.

This time, instead of relying on interactive mode to enter inputs, you provide them directly. First, look up the app's spec to determine the input names. Run the command dx run freebayes -h.

Optional inputs are shown using square brackets ([]) around the command-line syntax for each input. Notice that there are two required inputs that must be specified:

Sorted mappings (sorted_bams): A list of files with a .bam extension.
Genome (genome_fastagz): A reference genome in FASTA format that has been gzipped.

You can also run dx describe freebayes for a more compact view of the input and output specifications. By default, it hides the advanced input options, but you can view them using the --verbose flag.

Running the App with a One-Liner Using a Job-Based Object Reference

It is sometimes more convenient to run apps using a single one-line command. You can do this by specifying all the necessary inputs either via the command line or in a prepared file. Use the -i flag to specify inputs as suggested by the output of dx run freebayes ‑h:

sorted_bams: The output of the previous BWA step (see the section for more information).
genome_fastagz: The ce10 genome in the Reference Genomes project.

To specify new job input using the output of a previous job, use a via the job-xxxx:<output field> syntax used earlier.

You can use job-based object references as input even before the referenced jobs have finished. The system waits until the input is ready to begin the new job.

Replace the job ID below with that generated by the BWA app you ran earlier. The -y flag skips the input confirmation.

Automatically Running a Command After a Job Finishes

Use the command to wait for a job to finish. If you run the following command immediately after launching the FreeBayes app, it shows recent jobs only after the job has finished, as shown in the example below.

Congratulations! You have called variants on a reads sample using the command line. Next, see how to automate this process.

Automation

The CLI enables automation of these steps. The following script assumes that you are logged in. It is hardcoded to use the ce10 genome and takes a local gzipped FASTQ file as its command-line argument.

Learn More

You can start scripting using dx. The --brief flag is useful for scripting. A list of all dx commands and flags is on the page.

For more detailed information about running apps and applets from the command line, see the page.

For a comprehensive guide to the DNAnexus SDK, see the .

Want to start writing your own apps? Check out the for some useful tutorials.

Running Nextflow Pipelines

This tutorial demonstrates how to use Nextflow pipelines on the DNAnexus Platform by importing a Nextflow pipeline from a remote repository or building from local disk space.

A license is required to create a DNAnexus app or applet from the Nextflow script folder. Contact DNAnexus Sales for more information.

This documentation assumes you already have a basic understanding of how to develop and run a Nextflow pipeline. To learn more about Nextflow, consult the official Nextflow Documentation.

To run a Nextflow pipeline on the DNAnexus Platform:

Import the pipeline script from a remote repository or local disk.
Convert the script to an app or applet.
Run the app or applet.

You can do this via either the user interface (UI) or the command-line interface (CLI), using the .

Use the latest version of to take advantage of recent improvements and bug fixes.

As of dx-toolkit version v0.391.0, pipelines built using dx build --nextflow default to running on Ubuntu 24.04. To use the Ubuntu 20.04 instead, override the default by specifying the release in --extra-args:

Quickstart

Pipeline Script Folder Structure

A Nextflow pipeline script is structured as a folder with Nextflow scripts with optional configuration files and subfolders. Below are the basic elements of the folder structure when building a Nextflow executable:

(Required) A main Nextflow file with the extension .nf containing the pipeline. The default filename is main.nf. A different filename can be specified in the nextflow.config file.
(Optional) A .

An flavored folder structure is encouraged but not required.

Importing a Nextflow Pipeline

Import via UI

To import a Nextflow pipeline via the UI, click on the Add button on the top-right corner of the project's Manage tab, then expand the dropdown menu. Select the Import Pipeline/Workflow option.

Once the Import Pipeline/Workflow modal appears, enter the repository URL where the Nextflow pipeline source code resides, for example, the . Then choose the desired project import location. If the repository is private, provide the credentials necessary for accessing it.

An example of the Import Pipeline/Workflow modal:

Click the Start Import button after providing the necessary information. This starts a pipeline import job in the project specified in the Import To field (default is the current project).

After launching the import job, a status message "External workflow import job started" appears.

Access information about the pipeline import job in the project's Monitor tab:

After the import finishes, the imported pipeline executable exists as an applet. This is the output of the pipeline import job:

The newly created Nextflow pipeline applet appears in the project, for example, hello.

Import via CLI from a Remote Repository

To import a Nextflow pipeline from a remote repository via the CLI, run the following command to specify the repository's URL. You can also provide optional information, such as a and an :

Use the latest version of to take advantage of recent improvements and bug fixes.

All versions beginning with v0.338.0 support converting Nextflow pipelines to apps or applets.

This documentation covers features available in dx-toolkit versions beginning with v0.370.0.

Your destination project's billTo feature needs to be enabled for Nextflow pipeline applet building. for more information.

For Nextflow pipelines stored in private repositories, access requires credentials provided via the --git-credentials option with a DNAnexus file containing your authentication details. The file should be specified using either its qualified ID or path on the Platform. See the section for more details on setting up and formatting these credentials.

Once the pipeline import job finishes, it generates a new Nextflow pipeline applet with an applet ID in the form applet-zzzz.

Use dx run -h to get more information about running the applet:

Building from a Local Disk

Through the CLI you can also build a Nextflow pipeline applet from a pipeline script folder stored on a local disk. For example, you may have a copy of the nextflow-io/hello pipeline from the Nextflow on your local laptop, stored in a directory named hello, which contains the following files:

Ensure that the folder structure is in the required format, as .

To build a Nextflow pipeline applet using a locally stored pipeline script, run the following command and specify the path to the folder containing the Nextflow pipeline scripts. You can also provide , such as an import destination:

Your destination project's billTo feature needs to be enabled for Nextflow pipeline applet building. Contact for more information.

This command packages the Nextflow pipeline script folder as an applet named hello with ID applet-yyyy, and stores the applet in the destination project and path project-xxxx:/applets2/hello. If an import destination is not provided, the current working directory is used.

The command can be run to see information about this applet, similar to the above example.

A Nextflow pipeline applet has a type nextflow under its metadata. This applet acts like a regular DNAnexus applet object, and can be shared with other DNAnexus users who have access to the project containing the applet.

For advanced information regarding the parameters of dx build --, run dx build --help in the CLI and find the Nextflow section for all arguments that are supported for building an Nextflow pipeline applet.

Building a Nextflow Pipeline App from a Nextflow Pipeline Applet

You can also build a Nextflow pipeline by running the command: dx build --app --from applet-xxxx.

Running a Nextflow Pipeline Executable (App or Applet)

Running a Nextflow Pipeline Executable via UI

You can access a Nextflow pipeline applet from the Manage tab in your project, while the Nextflow pipeline app that you built can be accessed by clicking on the Tools Library option from the Tools tab. Once you click on the applet or app, the Run Analysis tab is displayed. Fill out the required inputs/outputs and click the Start Analysis button to launch the job.

Running a Nextflow Pipeline Applet via CLI

To run the Nextflow pipeline applet, use dx run applet-xxxx or dx run app-xxxx commands in the CLI and specify your :

You can list and see the progress of the Nextflow pipeline job tree, which is structured as a head job with many subjobs, using the following :

Monitoring Jobs

Each Nextflow pipeline executable run is represented as a job tree with one head job and many subjobs. The head job launches and supervises the entire pipeline execution. Each subjob handles a process in the Nextflow pipeline. You can monitor the progress of the entire pipeline job tree by viewing the status of the subjobs (see example above).

Monitor the detail log of the head job and the subjobs through each job's DNAnexus log via the UI or the CLI.

On the DNAnexus Platform, jobs are limited to a runtime of 30 days. Jobs running longer than 30 days are automatically terminated.

Monitoring in the UI

Once your job tree is running, you can go to the Monitor tab to view the status of your job tree. From the Monitor tab, view the job log of the head job as well as the subjobs by clicking on the Log link in the row of the desired job. The costs (when your account has permission) and resource usage of a job are also viewable.

An example of the log of a head job:

An example of the log of a subjob:

Monitoring in the CLI

From the CLI, you can use the command to check the status and view the log of the head job or each subjob.

Monitoring the head job:

Monitoring a subjob:

Advanced Options: Running a Nextflow Pipeline Executable (App or Applet)

Nextflow Execution on DNAnexus

The Nextflow pipeline executable is launched as a job tree, with one head job running the Nextflow , and multiple subjobs running a single each. Throughout the pipeline's execution, the head job remains in "running" state and supervises the job tree's execution.

Nextflow Execution Log File

When a Nextflow head job (job-xxxx) enters its terminal state, either "done" or "failed", the system writes a named nextflow-<job-xxxx>.log to the of the head job.

Private Docker Repository

DNAnexus supports Docker container engines for the Nextflow pipeline execution environment. The pipeline developer may refer to a public Docker repository or a private one. When the pipeline is referencing a private Docker repository, you should provide your Docker credential file as a file input of docker_creds to the Nextflow pipeline executable when launching the job tree.

Syntax of a private Docker credential:

Store this credential file in a separate project with restricted access permissions for security.

Nextflow Pipeline Executable Inputs and Outputs

Specifying Input Values to a Nextflow Pipeline Executable

Below are all possible means that you can specify an input value at build time and runtime. They are listed in order of precedence (items listed first have greater precedence and override items listed further down the list):

Executable (app or applet) run time
1. DNAnexus Platform app or applet input.
  - CLI example: dx run project-xxxx:applet-xxxx -i reads_fastqgz=project-xxxx:file-yyyy

Formats of PATH to File, Folder, or Wildcards

While you can specify a file input parameter's value at different places as seen above, the valid PATH format referring to the same file is different. This depends on the level (DNAnexus API/CLI level or Nextflow script-level) and the (file object or string) of the executable's input parameter. Examples of this are given below.

Scenarios

Valid PATH format

Specifying a Nextflow Job Tree Output Folder

When launching a DNAnexus job, you can specify a job-level output destination such as project-xxxx:/destination/ using the platform-level optional parameter on the or on the . For pipelines with publishDir settings, each output file is saved to <dx_run_path>/<publishDir>/, where <dx_run_path> is the job-level output destination and <publishDir> is the path assigned by the Nextflow script's process.

Read more detail about the output folder specification and . Find an example on how to construct output paths of an nf-core pipeline job tree at run time in the .

Using an AWS S3 Bucket as a Work Directory for Nextflow Pipeline Runs

You can have your Nextflow pipeline runs use an Amazon Web Services (AWS) S3 bucket as a work directory. To do this, follow the steps outlined below.

Step 1. Configure Your AWS Account to Trust the DNAnexus Platform as an OIDC Identity Provider

to configure your AWS account to trust the Platform, as an OIDC identity provider. Be sure to note the value entered in the "Audience" field. This value is required in a configuration file used by your pipeline to enable pipeline runs to access the S3 bucket.

Step 2. Configure an AWS IAM Role with the Proper Trust and Permissions Policies

Next, configure an , such that its permissions and trust policies allow Platform jobs that assume this role, to access and use resources in the S3 bucket.

Permissions Policy

The following example shows how to structure an IAM role's permission policy, to enable the role to use an S3 bucket - accessible via the S3 URI s3://my-nextflow-s3-workdir - as the work directory of Nextflow pipeline runs:

In the above example:

The "Action" section contains a list of the actions the role is allowed to perform, including deleting, getting, listing, and putting objects.
The two entries in the list in the "Resource" section enable the role to access all resources in the bucket accessible via the S3 URI my-nextflow-s3-workdir.

Trust Policy

The following example shows how to configure an IAM role's trust policy, to allow only properly configured Platform jobs to assume the role:

In the above example:

To assume the role, a job must be launched from within a specific Platform project (in this case, project-xxxx).
To assume the role, a job must be launched by a specific Platform user (in this case, user-aaaa).
Via the "Federated" setting in the "Principal" section, the policy configures the role to trust the Platform as an OIDC identity provider, as accessible at

Step 3. Configure Your Nextflow Pipeline's Configuration File to Access the S3 Bucket

Next you need to configure your pipeline so that when it's run, it can access the S3 bucket. To do this, add, in a configuration file, a dnanexus that includes the properties shown in this example:

In the above example:

workDir is the path to the bucket to be used as a work directory, in S3 URI format.
jobTokenAudience is the value of "Audience" you defined in above.
jobTokenSubjectClaims

Using Subject Claims to Control Bucket Access

When configuring the trust policy for the role that allows access to the S3 bucket, use custom subject claims to control which jobs can assume this role. Here are some typical combinations that we recommend, with their implications:

Having included custom subject claims in the trust policy for the role, you need then, in the , to set the value of jobTokenSubjectClaims to equal a comma-separated list of claims, entered in the same order in which you entered them in the trust policy.

For example, if you configured a role's trust policy per the , you are requiring a job, to assume the role, to present custom subject claims project_id and launched_by, in that order. In your Nextflow configuration file, set the value of jobTokenSubjectClaims, within the dnanexus config scope, as follows:

Within the dna config scope, you must also set the value of iamRoleArnToAssume to that of the appropriate role:

Advanced Options: Building a Nextflow Pipeline Executable

Nextflow Pipeline Executable Permissions

By default, the Platform . Nextflow pipeline apps and applets have the following capabilities that are exceptions to these limits:

External internet access ("network": ["*"]) - This is required for Nextflow pipeline apps and applets to be able to pull Docker images from external Docker registries at runtime.
UPLOAD access to the project in which a Nextflow pipeline job is run ("project": "UPLOAD") - This is required in order for Nextflow pipeline jobs to record the progress of executions, and preserve the run cache, to enable resume functionality.

You can modify a Nextflow pipeline app or applet's permissions by overriding the default values when , using the --extra-args flag with . An example:

Here are the key points:

"network": [] prevents jobs from accessing the internet.
"allProjects":"VIEW" increases jobs' access permission level to VIEW. This means that each job has "read" access to projects that can be accessed by the user running the job. Use this carefully. This permission setting can be useful when expected input file PATHs are provided as DNAnexus URIs - via a , for example, - from projects other than the one in which a job is being run.

Advanced Building and Importing Pipelines

Additional options exist for dx build --nextflow:

Option

Class

Description

Use dx build --help for more information.

Private Nextflow Pipeline Repository

When the Nextflow pipeline to be imported is from a private repository, you must provide a file object that contains the credentials needed to access the repository. Via the CLI, use the --git-credentials flag, and format the object as follows:

To safeguard this credentials field object, store it in a separate project that only you can access.

Platform File Objects as Runtime Docker Images

When building a Nextflow pipeline executable, you can replace any with a Platform file object in tarball format. These Docker tarball objects serve as substitutes for referencing external Docker repositories.

This approach enhances the provenance and reproducibility of the pipeline by minimizing reliance on external dependencies, thereby reducing associated risks. Also, it fortifies data security by eliminating the need for internet access to external resources, during pipeline execution.

Two methods are available for preparing Docker images as tarball file objects on the platform: or .

Built-in Docker Image Caching vs. Manually Preparing Tarballs

Built-in Docker image caching

Manually preparing tarballs

Built-in Docker Image Caching

This method initiates a building job that begins by taking the pipeline script, then identifying Docker containers by scanning the script's source code based on the final execution tree. Next, the job converts the containers to tarballs, and saves those tarballs to the project in which the job is running. Finally, the job builds the Nextflow pipeline executable, in the tarballs, as bundledDepends.

You can use built-in caching via the CLI by using the flag --cache-docker at build time. All cached Docker tarballs are stored as file objects, within the Docker cache path, at project-xxxx:/.cached_docker_images/<image_name>/<image_name>_<version>.

An example:

If you need to access a Docker container that's stored in a private repository, you must provide, along with the flag --docker-secrets, a file object that contains the credentials needed to access the repository. This object must be in the following format:

When a pipeline requires specific inputs, such as file objects, sample values must be present within the project in which building job is to execute. These values must be provided along with the flag --nextflow-pipeline-params.
- It's crucial that these sample values be structured in the same way as actual input data is structured. This ensures that the execution logic of the Nextflow pipeline remains intact. During the build process, use small files, containing data representative of the larger dataset, as sample data, to reduce file localization overhead.

Manually Preparing Tarballs

You can manually convert Docker images to tarball file objects. Within Nextflow pipeline scripts, you must then reference the location of each such tarball, in one of the following three ways:

Option A: Reference each tarball by its unique Platform ID such as dx://project-xxxx:file-yyyy. Use this approach if you want deterministic execution behavior.

You can use Platform IDs in Nextflow pipeline scripts (*.nf) or configuration files (*.config), as follows:

When accessing a Platform project, a Nextflow pipeline job needs the VIEW or higher permission to the project.

Option B: Within a Nextflow pipeline script, you can also reference a Docker image by using its . Use this name within a path that's in the following format: project-xxxx:/.cached_docker_images/<image_name>/<image_name>_<version>.

An example:

File extensions are not necessary, and project-xxxx is the project where the Nextflow pipeline executable was built and is executed. For.cached_docker_images, substitute the name of the folder in which these images have been stored. An exact <version> reference must be included - latest is not an accepted tag in this context.

At Nextflow pipeline executable runtime:

If no image is found at the path provided, the Nextflow pipeline job attempts to pull the Docker image from the remote external registry, based on the image name. This pull attempt requires internet access.
When the version is referenced as latest

Here are examples of tarball file object paths and names, as constructed from image names and version tags:

Image Name

Version Tag

Tarball File Object Path and Name

Option C: You can also reference Docker image names in pipeline scripts by digest - for example, <Image_name>@sha256:XYZ123…). File extensions are not necessary, and project-xxxx is the project where the Nextflow pipeline executable was built and is executed. For.cached_docker_images, substitute the name of the folder in which these images have been stored. An exact <version> reference must be included - latest is not an accepted tag in this context. When referring to a tarball file on the Platform using this method, the file must have an object property image_digest assigned to it. A typical format would be "image_digest":"<IMAGE_DIGEST_HERE>".

An example:

Nextflow Input Parameter Type Conversion to DNAnexus Executable Input Parameter Class

Based on the input parameter's type and format (when applicable) defined in the corresponding , each parameter is assigned to the corresponding class (, ).

File Input as String or File Class

As a pipeline developer, you can specify a file input variable as {"type":"string", "format":"file-path"} or {"type":"string", "format":"path"}, which is assigned to "file" or "string" class, respectively. When running the executable, based on the class (file or string) of the executable's input parameter, you use a specific PATH format to specify the value. See the for an acceptable PATH format for each class.

Converting a URL path to a String

When converting a file reference from a URL format to a String, you use the method toUriString(). An example of a URL format would be dx://project-xxxx:/path/to/file for a DNAnexus URI. The method toURI().toString() does not give the same result because toURI() removes the context ID, such as project-xxxx, and toString() removes the scheme, such as dx://. More information about the Nextflow methods is available in the .

Managing intermediate files and publishing outputs

Pipeline Output Setting Using output: `block` and `publishDir`

All files generated by a Nextflow job tree are stored in its session's corresponding workDir, which is the path where the temporary results are stored. On DNAnexus, when the Nextflow pipeline job is run with "preserve_cache=true", the workDir is set at the path: project-xxxx:/.nextflow_cache_db/<session_id>/work/. The project-xxxx is the project where the job took place, and you can follow the path to access all preserved temporary results. It is useful to be able to access these results for investigating the detailed pipeline progress, and use them for resuming job runs for pipeline development purposes.

When the Nextflow pipeline job is run with "preserve_cache=false" (default), temporary files are stored in the job's which is deconstructed when the head job enters its terminate state - "done", "failed", or "terminated". Since a lot of these files are intermediate input/output being passed between processes and expected to be cleaned up after the job is completed, running with "preserve_cache=false" helps reduce project storage cost for files that are not of interest. It also saves you from remembering to clean up all temporary files.

To save the final results of interest, and to display them as the Nextflow pipeline executable's output, you can declare output files matching the declaration under the script's output: block, and use Nextflow's optional directive to publish them.

This makes the published output files available as the Nextflow pipeline head job's , under the executable's formally defined placeholder output parameter, published_files, as array:file class. Then the files are organized under the relative folder structure assigned via publishDir. This works for both "preserve_cache=true" and "preserve_cache=false". Only the "copy" publish mode is supported on DNAnexus.

Values of `publishDir`

At pipeline development time, the valid value of publishDir can be:

A local path string, for example, "publishDir path: ./path/to/nf/publish_dir/",
A dynamic string value defined as a pipeline input parameter such as "params.outdir", where "outdir" is a string-class input. This allows pipeline users to determine parameter values at runtime. For example, "publishDir path: '${params.outdir}/some/dir/'" or './some/dir/${params.outdir}/

Find an example on how to construct output paths for an nf-core pipeline job tree at run time in the .

publishDir is NOT supported on DNAnexus when assigned as an absolute path starting at root (/), such as /path/to/nf/publish_dir/. If an absolute path is defined for the publishDir, no output files are generated as the job's output parameter "published_files".

Queue Size Configuration

The queueSize option is part of Nextflow's executor . It defines how many tasks the executor handles in a parallel way. On DNAnexus, this represents the number of subjobs being created at a time (5 by default) by the Nextflow pipeline executable's head job. If the pipeline's executor configuration has a value assigned to queueSize, it overrides the default value. If the value exceeds the upper limit (1000) on DNAnexus, the root job errors out. See the Nextflow executor page for examples.

Instance Type Determination

Head job instance type determination

The head job of the job tree defaults to running on instance type mem2_ssd1_v2_x4 in AWS regions and azure:mem2_ssd1_x4 in Azure regions. Users can change to a different instance type than the default, but this is not recommended. The head job executes and monitors the subjobs. Changing the instance type for the head job does not affect the computing resources available for subjobs, where most of the heavy computation takes place (see below where to configure instance types for Nextflow processes). Changing the instance type for the head job may be necessary only if it runs out of memory or disk space when staging input files, collecting pipeline output files, or uploading pipeline output files to the project.

Subjob instance type determination

Each subjob's instance type is determined based on the profile information provided in the Nextflow pipeline script. Specify required instances by via Nextflow's directive (example below). Alternatively, use a set of system requirements such as , , , and other resource parameters according to the official Nextflow documentation. The executor matches instance types to the minimal requirements described in the Nextflow pipeline profile using this logic:

Choose the cheapest instance that satisfies the system requirements.
Use only SSD type instances.
For all things equal (price and instance specifications), it prefers a instance type.

Order of precedence for subjob instance type determination:

The value assigned to machineType directive.
Values assigned to cpus, memory, and disk directives in their .

An example command for specifying machineType by DNAnexus instance type name is provided below:

Values assigned to cpus, memory, and disk directives serve two purposes: they determine the instance type and can be recalled by Nextflow's process such as ${task.cpus}, ${task.memory}, and ${task.disk} at runtime for task allocation.

Nextflow Resume

Preserve Run Caches and Resuming Previous Jobs

Nextflow's feature enables skipping the processes that have been finished successfully and cached in previous runs. The new run can directly jump to downstream processes without needing to start from the beginning of the pipeline. By retrieving cached progress, Nextflow resume helps pipeline developers to save both time and compute costs. It is helpful for testing and troubleshooting when building and developing a Nextflow pipeline.

Nextflow uses a scratch storage area for caching and preserving each task's temporary results. The directory is called "working directory", and the directory's path is defined by

The session id, a universally unique identifier (UUID) associated with current execution
Each task's unique hash ID: a hash number composed of each task's input values, input files, command line strings, container ID such as Docker image, conda environment, environment modules, and executed scripts in the bin directory, when applicable.

You can use the Nextflow resume feature with the following Nextflow pipeline executable parameters:

preserve_cache Boolean type. Default value is false. When set to true, the run is cached in the current project for future resumes. For example:
- This enables the Nextflow job tree to preserve cached information as well as all temporary results in the project where it is executed under the following paths, based on its session ID and each subjob's unique ID.

When preserve_cache=true, DNAnexus executor overrides the value of workDir of the job tree to be project-xxxx:/.nextflow_cache_db/<session_id>/work/, where project-xxxx is the project where the job tree was executed.

Below are four possible scenarios and the recommended use cases for –i resume:

Scenarios

Parameters

Use Cases

Note

Cache Preserve Limitations and Cleaning Up `workDir`

To save on storage costs, clean up the workDir regularly. The maximum number of sessions that can be preserved in a DNAnexus project is 20 sessions. If you exceed the limit, the job generates an error with the following message:

"The number of preserved sessions is already at the limit (N=20) and preserve_cache is true. Remove the folders in <project-id>:/.nextflow_cache_db/ to be under the limit, if you want to preserve the cache of this run. "

To clean up all preserved sessions under a project, you can delete the entire ./nextflow_cache_db folder. To clean up a specific session's cached folder, you can delete the specific .nextflow_cache_db/<session_id>/ folder. To delete a folder in UI, you can follow the documentation on . To delete a folder in CLI, you can run:

Be aware that deleting an object on UI or using CLI dx rm cannot be undone. Once the session work directory is deleted or moved, subsequent runs cannot resume from the session.

For each session, only one job can resume the session's cached results and preserve its own progress to this session. Multiple jobs can resume and preserve different sessions without limitations, as long as each job preserves a different session. Similarly, multiple jobs can resume the same session without limitations, as long as only one or none is preserving the progress to the session.

Nextflow's `errorStrategy`

Nextflow's directive allows you to define how the error condition is managed by the Nextflow executor at the process level. When an error status is returned, by default, the process and other pending processes stop immediately (the default is errorStrategy terminate). This forces the entire pipeline execution to be terminated.

Four error strategy options exist for Nextflow executor: terminate, finish, ignore, and retry. Below is a table of behaviors for each strategy. The "all other subjobs" referenced in the third column have not yet entered their terminal states.

When more than one errorStrategy directives are applied to a pipeline job tree, the following rules apply depending on the first errorStrategy used.

When terminate is the first errorStrategy directive to be triggered in a subjob, all the other ongoing subjobs result in the "failed" state immediately.
When finish is the first errorStrategy directive to be triggered in a subjob, any other errorStrategy that is reached in the remaining ongoing subjobs also applies the

Independent from Nextflow process-level error conditions, when a Nextflow subjob encounters platform-related restartable , such as ExecutionError, UnresponsiveWorker, JMInternalError, AppInternalError, AppInsufficientResourceError, or JobTimeoutExceeded, the subjob follows the executionPolicy determined for the subjob and restarts itself. It does not restart from the head job.

FAQ

My Nextflow job tree failed, how do I find where the errors are?

A: Find the errored subjob's job ID from the head job's nextflow_errored_subjob and nextflow_errorStrategy properties to investigate which subjob failed and which errorStrategy was applied. To query these errorStrategy related properties in CLI, run the following command:

where job-xxxx is the head job's job ID. \

After finding the errored subjob, investigate the job log using the Monitor page by accessing the URL https://platform.dnanexus.com/projects/<projectID>/monitor/job/<jobID>. In this URL, jobID is the subjob's ID such as job-yyyy. Alternatively, watch the job log in CLI using dx watch job-yyyy.

With the preserve_cache value set to true when starting the Nextflow pipeline executable, trace the cache workDir such as project-xxxx:/.nextflow_cache_db/<session_id>/work/ to investigate the intermediate results of this run.

What is the version of Nextflow that is used?

A: Find the Nextflow version by reading the log of the head job. Each built Nextflow executable is locked down to the specific version of Nextflow executor.

What container runtimes are supported?

A: DNAnexus supports as the container runtime for Nextflow pipeline applets. It is recommended to set docker.enabled=true in the Nextflow pipeline configuration, which enables the built Nextflow pipeline applet to execute the pipeline using Docker.

My job hangs at the end of the analysis. What can I do to avoid this problem?

A: There can be many possibilities causing the head job to become unresponsive. One of the known reasons is caused by the being written directly to a DNAnexus URI such as dx://project-xxxx:/path/to/file. To avoid this cause, specify -with-trace path/to/tracefile (using a local path string) to the Nextflow pipeline applet's nextflow_run_opts input parameter.

Can I have an example of how to construct an output path when I run a Nextflow pipeline with `params.outdir`, `publishDir` and job-level destination?

Taking as an example, start with reading the pipeline's logic:

The pipeline's is constructed with a prefix of the params.outdir variable followed by each task's name for each subfolder: publishDir = [ path: { "${params.outdir}/${...}" }, ... ]
params.outdir is a to the pipeline, and the . The user running the corresponding Nextflow pipeline executable must specify a value to params.outdir to:

To specify a value of params.outdir for the Nextflow pipeline executable built from the nf-core/sarek pipeline script, you can use the following command:

You can also set a job tree's output destination using :

This command constructs the final output paths as follows:

project-xxxx:/path/to/jobtree/destination/ as the destination of the job tree's shared output folder.
project-xxxx:/path/to/jobtree/destination/local/to/outdir as the shared output folder of the all tasks/processes/subjobs of this pipeline.
project-xxxx:/path/to/jobtree/destination/local/to/outdir/<task_name> as the output folder of each specific task/process/subjob of this pipeline.

This example is built based on and .
Not all Nextflow pipelines have params.outdir as input, nor do all use params.outdir

DNAnexus Documentation

Overview

hashtagUsing the DNAnexus Platform

Getting Started

hashtagUploading and Sharing Data

hashtagRunning a Single App

hashtagCreating and Running a Workflow

hashtagMonitoring Jobs and Viewing Results

hashtagVisualizing Data

hashtagLearn More

hashtagAdditional Tutorials

DNAnexus Essentials

hashtagLearn More

Key Concepts

Bash

Bash Helpers

hashtagSource Code

hashtag

SAMtools count

hashtagDownload BAM Files

hashtagSAMtools Count

hashtagUpload Result

hashtagAssociate With Output

TensorBoard Example Web App

hashtagCreating the web application

hashtagCreating an applet on DNAnexus

Git Dependency

hashtagWhat does this applet do?

hashtagPrerequisites

hashtagHow is the SAMtools dependency added?

hashtagHow is SAMtools called in the src script?

hashtagApplet Script

Parallel by Region (sh)

hashtagHow is the SAMtools dependency provided?

hashtagDebugging

hashtagParallel Run

hashtagJob Output

Parallel xargs by Chr

hashtagHow is the SAMtools dependency provided?

hashtagParallel Run

hashtagSplice BAM

hashtagXargs SAMtools view

hashtagUpload results

Precompiled Binary

hashtagPrecompiling a Binary

hashtagResources Directory

R Shiny Example Web App

hashtagCreating the web application

hashtagModifying this example for your own applet

hashtagHow to rebuild the shiny asset

hashtagBuild the applet

Python

Dash Example Web App

hashtagCreating the web application

hashtagCreating an applet on DNAnexus

hashtagCreating the asset

hashtagUse the asset from the applet

hashtagBuild the applet

hashtagOptional local testing

TensorBoard Example Web App

hashtag

Concurrent Computing Tutorials

Parallel

User

Projects

Running Apps and Workflows

Job Notifications

Executions and Time Limits

hashtagTypes of Time Limits

hashtag

Apps and Workflows Glossary

Kaplan-Meier Survival Curve

hashtagBuilding a Kaplan-Meier Survival Curve Chart

Scatter Plot

hashtagWhen to Use Scatter Plots

Stacked Row Chart

hashtagWhen to Use Stacked Row Charts

JupyterLab Quickstart

FreeSurfer in JupyterLab

hashtagAbout FreeSurfer

Using the DNAnexus Platform

Uploading and Sharing Data

Running a Single App

Creating and Running a Workflow

Monitoring Jobs and Viewing Results

Visualizing Data

Learn More

Additional Tutorials

Learn More

Source Code

Download BAM Files

SAMtools Count

Upload Result

Associate With Output

Creating the web application

Creating an applet on DNAnexus

What does this applet do?

Prerequisites

How is the SAMtools dependency added?

How is SAMtools called in the `src` script?

Applet Script

How is the SAMtools dependency provided?

Debugging

Parallel Run

Job Output

How is the SAMtools dependency provided?

Parallel Run

Splice BAM

Xargs SAMtools view

Upload results

Precompiling a Binary

Resources Directory

Creating the web application

Modifying this example for your own applet

How to rebuild the shiny asset

Build the applet

Creating the web application

Creating an applet on DNAnexus

Creating the asset

Use the asset from the applet

Build the applet

Optional local testing

Types of Time Limits

Building a Kaplan-Meier Survival Curve Chart

When to Use Scatter Plots

When to Use Stacked Row Charts

About FreeSurfer

FreeSurfer License Registration

Using the FreeSurfer License on DNAnexus

Spark Applications

Using the DNAnexus Platform

Learn More

Uploading and Sharing Data

Running a Single App

Creating and Running a Workflow

Monitoring Jobs and Viewing Results

Visualizing Data

Learn More

Additional Tutorials

Creating the web application

Modifying this example for your own applet

How to rebuild the shiny asset

Build the applet

Download BAM Files

SAMtools Count

Upload Result

Associate With Output

Precompiling a Binary

Resources Directory

Source Code

Step 2. Create an Output Directory

Step 3. Run SAMtools View

Step 4. Upload Result

What does this applet do?

Prerequisites

How is the SAMtools dependency added?

How is SAMtools called in the `src` script?

Applet Script

Creating the web application

Creating an applet on DNAnexus