enterprise-release: 26.1 Documentation

.claude/settings.json

@@ -0,0 +1,7 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(git check-ignore *)"
+    ]
+  }
+}

changelog/seqera-enterprise/v24.1.md

@@ -6,6 +6,10 @@ tags: [seqera enterprise]
 
 Seqera Platform Enterprise version 24.1 introduces three new features: Data Studios (in public preview), Data Explorer, and managed identities. A number of bug fixes and performance enhancements are included in this major release.
 
+:::info
+The legacy distribution endpoint at `cr.seqera.io/private` is deprecated. Only bug fixes for existing major releases will continue to be published there. New major releases of Seqera Platform are available from `cr.seqera.io/enterprise`. Seqera will provide updated credentials for the new endpoint — [contact your Seqera representative](https://support.seqera.io) if you need access.
+:::
+
 ## Feature updates and improvements
 
 ### Data Studios

changelog/seqera-enterprise/v24.2.md

@@ -6,6 +6,10 @@ tags: [seqera enterprise]
 
 Seqera Enterprise version 24.2 introduces new Data Studios features, global Nextflow configuration at the compute environment level, Azure service principal and managed identity authentication support, and a number of bug fixes and performance enhancements.
 
+:::info
+The legacy distribution endpoint at `cr.seqera.io/private` is deprecated. Only bug fixes for existing major releases will continue to be published there. New major releases of Seqera Platform are available from `cr.seqera.io/enterprise`. Seqera will provide updated credentials for the new endpoint — [contact your Seqera representative](https://support.seqera.io) if you need access.
+:::
+
 ## Feature updates and improvements
 
 ### Data Studios

changelog/seqera-enterprise/v25.1.md

@@ -8,6 +8,10 @@ Seqera Platform Enterprise version 25.1 introduces Studios GA and a number of bu
 
 Studios is Seqera's in-platform tool for secure, on-demand, interactive data analysis using containers created from Seqera-managed container template images or your own organization-managed custom environments. You only pay for the compute your Studio sessions consume, and the compute is adjacent to your data, significantly reducing data transfer costs and wasted time copying data from storage to analysis. This significantly reduces infrastructure management requirements, removes data silos, adheres to strict in-platform role-based access control, and lowers your operational costs. [Learn more about Studios](https://docs.seqera.io/platform-enterprise/25.1/studios/overview).
 
+:::info
+The legacy distribution endpoint at `cr.seqera.io/private` is deprecated. Only bug fixes for existing major releases will continue to be published there. New major releases of Seqera Platform are available from `cr.seqera.io/enterprise`. Seqera will provide updated credentials for the new endpoint — [contact your Seqera representative](https://support.seqera.io) if you need access.
+:::
+
 ## Feature updates and improvements
 
 ### Studios

changelog/seqera-enterprise/v25.2.md

@@ -6,6 +6,10 @@ tags: [seqera enterprise]
 
 Seqera Platform Enterprise version 25.2 introduces a series of enhancements to improve security, observability, and flexibility.
 
+:::info
+The legacy distribution endpoint at `cr.seqera.io/private` is deprecated. Only bug fixes for existing major releases will continue to be published there. New major releases of Seqera Platform are available from `cr.seqera.io/enterprise`. Seqera will provide updated credentials for the new endpoint — [contact your Seqera representative](https://support.seqera.io) if you need access.
+:::
+
 ## Feature updates and improvements
 
 ### Single instance cloud compute environments

changelog/seqera-enterprise/v25.3.md

@@ -6,6 +6,10 @@ tags: [seqera enterprise]
 
 Seqera Platform Enterprise version 25.3 introduces a series of new features and enhancements, including custom user roles, Studios integration with Git providers, and pipeline versioning.
 
+:::info
+The legacy distribution endpoint at `cr.seqera.io/private` is deprecated. Only bug fixes for existing major releases will continue to be published there. New major releases of Seqera Platform are available from `cr.seqera.io/enterprise`. Seqera will provide updated credentials for the new endpoint — [contact your Seqera representative](https://support.seqera.io) if you need access.
+:::
+
 ## Feature updates and improvements
 
 ### Custom roles and fine-grained authorization (RBAC)

changelog/seqera-enterprise/v26.1.md

@@ -0,0 +1,189 @@
+---
+title: Seqera Platform Enterprise v26.1
+date: 2026-04-07
+tags: [enterprise]
+---
+
+:::info
+The legacy distribution endpoint at `cr.seqera.io/private` is deprecated. Only bug fixes for existing major releases will continue to be published there. New major releases of Seqera Platform are available from `cr.seqera.io/enterprise`. Seqera will provide updated credentials for the new endpoint — [contact your Seqera representative](https://support.seqera.io) if you need access.
+:::
+
+## Feature updates and improvements
+
+### Studios
+
+- Improved Studios session management and stability.
+- Updated Studios micromamba builds to use `conda/micromamba:v2` and Wave 1.33.0.
+- Added `nameStrategy` configuration option to Studios workspace settings.
+- Renamed Studios settings route from `data-studios` to `studios`.
+- Added ability to edit stopped Studios without restarting them.
+
+### Compute environments
+
+- Added separate head and worker pool support for Azure Batch compute environments in both Forge and manual modes.
+- Added ability to disable a compute environment.
+- Improved Seqera Compute integration.
+- Improved compute environment form warning display with individual stacked alerts.
+
+### Azure
+
+- Changed default Azure Batch job timeout to 7 days and exposed it as a new configuration item.
+- Updated default Azure termination policy in compute environment creation form.
+- Added VNet and subnet support for Azure Batch compute environments.
+- Added support for separate managed identity client IDs for head and compute jobs in Azure Batch.
+- Enabled Entra (service principal) credentials for Azure Batch Forge pool creation and Fusion v2.
+
+### AWS
+
+- Added AWS credential modes with support for key-based and role-based access.
+- Added AWS External ID support for role-based credentials.
+
+### GCP
+
+- Added Workload Identity Federation (WIF) credential support for Google Batch and Google Cloud compute environments.
+- Added support for network tagging in Google Batch.
+- Added boot disk image selection for Google Batch compute environments.
+- Added support for multiple machine types in Google Batch compute environments.
+
+### Pipelines
+
+- Redesigned workflow notification email templates with updated styling.
+- Added GitHub App manifest flow for credential creation.
+- Improved clipboard UX in workflow details header.
+- Updated schema radio control copy.
+- Redesigned report preview modal header layout and modal.
+- Registered Nextflow CLI as a static OIDC client for authorization code with PKCE flow.
+- Enriched the `POST /trace/create` response with platform metadata to reduce downstream API calls from Nextflow. (link needed)
+
+### Datasets
+
+- Added preview support for linked (URL-referenced) dataset versions.
+
+### Data Explorer
+
+- Added data lake support in Data Explorer.
+- Added Molstar 3D viewer for PDB and CIF file preview.
+- Added extensible view mode selection for JSON files in Data Explorer (JSON, IGV, and plain text).
+- Updated Data Explorer to display non-native browser files as text when opened in a new tab.
+- Added Fusion symlink resolution to the Data Explorer API.
+- Increased the maximum data link name length to 512 characters.
+
+### Access control
+
+- Added required description field to custom role creation.
+- Exposed roles API endpoints in the OpenAPI specification.
+- Added SSO domain-based redirect for the login guard.
+
+### Monitoring and observability
+
+- Added real-time active user count display in the admin panel.
+- Added workspace usage metrics.
+- Added CSV export for audit logs v2 with configurable maximum record limit.
+- Added audit event metadata (owner ID, workspace ID) to Studios audit events.
+- Switched audit logs v2 to token-based pagination for improved performance.
+- Added comprehensive audit logging for SSO lifecycle events.
+- Migrated telemetry usage queries to use the audit logs v2 table.
+- Updated the audit log cleaner to handle both v1 and v2 audit log tables.
+- Added CSV export button to the admin audit logs v2 table.
+- Added descriptions and documentation metadata to audit event types.
+- Added audit event metadata to the remaining Studios session audit events.
+- Added audit event metadata (owner ID, workspace ID) to all data link audit events.
+- Added `target_name` field to the audit log v2 data model.
+- Renamed outdated audit event types to use consistent naming conventions.
+- Deprecated the legacy `/admin/audit-logs` (v1) endpoint.
+- Added target resource names to all audit event emission points.
+- Refined audit log v2 target resource context labels in API, UI, and CSV export.
+- Added a `TOWER_AUDIT_LOG_V2_WRITE_MODE` setting supporting `v1`, `v2`, and `dual` modes.
+- Removed unused `instanceId` and `instanceName` columns from the audit log v2 table.
+- Updated the audit log v2 admin table to display resource names alongside target IDs.
+- Added target organization, workspace, and user context to audit log v2 interfaces.
+
+### General
+
+- Bumped Micronaut from 4.7.6 to 4.8.3.
+- Improved admin workspace list toolbar responsiveness.
+- Applied updated status icons across platform components.
+- Redesigned page header layout with improved toolbar and breadcrumb integration.
+- Added automatic breadcrumb navigation to page headers.
+- Updated delete workspace confirmation modal text to clarify the impact of deletion.
+- Removed the unused Containers page.
+- Removed the dynamic resource labels feature toggle (feature is now always active).
+
+## Bug fixes
+
+### Studios
+
+- Added workspace existence check before creating Studios workspace settings.
+- Fixed R-IDE icon styling.
+- Added validation of git repository configuration files when creating a Studio.
+- Fixed broken navigation from Studio details page for private Studios.
+
+### Compute environments
+
+- Fixed Google Batch machine type migration to be portable across MySQL and MariaDB.
+- Removed hardcoded prediction model configuration from AWS Cloud platform provider.
+- Fixed metering event handling to batch events when more than 100 events are received, preventing silent data loss.
+- Removed default `terminateAsync` implementation to enforce explicit provider implementations.
+- Fixed Workload Identity Federation (WIF) log retrieval by setting the project ID on the Cloud Logging client.
+- Fixed WIF log retrieval by resolving GCP project numbers to project names for Cloud Logging filters.
+- Fixed WIF credential context propagation for log retrieval and data link operations.
+- Propagated AWS Forge disposal failures instead of silently swallowing exceptions.
+- Pinned `google-cloud-storage` to a compatible version to fix `NoClassDefFoundError` on GCS data link access.
+- Returned an actionable error message when an Azure Batch pool is missing during job submission.
+- Propagated GCP Forge disposal failures instead of silently ignoring resource deletion errors.
+- Enabled cloud cache for Kubernetes compute environments with local PVC paths.
+- Reverted unintended cloud cache change for Kubernetes compute environments.
+
+### Pipelines
+
+- Fixed pipeline implicit default version resolution.
+- Removed logs from AI debug button URL to prevent URI too large errors.
+- Replaced `document.write` with client-side form submission in GitHub App manifest flow to fix Firefox blank page issue.
+- Made workflow job cancellation idempotent to prevent 500 errors on concurrent cancel requests.
+- Fixed parallel requests to pipeline info in the launch form.
+
+### Datasets
+
+- Fixed `LazyInitializationException` in avatar resolution during dataset creation.
+- Fixed dataset name field to apply input normalization (spaces converted to underscores).
+- Fixed column order preservation in dataset preview for TSV files.
+
+### Data Explorer
+
+- Fixed IGV MIME type detection in Data Explorer.
+
+### Access control
+
+- Fixed refresh token JWT secret configuration for enterprise deployments.
+- Hardened the Auth0 OAuth2 flow with retries against `ResponseClosedException` errors.
+- Fixed `auth0org_id` column naming to align with Hibernate naming strategy.
+- Fixed erroneous `@QueryValue` annotations on SSO controller path variables causing 404 errors.
+- Fixed `@PermissionRequired` interceptor binding with `@Type` annotation.
+- Fixed `@JWTAuthRequired` interceptor binding with `@Type` annotation to prevent silent bypass.
+
+### Monitoring and observability
+
+- Fixed dashboard drop-down scrolling and character overflow.
+- Fixed task logging to use populated `taskId` instead of empty `id`.
+- Fixed `user_sign_in` audit events to correctly populate the actor field with the signing user's ID.
+
+### General
+
+- Fixed side navigation width not updating in Safari when toggling the collapsed state.
+- Fixed credits banner appearing during page load.
+- Fixed oversized icon on the forbidden access page.
+
+## Upgrade notes
+
+No breaking changes. Standard upgrade procedure applies.
+
+### Configuration changes
+
+- `TOWER_AUDIT_LOG_V2_ENABLED` and `TOWER_AUDIT_LOG_V2_WRITE_MODE` added as configuration options.
+
+  - `TOWER_AUDIT_LOG_V2_WRITE_MODE`: Turns on the v2 Audit Log for parallel writes with v1 Audit Log.
+  - `TOWER_AUDIT_LOG_V2_ENABLED`: Turns on or off the v2 Audit Log view from the Admin Panel.
+
+### Database migrations
+
+Database migrations run automatically during upgrade. No manual steps required.

docusaurus.config.js

@@ -417,6 +417,15 @@ export default async function createConfigAsync() {
     ].filter(Boolean),
 
     themeConfig: getSeqeraThemeConfig({
+      seqera: {
+        docs: {
+          versionDropdown: {
+            'platform-enterprise': {
+              showCurrent: process.env.INCLUDE_NEXT ? true : false,
+            },
+          },
+        },
+      },
       typesense: {
         typesenseCollectionName: 'seqera_docs',
         searchPagePath: '/search',

netlify.toml

@@ -17,7 +17,7 @@
   DOCUSAURUS_SSG_WORKER_THREAD_COUNT = "1"
 
 [context.deploy-preview.build.environment]
-  INCLUDE_NEXT=""
+  INCLUDE_NEXT="true"
   EXCLUDE_CHANGELOG=""
   EXCLUDE_PLATFORM_CLI="true"
   EXCLUDE_PLATFORM_ENTERPRISE=""

platform-enterprise_docs/enterprise-sidebar.json

@@ -230,7 +230,8 @@
         "seqera-ai/installation",
         "seqera-ai/authentication",
         "seqera-ai/command-approval",
-        "seqera-ai/use-cases"
+        "seqera-ai/use-cases",
+        "seqera-ai/projects"
       ]
     },
        {

platform-enterprise_docs/enterprise/_templates/docker/docker-compose.yml

@@ -47,7 +47,7 @@ services:
       - $HOME/.tower/db/redis:/data
 
   migrate:
-    image: cr.seqera.io/private/nf-tower-enterprise/migrate-db:v25.3.4
+    image: cr.seqera.io/enterprise/platform/migrate-db:v26.1
     platform: linux/amd64
     command: -c "/migrate-db.sh"
     networks:
@@ -64,7 +64,7 @@ services:
         condition: service_healthy
 
   cron:
-    image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.4
+    image: cr.seqera.io/enterprise/platform/backend:v26.1
     platform: linux/amd64
     command: -c '/tower.sh'
     networks:
@@ -85,7 +85,7 @@ services:
 
 
   backend:
-    image: cr.seqera.io/private/nf-tower-enterprise/backend:v25.3.4
+    image: cr.seqera.io/enterprise/platform/backend:v26.1
     platform: linux/amd64
     command: -c '/wait-for-it.sh db:3306 -t 60; /tower.sh'
     networks:
@@ -110,7 +110,7 @@ services:
       - cron
 
   frontend:
-    image: cr.seqera.io/private/nf-tower-enterprise/frontend:v25.3.4
+    image: cr.seqera.io/enterprise/platform/frontend:v26.1
     platform: linux/amd64
     networks:
       - frontend
@@ -122,7 +122,7 @@ services:
 
 # Uncomment the following section to enable Studios functionality. See [Studios configuration](../../../studios/overview) for more information.
 #  connect-proxy:
-#    image: cr.seqera.io/private/nf-tower-enterprise/data-studio/connect-proxy:0.9.0
+#    image: cr.seqera.io/enterprise/studios/proxy:0.11.0
 #    platform: linux/amd64
 #    env_file:
 #      - data-studios.env
@@ -138,7 +138,7 @@ services:
 #     - $HOME/.tower/connect:/data
 #
 #  connect-server:
-#    image: cr.seqera.io/private/nf-tower-enterprise/data-studio/connect-server:0.9.0
+#    image: cr.seqera.io/enterprise/studios/server:0.11.0
 #    platform: linux/amd64
 #    env_file:
 #      - data-studios.env
@@ -151,7 +151,7 @@ services:
   # Uncomment the following section to enable the pipeline optimization service. Add TOWER_ENABLE_GROUNDSWELL
   # or GROUNDSWELL_SERVER_URL to tower.env environment variables
   # groundswell:
-  #   image: cr.seqera.io/private/nf-tower-enterprise/groundswell:0.3.3
+  #   image: cr.seqera.io/enterprise/platform/pipeline-optimization:0.3.3
   #   command: bash -c 'bin/wait-for-it.sh db:3306 -t 60; bin/migrate-db.sh; bin/serve.sh'
   #   networks:
   #     - backend

platform-enterprise_docs/enterprise/_templates/k8s/data_studios/proxy.yml

@@ -19,7 +19,7 @@ spec:
         kubernetes.io/arch: amd64
       containers:
         - name: proxy
-          image: cr.seqera.io/private/nf-tower-enterprise/data-studio/connect-proxy:0.10.0
+          image: cr.seqera.io/enterprise/studios/proxy:0.10.0
           env:
             - name: CONNECT_HTTP_PORT
               value: "8081"

platform-enterprise_docs/enterprise/_templates/k8s/data_studios/server.yml

@@ -21,7 +21,7 @@ spec:
         kubernetes.io/arch: amd64
       containers:
         - name: server
-          image: cr.seqera.io/private/nf-tower-enterprise/data-studio/connect-server:0.10.0
+          image: cr.seqera.io/enterprise/studios/server:0.10.0
           ports:
             - containerPort: 7070
               name: server

platform-enterprise_docs/enterprise/_templates/k8s/groundswell.yml

@@ -96,7 +96,7 @@ spec:
                 name: tower-groundswell-cfg
 
         - name: migrate-db
-          image: "cr.seqera.io/private/nf-tower-enterprise/groundswell:0.4.7"
+          image: "cr.seqera.io/enterprise/platform/pipeline-optimization:0.4.7"
           command: ['/opt/groundswell/bin/migrate-db.sh']
           envFrom:
             - configMapRef:
@@ -106,7 +106,7 @@ spec:
 
       containers:
         - name: groundswell
-          image: "cr.seqera.io/private/nf-tower-enterprise/groundswell:0.4.7"
+          image: "cr.seqera.io/enterprise/platform/pipeline-optimization:0.4.7"
           env:
             - name: MPLCONFIGDIR
               value: "/tmp"