add Corneto

[nilchia]

This PR adds corneto to bioconda. required for liana+

---

Please read the guidelines for Bioconda recipes before opening a pull request (PR).

General instructions

• If this PR adds or updates a recipe, use "Add" or "Update" appropriately as the first word in its title.
• New recipes not directly relevant to the biological sciences need to be submitted to the conda-forge channel instead of Bioconda.
• PRs require reviews prior to being merged. Once your PR is passing tests and ready to be merged, please issue the @BiocondaBot please add label command.
• Please post questions on Gitter or ping @bioconda/core in a comment.

Instructions for avoiding API, ABI, and CLI breakage issues

Conda is able to record and lock (a.k.a. pin) dependency versions used at build time of other recipes.
This way, one can avoid that expectations of a downstream recipe with regards to API, ABI, or CLI are violated by later changes in the recipe.
If not already present in the meta.yaml, make sure to specify run_exports (see here for the rationale and comprehensive explanation).
Add a run_exports section like this:

build:
  run_exports:
    - ...

with ... being one of:

Case	run_exports statement
semantic versioning	{{ pin_subpackage("myrecipe", max_pin="x") }}
semantic versioning (0.x.x)	{{ pin_subpackage("myrecipe", max_pin="x.x") }}
known breakage in minor versions	{{ pin_subpackage("myrecipe", max_pin="x.x") }} (in such a case, please add a note that shortly mentions your evidence for that)
known breakage in patch versions	{{ pin_subpackage("myrecipe", max_pin="x.x.x") }} (in such a case, please add a note that shortly mentions your evidence for that)
calendar versioning	{{ pin_subpackage("myrecipe", max_pin=None) }}

while replacing "myrecipe" with either name if a name|lower variable is defined in your recipe or with the lowercase name of the package in quotes.

Bot commands for PR management

Please use the following BiocondaBot commands:

Everyone has access to the following BiocondaBot commands, which can be given in a comment:

@BiocondaBot please update	Merge the master branch into a PR.
@BiocondaBot please add label	Add the please review & merge label.
@BiocondaBot please fetch artifacts	Post links to CI-built packages/containers. You can use this to test packages locally.

Note that the @BiocondaBot please merge command is now depreciated. Please just squash and merge instead.

Also, the bot watches for comments from non-members that include @bioconda/<team> and will automatically re-post them to notify the addressed <team>.

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

The pull request introduces a new file, meta.yaml, for the corneto package, which outlines its metadata and build configuration necessary for packaging. Key components include the package name set to "corneto" and version "1.0.0a0". The source section specifies the download URL from PyPI and includes a SHA256 checksum for integrity verification. The build section indicates that the package is architecture-independent and provides a script for installation using pip without dependencies or build isolation.

The requirements section details dependencies for both host and runtime environments, specifying Python version constraints and particular versions for numpy, cvxpy-base, and scipy. The test section includes commands to verify the installation and confirm that the corneto package can be imported, with pip listed as a testing requirement. Additional information about the package, such as its homepage, summary, license type, and maintainers, is also included in the about section.

Possibly related PRs

• Add patchify #51268: The meta.yaml file for the patchify package introduces a new package with similar structure and requirements, including the use of a run_exports section, which is also present in the corneto package's meta.yaml.
• add recipe for steamboat #51612: The meta.yaml for the steamboat package also establishes its metadata and build configuration, similar to the changes made in the corneto package's meta.yaml, including the use of a run_exports directive and specifying dependencies.
• Add svtopovz python package #51643: The meta.yaml for the svtopovz package introduces a new package with a similar structure, including a run_exports section and detailed dependency management, akin to the corneto package's configuration.

Suggested labels

please review & merge

Suggested reviewers

• mencian

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 10decf5 and 64e89d7.

📒 Files selected for processing (1)

• recipes/corneto/meta.yaml (1 hunks)

🧰 Additional context used

🪛 yamllint

recipes/corneto/meta.yaml

[error] 1-1: syntax error: found character '%' that cannot start any token

(syntax)

🔇 Additional comments (3)

recipes/corneto/meta.yaml (3)

38-42: Verify repository and license file

Let's ensure the GitHub repository exists and contains the specified license file.

✅ Verification successful

The output shows that the GitHub repository exists (HTTP/2 200) and contains a GPL-3.0 license file, which matches the license specified in the meta.yaml file. Let me generate the final response:

Repository and license verification successful

The GitHub repository exists and contains the GPL-3.0 license file, matching the license declaration in meta.yaml.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify GitHub repository and license existence
# Expected results: 
# 1. curl should return HTTP 200 for repository
# 2. GitHub API should confirm license file presence

# Check if repository exists
curl -sI "https://github.com/saezlab/corneto/" | head -n1

# Check license file using GitHub API
gh api repos/saezlab/corneto/contents/LICENSE

Length of output: 49379

---

9-10: Verify package availability and checksum

Let's ensure the package exists on PyPI and the checksum is correct.

✅ Verification successful

Source URL and checksum verified successfully

The package source URL and SHA256 checksum in meta.yaml are correct and match the published package on PyPI:

• URL pattern is correct for PyPI source distributions
• SHA256 checksum 966d50762f92047ea4e5d1a136607f20ae9ec1d585530a24ad5c95e700b24180 matches exactly
• Version 1.0.0a0 is confirmed to exist on PyPI

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify package existence and checksum
# Expected results: 
# 1. curl should return HTTP 200
# 2. Downloaded file's checksum should match

# Test package URL accessibility
curl -sI "https://pypi.org/packages/source/c/corneto/corneto-1.0.0a0.tar.gz" | head -n1

# Download and verify checksum
curl -sL "https://pypi.org/packages/source/c/corneto/corneto-1.0.0a0.tar.gz" | sha256sum

Length of output: 49379

---

Script:

#!/bin/bash
# Let's try a different approach to verify the package and checksum

# 1. Check if package exists on PyPI using their JSON API
curl -s "https://pypi.org/pypi/corneto/1.0.0a0/json" | jq -r '.urls[0].url,.urls[0].digests.sha256' 2>/dev/null

# 2. As fallback, check the GitHub repository for release info
curl -s "https://api.github.com/repos/saezlab/corneto/releases" | jq -r '.[0].tag_name' 2>/dev/null

Length of output: 406

---

Script:

#!/bin/bash
# Let's check for the source distribution specifically since meta.yaml uses .tar.gz

# 1. Get all distribution URLs and their checksums from PyPI
curl -s "https://pypi.org/pypi/corneto/1.0.0a0/json" | jq -r '.urls[] | select(.packagetype=="sdist") | "\(.url)\n\(.digests.sha256)"'

# 2. Also check the package metadata
curl -s "https://pypi.org/pypi/corneto/1.0.0a0/json" | jq -r '.info.version'

Length of output: 412

---

26-28: 🛠️ Refactor suggestion

Consider relaxing numpy version constraint

The current numpy constraint >=1.15,<2.0.0 is quite wide, while other dependencies are more strictly pinned. This might lead to compatibility issues since numpy has breaking changes between minor versions. Consider aligning the numpy constraint with the minimum version required by your other dependencies (cvxpy-base and scipy).

✅ Verification successful

The numpy version constraint is appropriate

The wide numpy version constraint >=1.15,<2.0.0 is actually reasonable in this context. The codebase shows no direct numpy imports or usage that would require a more restrictive version range. Since numpy maintains strong backward compatibility and the package appears to use it only through its dependencies (cvxpy-base and scipy), the current constraint allows for flexibility while preventing potential issues with a future numpy 2.0 release.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check minimum numpy versions required by dependencies
# Expected results: Find numpy version requirements in dependency packages

rg -A 5 "numpy.*dependency" || rg -A 5 "numpy.*requires"

Length of output: 49379

---

Script:

#!/bin/bash
# Check minimum numpy version requirements in setup files and requirements
fd -e txt -e yaml -e toml -e in "requirements|setup|pyproject" -x rg -l "numpy.*[>=<]"

# Check for imports and usage of numpy in the codebase
rg -l "import.*numpy|from numpy" 

# Check for specific numpy features/functions used
rg "numpy\.[a-zA-Z]+" -l

Length of output: 1648

---

Script:

#!/bin/bash
# Check the actual numpy usage in the package's source code
fd -e py -x rg -l "import.*numpy|from numpy" {} \;

# Check if there are any specific numpy version requirements in the package's tests
fd -e py "test_.*" -x rg -l "numpy.*[>=<]" {} \;

# Look for any numpy-related dependencies in setup files
rg -l "numpy" pyproject.toml setup.py setup.cfg 2>/dev/null || true

Length of output: 164

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

recipes/corneto/meta.yaml (1)

31-37: Enhance test coverage

The current test section only verifies basic import. Consider adding:

1. Functional tests if available in the package
2. Command-line interface tests if the package provides any

 test:
   imports:
     - corneto
   commands:
     - pip check
+    - python -c "import corneto; print(corneto.__version__)"
   requires:
     - pip

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 16850dc and d9c5a62.

📒 Files selected for processing (1)

• recipes/corneto/meta.yaml (1 hunks)

🧰 Additional context used

🪛 yamllint

recipes/corneto/meta.yaml

[error] 1-1: syntax error: found character '%' that cannot start any token

(syntax)

🔇 Additional comments (4)

recipes/corneto/meta.yaml (4)

8-10: Verify source integrity and accessibility

The source URL and checksum need verification to ensure they are correct and accessible.

#!/bin/bash
# Verify the source URL is accessible and checksum matches
URL="https://pypi.org/packages/source/c/corneto/corneto-1.0.0a0.tar.gz"
EXPECTED_SHA="966d50762f92047ea4e5d1a136607f20ae9ec1d585530a24ad5c95e700b24180"

# Check if URL is accessible
curl -sI "$URL" | head -n 1

# Download and verify checksum
echo "Expected SHA256: $EXPECTED_SHA"
echo "Actual SHA256: $(curl -sL "$URL" | sha256sum | cut -d' ' -f1)"

---

39-47: Verify license file and consider additional maintainers

1. Please verify that the LICENSE file exists in the source package
2. Consider adding more maintainers to ensure continued package maintenance

---

1-6: Verify the alpha version selection

The package version is set to an alpha release (1.0.0a0). Given this is intended for production use in Bioconda, please confirm if using an alpha version is appropriate. Alpha releases may contain breaking changes or unstable features.

✅ Verification successful

Let me try another approach to verify the package information.

---

Let me check the actual releases to understand what versions are available.

---

Alpha version is appropriate for this package

The alpha version (1.0.0a0) is actually the latest release of the package, uploaded on September 18, 2024. This aligns with the package's current development status, as evidenced by their PyPI description which explicitly states: "⚠️ Disclaimer: This is an early preview of the CORNETO library. CORNETO is under active development and has not yet reached a stable release for end users". Using the alpha version is appropriate in this case.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if there are more stable versions available on PyPI
curl -s https://pypi.org/pypi/corneto/json | jq -r '.releases | keys[]' | sort -V

Length of output: 653

---

Script:

#!/bin/bash
# Check PyPI API directly for package information
curl -s https://pypi.org/pypi/corneto/json | jq '.info.version, .info.description, .info.home_page'

# Check if this is the only version available
curl -s https://pypi.org/pypi/corneto/json | jq '.releases | keys | length'

Length of output: 3875

---

Script:

#!/bin/bash
# Get all available versions and their upload dates
curl -s https://pypi.org/pypi/corneto/json | jq -r '.releases | keys[] as $k | "\($k) \(.[$k][0].upload_time)"' | sort -V

Length of output: 238

🧰 Tools

🪛 yamllint

[error] 1-1: syntax error: found character '%' that cannot start any token

(syntax)

---

19-29: Verify scipy as a run_constrained dependency

The use of run_constrained for scipy is unusual. If scipy is required for core functionality, it should be moved to run requirements. If it's truly optional, consider documenting this in the package description.

✅ Verification successful

The use of run_constrained for scipy is appropriate

The run_constrained specification for scipy in the recipe is correct. This directive is used in conda-forge to specify version constraints for indirect dependencies that are pulled in through other packages (like cvxpy-base) without making them direct dependencies. Since scipy is not directly imported in the package but is likely a dependency of cvxpy-base, using run_constrained helps maintain consistent version requirements across the dependency tree without creating unnecessary direct dependencies.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for scipy imports in the package
curl -sL "https://pypi.org/packages/source/c/corneto/corneto-1.0.0a0.tar.gz" | \
  tar xz -O | grep -r "import scipy" || echo "No direct scipy imports found"

Length of output: 221

---

Script:

#!/bin/bash
# Search for scipy imports and usage in the repository
rg -l "scipy" || echo "No files containing scipy found"

# Search for specific scipy imports
rg "import scipy|from scipy" -A 2 || echo "No scipy imports found"

# Look for potential scipy dependencies in setup files
rg "scipy" -g "*setup*" -g "*pyproject*" -g "*requirements*" || echo "No scipy mentions in dependency files"

Length of output: 21307

---

Script:

#!/bin/bash
# Search for scipy usage specifically in corneto package files
rg "scipy" recipes/corneto/ -A 2 || echo "No scipy mentions in corneto recipe"

# Look for any documentation about scipy dependency
fd README -e md | xargs rg "scipy" || echo "No scipy mentions in README files"

# Check if scipy is a dependency in any pyproject.toml or setup files
fd "pyproject.toml|setup.py|setup.cfg" | xargs rg "scipy" || echo "No scipy mentions in project setup files"

Length of output: 542

[coderabbitai]

🛠️ Refactor suggestion

Consider relaxing version pinning for alpha release

The current run_exports configuration with max_pin="x.x.x" creates a strict version constraint. For an alpha release, consider using a more relaxed pinning strategy (e.g., x.x) to allow for rapid iterations while maintaining compatibility.

  run_exports:
-    - {{ pin_subpackage("corneto", max_pin="x.x.x") }}
+    - {{ pin_subpackage("corneto", max_pin="x.x") }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	build:
	noarch: python
	script: {{ PYTHON }} -m pip install . -vv --no-deps --no-build-isolation
	number: 0
	run_exports:
	- {{ pin_subpackage("corneto", max_pin="x.x.x") }}
	build:
	noarch: python
	script: {{ PYTHON }} -m pip install . -vv --no-deps --no-build-isolation
	number: 0
	run_exports:
	- {{ pin_subpackage("corneto", max_pin="x.x") }}

[bgruening]

@BiocondaBot please fetch artifacts

[BiocondaBot]

Package(s) built are ready for inspection:

Arch	Package	Zip File / Repodata	CI	Instructions
noarch	corneto-1.0.0a0-pyhdfd78af_0.tar.bz2	noarch.zip	GitHub Actions	show You may also use conda to install after downloading and extracting the zip file. conda install -c ./packages <package name>

[bgruening]

Please use SPDX identifiers

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between d9c5a62 and 10decf5.

📒 Files selected for processing (1)

• recipes/corneto/meta.yaml (1 hunks)

🧰 Additional context used

🪛 yamllint

recipes/corneto/meta.yaml

[error] 1-1: syntax error: found character '%' that cannot start any token

(syntax)

🔇 Additional comments (2)

recipes/corneto/meta.yaml (2)

27-27: Verify cvxpy-base compatibility

The recipe uses cvxpy-base instead of cvxpy. Let's verify this is intentional and matches the package's requirements:

---

9-10: Verify package URL and checksum

The URL and checksum look correct, but let's verify:

[coderabbitai]

🛠️ Refactor suggestion

Consider enhancing test coverage

While the basic import test is good, consider adding more comprehensive tests to verify functionality:

 test:
   imports:
     - corneto
   commands:
     - pip check
+    - python -c "import corneto; assert corneto.__version__ == '1.0.0a0'"
   requires:
     - pip

Committable suggestion was skipped due to low confidence.

[nilchia]

@BiocondaBot please fetch artifacts

[BiocondaBot]

Package(s) built are ready for inspection:

Arch	Package	Zip File / Repodata	CI	Instructions
noarch	corneto-1.0.0a0-pyhdfd78af_0.tar.bz2	noarch.zip	GitHub Actions	show You may also use conda to install after downloading and extracting the zip file. conda install -c ./packages <package name>