Merge branch 'dev' into optional-title-abstract

.gitlab-ci.yml

-# The Docker image that will be used to build your app
-image: node:19.5-bullseye-slim
 # Functions that should be executed before the build script is run
 
+variables:
+  HELM_VERSION: "3.9.3"
+  IMAGE_NAME: "df-wiki"
+
 cache:
   paths:
     - node_modules/
@@ -10,28 +12,89 @@ stages:
   - build
   - deploy
 
-build:
+.build:
   stage: build
+  image: docker:24
+  variables:
+    CONTEXT: "."
+    DOCKERFILE: "Dockerfile"
+    BASE_URL: /wiki/
   before_script:
-    - npm ci
+    - i=0; while [ "$i" -lt 12 ]; do docker info && break; sleep 5; i=$(( i + 1 )) ; done
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - NUXT_APP_BASE_URL=/wiki/ npm run generate
-  artifacts:
-    paths:
-      - .output/public
-    untracked: false
-    when: on_success
-    expire_in: "30 days"
-
-pages:
+    - docker build --pull -t "$CI_REGISTRY_IMAGE/$IMAGE_NAME:$CI_COMMIT_SHORT_SHA" --build-arg "BASE_URL=$BASE_URL" -f $DOCKERFILE $CONTEXT
+    - docker push "$CI_REGISTRY_IMAGE/$IMAGE_NAME:$CI_COMMIT_SHORT_SHA"
+
+# build:
+#   stage: build
+#   before_script:
+#     - npm ci
+#   script:
+#     - NUXT_APP_BASE_URL=/wiki/ npm run generate
+#   artifacts:
+#     paths:
+#       - .output/public
+#     untracked: false
+#     when: on_success
+#     expire_in: "30 days"
+
+build:dev:
+  extends: .build
+  rules:
+    - if: $CI_COMMIT_BRANCH != "main"
+
+.deploy:
+  stage: deploy
+  image: harbor.pasteur.fr/kube-system/helm-kubectl:$HELM_VERSION
+  variables:
+    CI_DEBUG_TRACE: "true"
+    TEAM_ID: "df"
+  script:
+    - >
+      helm upgrade --install $CI_PROJECT_NAME-$CI_ENVIRONMENT_NAME ./deploy/df-wiki --namespace=${KUBE_NAMESPACE}
+      --set registry.image=${CI_REGISTRY_IMAGE}
+      --set registry.username=${DEPLOY_USER}
+      --set registry.password=${DEPLOY_TOKEN}
+      --set registry.host=${CI_REGISTRY}
+      --set imagePullSecrets[0].name="registry-pull-secret-${CI_COMMIT_REF_SLUG}"
+      --set image.repository="$CI_REGISTRY_IMAGE/$IMAGE_NAME"
+      --set image.tag="$CI_COMMIT_SHORT_SHA"
+      --set image.pullPolicy='Always'
+      --set env="$ENV"
+
+deploy:dev:
+  extends: .deploy
+  rules:
+    - if: $CI_COMMIT_BRANCH != "main"
+  needs:
+    - "build:dev"
+  variables:
+    NODE_ENV: "development"
+    KUBE_NAMESPACE: "defense-finder-dev"
+    PUBLIC_URL: "defense-finder.dev.pasteur.cloud"
+    INGRESS_CLASS: "internal"
+    AUTOSCALE: "true"
+    AUTSCALING_MIN_REPLICAS: "1"
+    AUTSCALING_MAX_REPLICAS: "4"
+    ENV: "development"
+  environment:
+    name: k8sdev-01
+    url: "https://defense-finder.dev.pasteur.cloud"
+
+
+delete-helm-release:
+  except:
+    - master
   stage: deploy
-  only:
-    - main
+  when: manual
+  image: harbor.pasteur.fr/kube-system/helm-kubectl:$HELM_VERSION
+  variables:
+    GIT_STRATEGY: none # important to not checkout source when branch is deleted
+    NAMESPACE: "defense-finder-dev"
+  environment:
+    name: "k8sdev-01"
+    action: stop
   script:
-    - NUXT_APP_BASE_URL=/wiki npm run generate
-    - rm -rf public
-    - mv .output/public public
-  artifacts:
-    paths:
-      # The folder that contains the files to be exposed at the Page URL
-      - public
+    - echo "Removing $CI_PROJECT_NAME-$CI_ENVIRONMENT_NAME"
+    - helm delete -n ${NAMESPACE} $CI_PROJECT_NAME-$CI_ENVIRONMENT_NAME

Dockerfile

 ### Stage Install ###
 FROM node:19.5-bullseye-slim as install
 
-RUN mkdir /usr/src/app
+
+
 WORKDIR /usr/src/app
 ENV PATH /usr/src/app/node_modules/.bin:$PATH
 COPY package*.json ./
@@ -22,13 +23,34 @@ CMD ["npm", "run", "dev"]
 ### STAGE: Build ###
 FROM node:19.5-bullseye-slim as build
 
+WORKDIR /usr/src/app
+COPY --from=install /usr/src/app ./
+COPY . /usr/src/app
+RUN npm run build
+
+### STAGE: serve ###
+FROM node:19.5-bullseye-slim as serve
+
+WORKDIR /usr/src/app
+COPY --from=build /usr/src/app/.output ./
+
+CMD [ "node", "server/index.mjs"]
+
+
+### STAGE: Generate ###
+FROM node:19.5-bullseye-slim as generate
+ARG BASE_URL=/
+
+ENV NUXT_APP_BASE_URL=${BASE_URL}
+
 WORKDIR /usr/src/app
 COPY --from=install /usr/src/app ./
 COPY . /usr/src/app
 RUN npm run generate
 
 ### STAGE: NGINX ###
-FROM nginx:stable-alpine
-COPY --from=build /usr/src/app/dist /usr/share/nginx/html
-EXPOSE 80
+FROM nginxinc/nginx-unprivileged:1.25
+# RUN rm -rf /usr/share/nginx/html/*
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=generate /usr/src/app/.output/public /etc/nginx/html
 CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file

content/2.defense-systems/0.index.md

@@ -11,23 +11,7 @@ The knowledge of anti-phage defense systems is ever expanding. The spectacular i
 
 
 
-::list-systems
----
-systems:
-    - system: Paris
-      dois: 
-        - 10.1101/2021.01.21.427644
-    - system: AbiE
-      dois: 
-        - 10.1093/nar/gkt1419
-    - system: AVAST
-      dois: 
-        - 10.1126/science.aba0372
-    - system: RM
-      dois:
-        - 10.1093/nar/gku734
----
-::
+
 
 
 

content/2.defense-systems/abic.md

 ---
 title: AbiC
-
 ---
 
 The AbiC system is composed of one protein: AbiC.

content/2.defense-systems/abid.md

 ---
 title: AbiD
-
 ---
 
 The AbiD system is composed of one protein: AbiD.

content/2.defense-systems/abie.md

 ---
 title: AbiE
-
 ---
 
 AbiE is a family of an anti-phage defense systems. They act through a Toxin-Antitoxin mechanism, and are comprised of a pair of genes, with one gene being toxic while the other confers immunity to this toxicity. 

content/2.defense-systems/abig.md

 ---
 title: AbiG
-
 ---
 
 The AbiG system is composed of 2 proteins: AbiGi and, AbiGii.

content/2.defense-systems/brex.md

@@ -4,13 +4,13 @@ title: BREX
 
 ## Description
 
-BREX (for Bacteriophage Exclusion) is a family of anti-phage defense systems. BREX systems are active against both lytic and lysogenic phages. They allow phage adsorption but block phage DNA replication, and are considered to be [RM](/list_defense_systems/RM)-like systems (1,2). BREX systems are found in around 10% of sequenced microbial genomes (1).
+BREX (for Bacteriophage Exclusion) is a family of anti-phage defense systems. BREX systems are active against both lytic and lysogenic phages. They allow phage adsorption but block phage DNA replication, and are considered to be [RM](/defense-systems/rm)-like systems (1,2). BREX systems are found in around 10% of sequenced microbial genomes (1).
 
 BREX systems can be divided into six subtypes, and are encoded by 4 to 8 genes, some of these genes being mandatory while others are subtype-specific (1).
 
 ## Molecular mechanism
 
-*B. cereus* BREX Type 1 system was reported to methylate target motifs in the bacterial genome (1). The methylation activity of this system has been hypothesized to allow for self from non-self discrimination, as it is the case for Restriction-Modification ([RM)](/list_defense_systems/RM) systems. 
+*B. cereus* BREX Type 1 system was reported to methylate target motifs in the bacterial genome (1). The methylation activity of this system has been hypothesized to allow for self from non-self discrimination, as it is the case for Restriction-Modification ([RM)](/defense-systems/rm) systems. 
 
 However, the mechanism through which BREX Type 1 systems defend against phages is distinct from RM systems, and does not seem to degrade phage nucleic acids (1). 
 

content/2.defense-systems/disarm.md

@@ -6,7 +6,7 @@ title: DISARM
 
 DISARM (Defense Island System Associated with Restriction-Modification) is a defense system widespread in prokaryotes, encoded by a 5-gene cassette. DISARM provides broad protection against double-stranded DNA phages, including siphophages, myophages, and podophages (1,3).
 
- It was reported to restrict incoming phage DNA and methylate the bacterial host DNA, which could be responsible for self from non-self discrimination (1). This suggests a [Restriction-Modification](/list_defense_systems/RM)-like (RM-like) mechanism, yet some pieces of experimental evidence hint that DISARM actually acts through a novel and uncharacterized molecular mechanism (1,2).
+ It was reported to restrict incoming phage DNA and methylate the bacterial host DNA, which could be responsible for self from non-self discrimination (1). This suggests a [Restriction-Modification](/defense-systems/rm)-like (RM-like) mechanism, yet some pieces of experimental evidence hint that DISARM actually acts through a novel and uncharacterized molecular mechanism (1,2).
 
 ## Molecular mechanism
 

content/2.defense-systems/rst_paris.md

 ---
 title: Rst_PARIS
-
 ---
 
 ## Description
 
 PARIS (for Phage Anti-Restriction-Induced System) is a novel anti-phage system. PARIS is found in 4% of prokaryotic genomes. It comprises an ATPase associated with a DUF4435 protein, which can be found either as a two-gene cassette or a single-gene fusion (1).
 
-This system relies on an unknown [Abortive infection](/general_concepts/Abi) mechanism to trigger growth arrest upon sensing a phage-encoded protein (Ocr). Interestingly, the Ocr protein has been found to inhibit R-M systems and BREX systems, making PARIS a suitable defense mechanism against RM resistant and/or BREX resistant phages (1, 2, 3). 
+This system relies on an unknown [Abortive infection](/general-concepts/abortive-infection) mechanism to trigger growth arrest upon sensing a phage-encoded protein (Ocr). Interestingly, the Ocr protein has been found to inhibit R-M systems and BREX systems, making PARIS a suitable defense mechanism against RM resistant and/or BREX resistant phages (1, 2, 3). 
 
 ## Example of genomic structure
 

deploy/df-wiki/.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/df-wiki/Chart.yaml

+apiVersion: v2
+name: df-wiki
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

deploy/df-wiki/templates/NOTES.txt

+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "df-wiki.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "df-wiki.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "df-wiki.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "df-wiki.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

deploy/df-wiki/templates/_helpers.tpl

+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "df-wiki.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "df-wiki.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "df-wiki.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "df-wiki.labels" -}}
+helm.sh/chart: {{ include "df-wiki.chart" . }}
+{{ include "df-wiki.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "df-wiki.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "df-wiki.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "df-wiki.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "df-wiki.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

deploy/df-wiki/templates/deployment.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "df-wiki.fullname" . }}
+  labels:
+    {{- include "df-wiki.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "df-wiki.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "df-wiki.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "df-wiki.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

deploy/df-wiki/templates/hpa.yaml

+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "df-wiki.fullname" . }}
+  labels:
+    {{- include "df-wiki.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "df-wiki.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

deploy/df-wiki/templates/ingress.yaml

+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "df-wiki.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "df-wiki.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}

deploy/df-wiki/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "df-wiki.fullname" . }}
+  labels:
+    {{- include "df-wiki.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "df-wiki.selectorLabels" . | nindent 4 }}

deploy/df-wiki/templates/serviceaccount.yaml

+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "df-wiki.serviceAccountName" . }}
+  labels:
+    {{- include "df-wiki.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

deploy/df-wiki/templates/tests/test-connection.yaml

+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "df-wiki.fullname" . }}-test-connection"
+  labels:
+    {{- include "df-wiki.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "df-wiki.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never