nipreps
diff --git a/‎docs/apps/docker.md
Lines changed: 154 additions & 0 deletions b/‎docs/apps/docker.md
Lines changed: 154 additions & 0 deletions
diff --git a/‎docs/apps/framework.md
Lines changed: 89 additions & 0 deletions b/‎docs/apps/framework.md
Lines changed: 89 additions & 0 deletions
@@ -0,0 +1,154 @@
+!!! important "Summary"
+
+    Here, we describe how to run *NiPreps* with Docker containers.
+    To illustrate the process, we will show the execution of *fMRIPrep*, but these guidelines extend to any other end-user *NiPrep*.
+
+## Before you start: install Docker
+
+Probably, the most popular framework to execute containers is Docker.
+If you are to run a *NiPrep* on your PC/laptop, this is the **RECOMMENDED** way of execution.
+Please make sure you follow the Docker installation instructions.
+You can check your Docker Runtime installation running their `hello-world` image:
+
+```Shell
+$ docker run --rm hello-world
+```
+
+If you have a functional installation, then you should obtain the following output:
+
+```Shell
+Hello from Docker!
+This message shows that your installation appears to be working correctly.
+
+To generate this message, Docker took the following steps:
+ 1. The Docker client contacted the Docker daemon.
+ 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
+    (amd64)
+ 3. The Docker daemon created a new container from that image which runs the
+    executable that produces the output you are currently reading.
+ 4. The Docker daemon streamed that output to the Docker client, which sent it
+    to your terminal.
+
+To try something more ambitious, you can run an Ubuntu container with:
+ $ docker run -it ubuntu bash
+
+Share images, automate workflows, and more with a free Docker ID:
+ https://hub.docker.com/
+
+For more examples and ideas, visit:
+ https://docs.docker.com/get-started/
+```
+
+After checking your Docker Engine is capable of running Docker images, you are ready to pull your first *NiPreps* container image.
+
+## Docker images
+
+For every new version of the particular *NiPrep* app that is released, a corresponding Docker image is generated.
+The Docker image *becomes* a container when the execution engine loads the image and adds an extra layer that makes it *runnable*. In order to run *NiPreps* Docker images, the Docker Runtime must be installed.
+<!-- (see `installation_docker`{.interpreted-text
+role="ref"}).-->
+
+Taking *fMRIPrep* to illustrate the usage, first you might want to make sure of the exact version of the tool to be used:
+
+``` Shell
+$ docker pull poldracklab/fmriprep:<latest-version>
+```
+
+You can run *NiPreps* interacting directly with the Docker Engine via the `docker run` interface.
+
+
+## Running a *NiPrep* with a lightweight wrapper
+
+Some *NiPreps* include a lightweight wrapper script for convenience.
+That is the case of *fMRIPrep* and its `fmriprep-docker` wrapper.
+Before starting, make sure you [have the wrapper installed](https://fmriprep.readthedocs.io/en/latest/installation.html#the-fmriprep-docker-wrapper).
+When you run `fmriprep-docker`, it will generate a Docker command line for you, print it out for reporting purposes, and then execute it without further action needed, e.g.:
+
+``` Shell
+$ fmriprep-docker /path/to/data/dir /path/to/output/dir participant
+RUNNING: docker run --rm -it -v /path/to/data/dir:/data:ro \
+    -v /path/to_output/dir:/out poldracklab/fmriprep:1.0.0 \
+    /data /out participant
+...
+```
+
+`fmriprep-docker` implements [the unified command-line interface of BIDS Apps](framework.md#a-unified-command-line-interface), and automatically translates directories into Docker mount points for you.
+
+We have published a [step-by-step tutorial](http://reproducibility.stanford.edu/fmriprep-tutorial-running-the-docker-image/) illustrating how to run `fmriprep-docker`.
+This tutorial also provides valuable troubleshooting insights and advice on what to do after
+*fMRIPrep* has run.
+
+## Running a *NiPrep* directly interacting with the Docker Engine
+
+If you need a finer control over the container execution, or you feel comfortable with the Docker Engine, avoiding the extra software layer of the wrapper might be a good decision.
+
+**Accessing filesystems in the host within the container**:
+Containers are confined in a sandbox, so they can't access the host in any ways
+unless you explicitly prescribe acceptable accesses to the host. The
+Docker Engine provides mounting filesystems into the container with the
+`-v` argument and the following syntax:
+`-v some/path/in/host:/absolute/path/within/container:ro`, where the
+trailing `:ro` specifies that the mount is read-only. The mount
+permissions modifiers can be omitted, which means the mount will have
+read-write permissions. In general, you'll want to at least provide two
+mount-points: one set in read-only mode for the input data and one
+read/write to store the outputs. Potentially, you'll want to provide
+one or two more mount-points: one for the working directory, in case you
+need to debug some issue or reuse pre-cached results; and a
+[TemplateFlow](https://www.templateflow.org) folder to preempt the
+download of your favorite templates in every run.
+
+**Running containers as a user**:
+By default, Docker will run the
+container as **root**. Some share systems my limit this feature and only
+allow running containers as a user. When the container is run as
+**root**, files written out to filesystems mounted from the host will
+have the user id `1000` by default. In other words, you'll need to be
+able to run as root in the host to change permissions or manage these
+files. Alternatively, running as a user allows preempting these
+permissions issues. It is possible to run as a user with the `-u`
+argument. In general, we will want to use the same user ID as the
+running user in the host to ensure the ownership of files written during
+the container execution. Therefore, you will generally run the container
+with `-u $( id -u )`.
+
+You may also invoke `docker` directly:
+
+``` Shell
+$ docker run -ti --rm \
+    -v path/to/data:/data:ro \
+    -v path/to/output:/out \
+    poldracklab/fmriprep:<latest-version> \
+    /data /out/out \
+    participant
+```
+
+For example: :
+
+```
+$ docker run -ti --rm \
+    -v $HOME/ds005:/data:ro \
+    -v $HOME/ds005/derivatives:/out \
+    -v $HOME/tmp/ds005-workdir:/work \
+    poldracklab/fmriprep:<latest-version> \
+    /data /out/fmriprep-<latest-version> \
+    participant \
+    -w /work
+```
+
+Once the Docker Engine arguments are written, the remainder of the
+command line follows the [usage](https://fmriprep.readthedocs.io/en/latest/usage.html).
+In other words, the first section of the command line is all equivalent to the
+`fmriprep` executable in a *bare-metal* installation: :
+
+``` Shell
+$ docker run -ti --rm \                      # These lines
+    -v $HOME/ds005:/data:ro \                # are equivalent to
+    -v $HOME/ds005/derivatives:/out \        # a call to the App's
+    -v $HOME/tmp/ds005-workdir:/work \       # entry-point.
+    poldracklab/fmriprep:<latest-version> \  #
+    \
+    /data /out/fmriprep-<latest-version> \   # These lines correspond
+    participant \                            # to the particular BIDS
+    -w /work                                 # App arguments.
+```
@@ -0,0 +1,89 @@
+
+## What is BIDS?
+
+[The Brain Imaging Data Structure (BIDS)][bids] is a standard for organizing and describing
+brain datasets, including MRI.
+The common naming convention and folder structure allow researchers to easily reuse BIDS datasets, re-apply analysis protocols, and run standardized automatic data preprocessing pipelines (and particularly, BIDS Apps).
+The [BIDS starter-kit](https://github.com/bids-standard/bids-starter-kit) contains a wide collection of educational resources.
+Validity of the structure can be assessed with the online [BIDS-Validator](https://bids-standard.github.io/bidsvalidator/).
+The tree of a typical, valid (*BIDS-compliant*) dataset is shown below:
+
+```
+ds000003/
+ ├─ CHANGES
+ ├─ dataset_description.json
+ ├─ participants.tsv
+ ├─ README
+ ├─ sub-01/
+ │ ├─ anat/
+ │ │ ├─ sub-01_inplaneT2.nii.gz
+ │ │ └─ sub-01_T1w.nii.gz
+ │ └─ func/
+ │ ├─ sub-01_task-rhymejudgment_bold.nii.gz
+ │ └─ sub-01_task-rhymejudgment_events.tsv
+ ├─ sub-02/
+ ├─ sub-03/
+```
+
+## What is a BIDS App?
+
+(Taken from the [BIDS Apps paper][bidsapps_paper])
+
+A BIDS App is a container image capturing a neuroimaging pipeline that takes a BIDS-formatted dataset as input.
+Since the input is a whole dataset, apps are able to combine multiple modalities, sessions, and/or subjects, but at the same time need to implement ways to query input datasets.
+Each BIDS App has the same core set of command-line arguments, making them easy to run and integrate into automated platforms.
+BIDS Apps are constructed in a way that does not depend on any software outside of the container image other than the container engine.
+
+BIDS Apps rely upon two technologies for container computing:
+
+1. [Docker] — for building, hosting as well as running containers on local hardware (running Windows, Mac OS X or Linux) or in the cloud.
+1. [Singularity] — for running containers on HPCs (high-performance computing).
+
+BIDS Apps are deposited in the [Docker Hub] repository, making them openly accessible. Each app is versioned and all of the historical versions are available to download. By reporting the BIDS App name and version in a manuscript, authors can provide others with the ability to exactly replicate their analysis workflow.
+
+Docker is used for its excellent documentation, maturity, and the Docker Hub service for storage and distribution of the images.
+Docker containers are easily run on personal computers and cloud services.
+However, the [Docker Runtime] was originally designed to run different components of web services (HTTP servers, databases etc.) using cloud resources.
+Docker thus requires root or root-like permissions, as well as modern versions of Linux kernel (to perform user mapping and management of network resources); though this is not a problem in context of renting cloud resources (which are not shared with other users), it makes it difficult or impossible to use in a multi-tenant environment such as an HPC system, which is often the most cost-effective computational resource available to researchers.
+
+Singularity, on the other hand, is a unique container technology designed from the ground up with the encapsulation of binary dependencies and HPC use in mind.
+Its main advantage over Docker is that it does not require root access for container execution and thus is safe to use on multi-tenant systems.
+In addition, it does not require recent Linux kernel functionalities (such as namespaces, cgroups and capabilities), making it easy to install on legacy systems.
+
+## Analysis levels
+BIDS Apps decouple the individual level analysis (processing of independent subjects) from group-level analyses aggregating participants.
+For the analysis of individual subjects, Apps need to understand the BIDS structure of the input dataset, so that the required inputs for the designated subject are found.
+Apps are designed to easily process derivatives generated by the participant-level or other Apps.
+The overall workflow has an entry-point and an end-point responsible of setting-up the map-reduce tasks and the tear-down including organizing the outputs for its archiving, respectively.
+Each App may implement multiple map and reduce steps.
+
+![Apps](../assets/journal.pcbi.1005209.g002.png)
+
+## A unified command-line interface
+
+To improve user experience and ability to integrate BIDS Apps into various computational platforms, each App follows a set of core command-line arguments:
+
+``` Shell
+$ <entrypoint> <bids_dataset> <output_path> <analysis_level>
+```
+
+For instance, to run *fMRIPrep* on a dataset located in `/data/bids_root` and write the outputs to `/data/bids_root/derivatives/`:
+
+``` Shell
+$ fmriprep /data/bids_root /data/bids_root/derivatives/ participant
+```
+
+In this case, we have selected to run the `participant` level (to process individual subjects).
+*fMRIPrep* does not have a `group` level, but other BIDS Apps may have.
+For instance, *MRIQC* generates group-level reports with the following command-line:
+
+``` Shell
+$ mriqc /data/bids_root /data/bids_root/derivatives/ group
+```
+
+[bids]: https://bids.neuroimaging.io/
+[bidsapps_paper]: https://doi.org/10.1371/journal.pcbi.1005209
+[Singularity]: https://sylabs.io/singularity/
+[Docker]: https://docker.com
+[Docker Runtime]: https://www.docker.com/products/container-runtime
+[Docker Hub]: http://hub.docker.com