version: '3.8'

services:
  # PostgreSQL Database - Production
  postgres:
    image: postgres:16-alpine
    container_name: bmc-hub-postgres-${STACK_NAME:-prod}
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      # Mount all migration files for initialization
      - ./migrations:/docker-entrypoint-initdb.d:ro
    # Optional: publish Postgres to the host.
    # Default binds to localhost for safety; set POSTGRES_BIND_ADDR=0.0.0.0 (or host IP)
    # if the API container can't reach Postgres via the bridge network (Podman netavark issue).
    ports:
      - "${POSTGRES_BIND_ADDR:-127.0.0.1}:${POSTGRES_PORT:-5432}:5432"
    restart: always
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - bmc-hub-network

  # FastAPI Application - Production with Gitea Release
  api:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        RELEASE_VERSION: ${RELEASE_VERSION:-latest}
        GITHUB_TOKEN: ${GITHUB_TOKEN}
        GITHUB_REPO: ${GITHUB_REPO:-ct/bmc_hub}
    container_name: bmc-hub-api-${STACK_NAME:-prod}
    depends_on:
      - postgres
    ports:
      - "${API_PORT:-8000}:8000"
    volumes:
      # Data persistence (NO source code in production)
      - ./logs:/app/logs
      - ./uploads:/app/uploads
      - ./data:/app/data
    env_file:
      - .env
    environment:
      # Override database URL to point to postgres service (or host fallback).
      # Set POSTGRES_HOST=host.containers.internal if bridge networking is broken.
      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST:-postgres}:5432/${POSTGRES_DB}
      - ENABLE_RELOAD=false
    restart: always
    # Podman rootless: map container user namespace to the host user.
    # This avoids permission issues on bind-mounted folders like ./uploads and ./logs.
    userns_mode: "keep-id"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    networks:
      - bmc-hub-network
    labels:
      - "com.bmcnetworks.app=bmc-hub"
      - "com.bmcnetworks.version=${RELEASE_VERSION:-latest}"
      - "com.bmcnetworks.environment=production"

networks:
  bmc-hub-network:
    driver: bridge

volumes:
  postgres_data:
    driver: local