version: "3.9"

# Production service topology. For local JVM dev mode see docker-compose.override.yml (Block 5 / I-02).
# Images are built and pushed by CI (Block 5 / I-21); Dockerfiles are Block 5-6 (I-04 to I-06).

services:

  db:
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ${APIX_DB_USER:-apix}
      POSTGRES_PASSWORD: ${APIX_DB_PASSWORD:-apix}
      POSTGRES_DB: ${APIX_DB_NAME:-apix}
    ports:
      - "${APIX_DB_PORT:-5432}:5432"
    volumes:
      - db_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${APIX_DB_USER:-apix}"]
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped

  registry:
    image: apix-registry:latest
    ports:
      - "8180:8180"
    environment:
      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://db:5432/${APIX_DB_NAME:-apix}
      QUARKUS_DATASOURCE_USERNAME: ${APIX_DB_USER:-apix}
      QUARKUS_DATASOURCE_PASSWORD: ${APIX_DB_PASSWORD:-apix}
      APIX_API_KEY: ${APIX_API_KEY}
      GLEIF_API_URL: ${GLEIF_API_URL:-https://api.gleif.org/api/v1}
      OPENCORPORATES_API_KEY: ${OPENCORPORATES_API_KEY:-}
      SANCTIONS_CACHE_PATH: /app/sanctions
      LOG_LEVEL: ${LOG_LEVEL:-INFO}
    volumes:
      - sanctions_cache:/app/sanctions
    depends_on:
      db:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://localhost:8180/q/health/live || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
    restart: unless-stopped

  # Internal only — no public port exposure
  spider:
    image: apix-spider:latest
    environment:
      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://db:5432/${APIX_DB_NAME:-apix}
      QUARKUS_DATASOURCE_USERNAME: ${APIX_DB_USER:-apix}
      QUARKUS_DATASOURCE_PASSWORD: ${APIX_DB_PASSWORD:-apix}
      SPIDER_INTERVAL_MINUTES: ${SPIDER_INTERVAL_MINUTES:-15}
      LOG_LEVEL: ${LOG_LEVEL:-INFO}
    depends_on:
      db:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://localhost:8082/q/health/live || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
    restart: unless-stopped

  portal:
    image: apix-portal:latest
    ports:
      - "8081:8081"
    environment:
      REGISTRY_BASE_URL: http://registry:8180
      LOG_LEVEL: ${LOG_LEVEL:-INFO}
    depends_on:
      - registry
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://localhost:8081/q/health/live || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
    restart: unless-stopped

  caddy:
    image: caddy:2-alpine
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - registry
      - portal
    restart: unless-stopped

volumes:
  db_data:
  sanctions_cache:
  caddy_data:
  caddy_config: