version: '3.8'

# ==========================================
# SAAP Docker Compose - Production Override
# Usage: docker-compose -f docker-compose.yml -f docker-compose.prod.yml up -d
# ==========================================

services:
  # PostgreSQL - Production Settings
  postgres:
    environment:
      POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C --data-checksums"
    volumes:
      # Production: Use named volume without host mount
      - postgres_data:/var/lib/postgresql/data
    # Remove port exposure for security (only accessible within network)
    ports: []
    command:
      - "postgres"
      - "-c"
      - "shared_buffers=256MB"
      - "-c"
      - "max_connections=100"
      - "-c"
      - "work_mem=4MB"
      - "-c"
      - "maintenance_work_mem=64MB"
      - "-c"
      - "effective_cache_size=1GB"
      - "-c"
      - "log_statement=all"
      - "-c"
      - "log_duration=on"

  # Backend - Production Settings
  backend:
    # Use pre-built image from registry instead of building
    image: ghcr.io/satwareag/saap/backend:latest
    build:
      context: ./backend
      dockerfile: Dockerfile
      target: runtime
    environment:
      # Override development settings
      ENVIRONMENT: production
      DEBUG: "false"
      LOG_LEVEL: WARNING
      
      # Production CORS (whitelist specific domains)
      CORS_ORIGINS: ${CORS_ORIGINS:-http://localhost}
      
      # Production workers
      WORKERS: ${WORKERS:-4}
      
    volumes:
      # Remove source code mount - use image only
      - backend_logs:/app/logs
    # Remove port exposure for security (accessed via frontend proxy)
    ports: []

  # Frontend - Production Settings
  frontend:
    # Use pre-built image from registry instead of building
    image: ghcr.io/satwareag/saap/frontend:latest
    build:
      context: ./frontend
      dockerfile: Dockerfile
      target: runtime
    environment:
      # Production API URL (internal network)
      VITE_API_BASE_URL: http://backend:8000
      VITE_WS_URL: ws://backend:8000/ws
    ports:
      # Expose only frontend port
      - "80:80"

# Production volumes with backup labels
volumes:
  postgres_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ${DATA_PATH:-./data}/postgres
    labels:
      - "backup.enable=true"
      - "backup.frequency=daily"
  backend_logs:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: ${DATA_PATH:-./data}/logs
    labels:
      - "backup.enable=true"
      - "backup.frequency=weekly"