services:
  frontend:
    image: turftracking-frontend:${RELEASE_VERSION:-1.26.1}
    build:
      context: ./frontend
      dockerfile: Dockerfile
      args:
        VITE_API_URL: /api
    depends_on:
      - backend
    networks:
      - proxy
      - turftracker
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.turftracker-frontend.rule=Host(`turftracker.kaspers.us`)"
      - "traefik.http.routers.turftracker-frontend.entrypoints=websecure"
      - "traefik.http.routers.turftracker-frontend.tls.certresolver=letsencrypt"
      - "traefik.http.services.turftracker-frontend.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"
      - "traefik.constraint=proxy-public"
    restart: unless-stopped

  backend:
    image: turftracking-backend:${RELEASE_VERSION:-1.26.1}
    build:
      context: ./backend
      dockerfile: Dockerfile
      args:
        NODE_ENV: production
    environment:
      - NODE_ENV=production
      - DB_HOST=db
      - DB_PORT=5432
      - DB_NAME=${DB_NAME:-turftracker}
      - DB_USER=${DB_USER:-turftracker}
      - DB_PASSWORD=${DB_PASSWORD:-password123}
      - JWT_SECRET=${JWT_SECRET:-dev-secret-key-change-in-production-12345}
      - AUTHENTIK_CLIENT_ID=${AUTHENTIK_CLIENT_ID:-}
      - AUTHENTIK_CLIENT_SECRET=${AUTHENTIK_CLIENT_SECRET:-}
      - AUTHENTIK_BASE_URL=${AUTHENTIK_BASE_URL:-}
      - AUTHENTIK_CALLBACK_URL=${AUTHENTIK_CALLBACK_URL:-https://turftracker.kaspers.us/api/auth/authentik/callback}
      - WEATHER_API_KEY=${WEATHER_API_KEY:-}
      - GMAIL_OAUTH_USER=${GMAIL_OAUTH_USER:-}
      - GMAIL_OAUTH_CLIENT_ID=${GMAIL_OAUTH_CLIENT_ID:-}
      - GMAIL_OAUTH_CLIENT_SECRET=${GMAIL_OAUTH_CLIENT_SECRET:-}
      - GMAIL_OAUTH_REFRESH_TOKEN=${GMAIL_OAUTH_REFRESH_TOKEN:-}
      - GMAIL_OAUTH_REDIRECT_URI=${GMAIL_OAUTH_REDIRECT_URI:-https://developers.google.com/oauthplayground}
      - EMAIL_FROM_NAME=${EMAIL_FROM_NAME:-TurfTracking}
      - EMAIL_FROM_ADDRESS=${EMAIL_FROM_ADDRESS:-}
      - FRONTEND_URL=https://turftracker.kaspers.us
    depends_on:
      db:
        condition: service_healthy
    networks:
      - proxy
      - turftracker
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.turftracker-backend.rule=Host(`turftracker.kaspers.us`) && PathPrefix(`/api`)"
      - "traefik.http.routers.turftracker-backend.entrypoints=websecure"
      - "traefik.http.routers.turftracker-backend.tls.certresolver=letsencrypt"
      - "traefik.http.services.turftracker-backend.loadbalancer.server.port=5000"
      - "traefik.docker.network=proxy"
    restart: unless-stopped

  db:
    image: postgres:15-alpine
    environment:
      - POSTGRES_USER=${DB_USER:-turftracker}
      - POSTGRES_PASSWORD=${DB_PASSWORD:-password123}
      - POSTGRES_DB=${DB_NAME:-turftracker}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-turftracker} -d ${DB_NAME:-turftracker} -h 127.0.0.1 -p 5432"]
      interval: 5s
      timeout: 5s
      retries: 20
    networks:
      - turftracker
    restart: unless-stopped

  flyway:
    image: flyway/flyway:9
    depends_on:
      db:
        condition: service_healthy
    environment:
      - FLYWAY_URL=jdbc:postgresql://db:5432/${DB_NAME:-turftracker}
      - FLYWAY_USER=${DB_USER:-turftracker}
      - FLYWAY_PASSWORD=${DB_PASSWORD:-password123}
      - FLYWAY_BASELINE_ON_MIGRATE=true
      - FLYWAY_LOCATIONS=filesystem:/migrations
    command: migrate
    volumes:
      - ./database/migrations:/migrations:ro
    networks:
      - turftracker
    profiles:
      - migrate

networks:
  proxy:
    external: true
  turftracker:
    driver: bridge

volumes:
  postgres_data: