# Top-level project name pinned per the global Docker policy — prevents
# collision with other apps deployed under /opt that share a parent dir name.
name: adeo-maturity-tool

services:
  db:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB:       ${DB_NAME:-adeo_maturity}
      POSTGRES_USER:     ${DB_USER:-adeo}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    # Host port resolved by deploy/deploy.sh (preferred 5435, scans 5435-5499).
    # Bind to 127.0.0.1 only — only the app container needs DB access.
    ports:
      - "127.0.0.1:${ADEO_DB_PORT:-5435}:5432"
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test:     ["CMD-SHELL", "pg_isready -U ${DB_USER:-adeo} -d ${DB_NAME:-adeo_maturity}"]
      interval: 5s
      timeout:  5s
      retries:  10

  app:
    build:
      context: .
      dockerfile: Dockerfile
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
    # Host port resolved by deploy/deploy.sh (preferred 3102, scans 3102-3199).
    ports:
      - "127.0.0.1:${ADEO_PORT:-3102}:3102"
    environment:
      - PORT=3102
      - NODE_ENV=production
      - DATABASE_URL=postgres://${DB_USER:-adeo}:${DB_PASSWORD}@db:5432/${DB_NAME:-adeo_maturity}
      - AUTH_SECRET=${AUTH_SECRET}
      - COOKIE_PATH=${COOKIE_PATH:-/}
      - COOKIE_SECURE=${COOKIE_SECURE:-true}
      - ADEO_DATA_ROOT=/data/adeo
    volumes:
      - ./clients:/app/clients
      - ${BOX_ROOT:-/Users/phildore/Library/CloudStorage/Box-Box/ADEO_EXTERNAL_SHARE}:/data/adeo:ro

volumes:
  pgdata: