# Docker/Podman Compose Audit - 20251123-104219
== Compose File Content ==
version: '3.8'

# =============================================================================
# Port Conventions:
# - Development: 5173 (Vite dev server, run with `pnpm run dev` in frontend/)
# - Testing:     8091 (containerized, for QA/staging)
# - Production:  8090 (containerized, for live site)
#
# Database Schema Separation:
# - Development: DB_SCHEMA=dev (default)
# - Testing:     DB_SCHEMA=testing
# - Production:  DB_SCHEMA=prod
#
# Run with specific environment:
#   Development: podman-compose up (default)
#   Testing:     DB_SCHEMA=testing podman-compose --profile testing up
#   Production:  DB_SCHEMA=prod podman-compose up
# =============================================================================

services:
  # Production frontend (port 8090)
  frontend:
    build:
      context: ./frontend
      dockerfile: Containerfile
    ports:
      - "8090:80"
    restart: unless-stopped

  # Testing frontend (port 8091) - use with: podman-compose --profile testing up
  frontend-testing:
    build:
      context: ./frontend
      dockerfile: Containerfile
    ports:
      - "8091:80"
    restart: unless-stopped
    profiles:
      - testing

  backend-example-function:
    build:
      context: ./backend/functions/example-function
      dockerfile: Containerfile
    ports:
      - "8081:8080" # Map host port 8081 to container port 8080
    restart: unless-stopped
    depends_on:
      - db # This function might depend on the database in a real scenario

  auth-service:
    build:
      context: ./backend/functions/auth-service
      dockerfile: Containerfile
    ports:
      - "8082:8080" # Map host port 8082 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-CLIENT}
      DB_HOST: db
      DB_USER: ${DB_USER:-user}
      DB_PASSWORD: ${DB_PASSWORD:-password}
      DB_NAME: ${DB_NAME:-coppertone_db}
      DB_SCHEMA: ${DB_SCHEMA:-dev}
      DB_SSL_MODE: ${DB_SSL_MODE:-disable}
      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
    depends_on:
      - db

  work-management-service:
    build:
      context: ./backend/functions/work-management-service
      dockerfile: Containerfile
    ports:
      - "8083:8080" # Map host port 8083 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
      DB_USER: ${DB_USER:-user}
      DB_PASSWORD: ${DB_PASSWORD:-password}
      DB_NAME: ${DB_NAME:-coppertone_db}
      DB_SCHEMA: ${DB_SCHEMA:-dev}
      DB_SSL_MODE: ${DB_SSL_MODE:-disable}
      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
      # IPFS_HOST: ipfs_node # Future: Host for IPFS node if separate
    depends_on:
      - db
      # - ipfs_node # Future: Depend on IPFS node

  payment-service:
    build:
      context: ./backend/functions/payment-service
      dockerfile: Containerfile
    ports:
      - "8084:8080" # Map host port 8084 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
      DB_USER: ${DB_USER:-user}
      DB_PASSWORD: ${DB_PASSWORD:-password}
      DB_NAME: ${DB_NAME:-coppertone_db}
      DB_SCHEMA: ${DB_SCHEMA:-dev}
      DB_SSL_MODE: ${DB_SSL_MODE:-disable}
      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
      STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY:-sk_test_placeholder}
      STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET:-whsec_placeholder}
    depends_on:
      - db

  blog-service:
    build:
      context: ./backend/functions/blog-service
      dockerfile: Containerfile
    ports:
      - "8085:8080" # Map host port 8085 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
      DB_USER: ${DB_USER:-user}
      DB_PASSWORD: ${DB_PASSWORD:-password}
      DB_NAME: ${DB_NAME:-coppertone_db}
      DB_SCHEMA: ${DB_SCHEMA:-dev}
      DB_SSL_MODE: ${DB_SSL_MODE:-disable}
      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
    depends_on:
      - db

  ipfs-service:
    build:
      context: ./backend/functions/ipfs-service
      dockerfile: Containerfile
    ports:
      - "8086:8080"  # HTTP API
      - "4001:4001"  # libp2p TCP
      - "4002:4002"  # libp2p WebSocket (for browser clients)
    restart: unless-stopped
    environment:
      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:8090}
    volumes:
      - ipfs_data:/app/data

  forum-service:
    build:
      context: ./backend/functions/forum-service
      dockerfile: Containerfile
    ports:
      - "8087:8080"  # Map host port 8087 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
      DB_USER: ${DB_USER:-user}
      DB_PASSWORD: ${DB_PASSWORD:-password}
      DB_NAME: ${DB_NAME:-coppertone_db}
      DB_SCHEMA: ${DB_SCHEMA:-dev}
      DB_SSL_MODE: ${DB_SSL_MODE:-disable}
      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:8090}
    depends_on:
      - db

  # Contact Service - handles contact form submissions (port 8088)
  contact-service:
    build:
      context: ./backend/functions/contact-service
      dockerfile: Containerfile
    ports:
      - "8088:8080"
    restart: unless-stopped
    environment:
      DB_HOST: db
      DB_USER: ${DB_USER:-user}
      DB_PASSWORD: ${DB_PASSWORD:-password}
      DB_NAME: ${DB_NAME:-coppertone_db}
      DB_SCHEMA: ${DB_SCHEMA:-dev}
      DB_SSL_MODE: ${DB_SSL_MODE:-disable}
      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN:-http://localhost:5173,http://localhost:8090,http://localhost:8091}
    depends_on:
      - db

  db:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: coppertone_db
      POSTGRES_USER: user
      POSTGRES_PASSWORD: password
    volumes:
      - db_data:/var/lib/postgresql/data
    # Expose port only if needed for direct connection outside the compose network
    # ports:
    #   - "5432:5432"

volumes:
  db_data:
  ipfs_data:

== Services Defined ==
  frontend:
    build:
      context: ./frontend
      dockerfile: Containerfile
    ports:
    restart: unless-stopped
  frontend-testing:
    build:
      context: ./frontend
      dockerfile: Containerfile
    ports:
    restart: unless-stopped
    profiles:
  backend-example-function:
    build:
      context: ./backend/functions/example-function
      dockerfile: Containerfile
    ports:
    restart: unless-stopped
    depends_on:

== Volume Mounts ==
    volumes:
      - ipfs_data:/app/data

  forum-service:
    build:
      context: ./backend/functions/forum-service
--
    volumes:
      - db_data:/var/lib/postgresql/data
    # Expose port only if needed for direct connection outside the compose network
    # ports:
    #   - "5432:5432"

volumes:
  db_data:
  ipfs_data:

== Environment Variables Exposed ==
# Run with specific environment:
    environment:
    environment:
    environment:
    environment:
    environment:
    environment:
    environment:
    environment:

== Port Mappings ==
    ports:
      - "8090:80"
    restart: unless-stopped

  # Testing frontend (port 8091) - use with: podman-compose --profile testing up
  frontend-testing:
--
    ports:
      - "8091:80"
    restart: unless-stopped
    profiles:
      - testing

--
    ports:
      - "8081:8080" # Map host port 8081 to container port 8080
    restart: unless-stopped
    depends_on:
      - db # This function might depend on the database in a real scenario

--
    ports:
      - "8082:8080" # Map host port 8082 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-CLIENT}
--
    ports:
      - "8083:8080" # Map host port 8083 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
--
    ports:
      - "8084:8080" # Map host port 8084 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
--
    ports:
      - "8085:8080" # Map host port 8085 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
--
    ports:
      - "8086:8080"  # HTTP API
      - "4001:4001"  # libp2p TCP
      - "4002:4002"  # libp2p WebSocket (for browser clients)
    restart: unless-stopped
    environment:
--
    ports:
      - "8087:8080"  # Map host port 8087 to container port 8080
    restart: unless-stopped
    environment:
      JWT_SECRET: ${JWT_SECRET:-dev_jwt_secret_key_change_me_in_production_at_least_64_characters_long}
      DB_HOST: db
--
    ports:
      - "8088:8080"
    restart: unless-stopped
    environment:
      DB_HOST: db
      DB_USER: ${DB_USER:-user}
--
    # ports:
    #   - "5432:5432"

volumes:
  db_data:
  ipfs_data:

== Network Configuration ==
Using default network

== Restart Policies ==
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped
    restart: unless-stopped

== Resource Limits ==
NO RESOURCE LIMITS - consider adding