# =============================================================================
# Woodpecker CI/CD Infrastructure
#
# This runs the CI/CD server separately from the application stack.
#
# Setup:
# 1. Create OAuth application in Gitea (Settings > Applications)
#    - Application Name: Woodpecker CI
#    - Redirect URI: https://ci.coppertone.tech/authorize
# 2. Set environment variables in .env.ci:
#    - WOODPECKER_GITEA_CLIENT
#    - WOODPECKER_GITEA_SECRET
#    - WOODPECKER_AGENT_SECRET (generate with: openssl rand -hex 32)
# 3. Run: podman-compose -f infrastructure/docker-compose.ci.yml up -d
# =============================================================================

version: '3.8'

services:
  woodpecker-server:
    image: docker.io/woodpeckerci/woodpecker-server:v2.7.3
    container_name: woodpecker-server
    network_mode: host
    volumes:
      - woodpecker-server-data:/var/lib/woodpecker
    environment:
      # Gitea Integration
      WOODPECKER_GITEA: "true"
      WOODPECKER_GITEA_URL: ${WOODPECKER_GITEA_URL:-https://git.coppertone.tech}
      WOODPECKER_GITEA_CLIENT: ${WOODPECKER_GITEA_CLIENT}
      WOODPECKER_GITEA_SECRET: ${WOODPECKER_GITEA_SECRET}

      # Server configuration
      WOODPECKER_HOST: ${WOODPECKER_HOST:-https://ci.coppertone.tech}
      WOODPECKER_AGENT_SECRET: ${WOODPECKER_AGENT_SECRET}
      WOODPECKER_ADMIN: ${WOODPECKER_ADMIN:-administrator}

      # Open registration (set to false for private instance)
      WOODPECKER_OPEN: "false"

      # Database (SQLite by default, can use PostgreSQL)
      # WOODPECKER_DATABASE_DRIVER: postgres
      # WOODPECKER_DATABASE_DATASOURCE: postgres://user:password@db:5432/woodpecker?sslmode=disable

      # Logging - debug for troubleshooting
      WOODPECKER_LOG_LEVEL: debug
    restart: unless-stopped

  woodpecker-agent:
    image: docker.io/woodpeckerci/woodpecker-agent:v2.7.3
    container_name: woodpecker-agent
    network_mode: host
    command: agent
    depends_on:
      - woodpecker-server
    environment:
      # Connect to localhost since server uses host network
      WOODPECKER_SERVER: localhost:9000
      WOODPECKER_AGENT_SECRET: ${WOODPECKER_AGENT_SECRET}
      WOODPECKER_MAX_WORKFLOWS: 2
      # Use local backend (runs commands directly without Docker/Podman)
      WOODPECKER_BACKEND: local
    restart: unless-stopped

volumes:
  woodpecker-server-data:

networks:
  default:
    name: woodpecker-network