###############################################################################
# eCert MBIP — Docker Compose Production Overrides (Ubuntu Server)
#
# Penggunaan:
#   docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d --build
#
# DB external: 172.17.200.16:3306
# Dalam .env (production): DB_HOST=172.17.200.16
#
# Perbezaan dari dev:
#   • APP_ENV=production, APP_DEBUG=false
#   • Storage sijil/template dalam named volume (kekal semasa redeploy)
#   • php-dev.ini tidak dimuat
#   • extra_hosts dibuang (IP terus boleh dicapai dari container)
###############################################################################
name: ecert

services:

  # ── PHP-FPM Application (production) ──────────────────────────────────────
  app:
    container_name: ecert_app
    restart: always
    volumes:
      - ./src:/var/www
      - ./docker/php/php.ini:/usr/local/etc/php/conf.d/99-ecert.ini:ro
      - storage_data:/var/www/storage
    environment:
      APP_ENV:   production
      APP_DEBUG: "false"
    extra_hosts: []    # buang host.docker.internal, guna IP terus

  # ── Nginx (production) ─────────────────────────────────────────────────────
  nginx:
    container_name: ecert_nginx
    restart: always
    volumes:
      - ./src:/var/www:ro
      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
      - storage_data:/var/www/storage:ro

  # ── Node.js Asset Builder (one-time, run manually) ────────────────────────
  node-build:
    image: node:lts-alpine
    container_name: ecert_node_build
    working_dir: /app
    volumes:
      - ./src:/app
    command: sh -c "npm ci && npm run build"
    profiles:
      - build

  # ── Queue Worker (production) ──────────────────────────────────────────────
  queue:
    container_name: ecert_queue
    restart: always
    volumes:
      - ./src:/var/www
      - ./docker/php/php.ini:/usr/local/etc/php/conf.d/99-ecert.ini:ro
      - storage_data:/var/www/storage
    environment:
      APP_ENV: production
    extra_hosts: []

  # ── Webhook Deploy (GitHub → auto pull + migrate) ──────────────────────────
  webhook:
    build:
      context: ./docker/webhook
    container_name: ecert_webhook
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/.ssh:/root/.ssh:ro
      - ./docker/webhook/hooks.json:/etc/webhook/hooks.json:ro
      - ./deploy.sh:/deploy.sh:ro
      - .:/srv/ecert
    command: -hooks=/etc/webhook/hooks.json -verbose
    networks:
      - ecert

###############################################################################
volumes:
  storage_data:
    driver: local