# =============================================
# DeepAudit v3.0.0 Docker Compose 配置
# =============================================
# 部署: docker compose up -d
# 查看日志: docker compose logs -f
# 注意: Agent 服务和沙箱环境是必须的核心组件

services:
  # =============================================
  # 核心基础服务
  # =============================================

  db:
    image: postgres:15-alpine
    restart: unless-stopped
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
      - POSTGRES_DB=deepaudit
    ports:
      - "5432:5432"
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U postgres" ]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  backend:
    build:
      context: ./backend
      args:
        - http_proxy=
        - https_proxy=
        - HTTP_PROXY=
        - HTTPS_PROXY=
        - all_proxy=
        - ALL_PROXY=
    restart: unless-stopped
    volumes:
      - ./backend/app:/app/app:ro  # 挂载代码目录，修改后自动生效
      - backend_uploads:/app/uploads
      - /var/run/docker.sock:/var/run/docker.sock # 沙箱执行必须
    ports:
      - "8000:8000"
    env_file:
      - ./backend/.env
    environment:
      - DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
      - REDIS_URL=redis://redis:6379/0
      - AGENT_ENABLED=true
      - SANDBOX_ENABLED=true
      # 禁用代理设置，防止容器内无法连接外部 API
      - HTTP_PROXY=
      - HTTPS_PROXY=
      - http_proxy=
      - https_proxy=
      - NO_PROXY=*
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    # 开发模式：启用 --reload 热重载
    command: sh -c ".venv/bin/alembic upgrade head && .venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload"
    networks:
      - deepaudit-network

  frontend:
    build:
      context: ./frontend
      args:
        - http_proxy=
        - https_proxy=
        - HTTP_PROXY=
        - HTTPS_PROXY=
        - all_proxy=
        - ALL_PROXY=
    restart: unless-stopped
    ports:
      - "3000:80" # Nginx 监听 80 端口
    environment:
      - VITE_API_BASE_URL=/api/v1
    depends_on:
      - backend
    networks:
      - deepaudit-network

  # =============================================
  # Agent 服务必须组件
  # =============================================

  # Redis (Agent 任务队列 - 必须)
  redis:
    image: redis:7-alpine
    restart: unless-stopped
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  # 沙箱镜像构建服务 (漏洞验证必须)
  # 注意: 此服务仅用于构建镜像，不会持续运行
  sandbox:
    build:
      context: ./docker/sandbox
      dockerfile: Dockerfile
    image: deepaudit/sandbox:latest
    profiles:
      - build-only
    command: echo "Sandbox image built successfully"

networks:
  deepaudit-network:
    driver: bridge

volumes:
  postgres_data:
  backend_uploads:
  redis_data: