# =============================================
# DeepAudit Docker Compose 配置
# =============================================
# 部署: docker compose up -d
# 查看日志: docker compose logs -f
# 注意: Agent 服务和沙箱环境是必须的核心组件

services:
  # =============================================
  # 核心基础服务
  # =============================================

  db:
    image: postgres:15-alpine
    restart: unless-stopped
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
      - POSTGRES_DB=deepaudit
    ports:
      - "5432:5432"
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U postgres" ]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  backend:
    build:
      context: ./backend
    restart: unless-stopped
    # 允许容器通过 host.docker.internal 访问宿主机
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      # - ./backend/app:/app/app:ro  # 挂载代码目录，修改后自动生效
      - backend_uploads:/app/uploads
      - /var/run/docker.sock:/var/run/docker.sock # 沙箱执行必须
    ports:
      - "8000:8000"
    env_file:
      - ./backend/.env
    environment:
      - DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
      - REDIS_URL=redis://redis:6379/0
      - AGENT_ENABLED=true
      - SANDBOX_ENABLED=true
      - SANDBOX_IMAGE=deepaudit/sandbox:latest  # 使用本地构建的沙箱镜像
      # 指定 embedding 服务地址
      - EMBEDDING_BASE_URL=http://host.docker.internal:8003/v1 
      # Gitea 配置
      - GITEA_HOST_URL=http://sl.vrgon.com:3000
      - GITEA_BOT_TOKEN=379a049b8d78965fdff474fc8676bca7e9c70248
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    # 开发模式：启用 --reload 热重载
    command: sh -c ".venv/bin/alembic upgrade head && .venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000"
    networks:
      - deepaudit-network

  frontend:
    build:
      context: ./frontend
    restart: unless-stopped
    volumes:
      # - ./frontend/dist:/usr/share/nginx/html:ro  # 挂载构建产物，本地 pnpm build 后自动生效
      - ./frontend/nginx.conf:/etc/nginx/conf.d/default.conf:ro  # 挂载 nginx 配置
    ports:
      - "83:80" # Nginx 监听 80 端口
    environment:
      - VITE_API_BASE_URL=/api/v1
    depends_on:
      - backend
    networks:
      - deepaudit-network

  # =============================================
  # Agent 服务必须组件
  # =============================================

  # Redis (Agent 任务队列 - 必须)
  redis:
    image: redis:7-alpine
    restart: unless-stopped
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data
    healthcheck:
      test: [ "CMD", "redis-cli", "ping" ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - deepaudit-network

  # 沙箱镜像构建服务 (漏洞验证必须)
  # 注意: 此服务仅用于构建镜像，构建完成后自动退出
  sandbox:
    build:
      context: ./docker/sandbox
      dockerfile: Dockerfile
    image: deepaudit/sandbox:latest
    restart: "no"
    command: echo "Sandbox image built successfully"

networks:
  deepaudit-network:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-deepaudit  # 指定宿主机网卡名称

volumes:
  postgres_data:
  backend_uploads:
  redis_data: