version: "3.9"

x-common-env: &common-env
  TZ: "UTC"

############################################################
#  SERVICES
############################################################
services:
  # ──────────────────────────────
  kong:
    image: docker.io/library/kong:3.7
    container_name: kong
    restart: unless-stopped
    environment:
      <<: *common-env
      KONG_DATABASE: "off"
      KONG_DECLARATIVE_CONFIG: /config/kong.yml
      KONG_LOG_LEVEL: info
    volumes:
      - ./kong/kong.yml:/config/kong.yml:ro
    ports:
      - "8000:8000"    # proxy (handy for localhost curl)
      - "8001:8001"    # admin
    networks: [internal, nginx-proxy]

  # ──────────────────────────────
  fastapi:
    image: cmmc-fastapi:latest
    container_name: fastapi
    restart: unless-stopped
    environment:
      <<: *common-env
      # Default to local container; overridden by external URL in Makefile/CI
      KEYCLOAK_URL: "${KEYCLOAK_URL:-http://keycloak:8080}"
      KEYCLOAK_REALM: "cmmc-platform-dev"
      KEYCLOAK_CLIENT_ID: "frontend"
    ports:
      # keep reachable only from localhost, not LAN
      - "127.0.0.1:8008:8000"
    networks: [internal]

  # ──────────────────────────────
  # Starts ONLY when profile `idp` is requested
  keycloak:
    image: quay.io/keycloak/keycloak:25.0.0
    container_name: keycloak
    command: start-dev
    profiles: ["idp"]          # ← optional profile flag
    restart: unless-stopped
    environment:
      <<: *common-env
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_PROXY_HEADERS: xforwarded
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/realms/master"]
      interval: 10s
      retries: 5
    networks: [internal, nginx-proxy]

############################################################
#  NETWORKS
############################################################
networks:
  internal:
    driver: bridge
  nginx-proxy:            # external bridge Nginx-Proxy-Manager already uses
    external: true
    name: nginx-proxy