version: '3.9'

x-monitoring: &monitoring
  DD_ENV: ${DD_ENV:-production}
  DD_SERVICE: ${DD_SERVICE:-shieldai}
  DD_VERSION: ${DOCKER_TAG:-latest}
  DD_TRACE_ENABLED: ${DD_TRACE_ENABLED:-true}
  DD_AGENT_HOST: datadog-agent
  DD_AGENT_PORT: "8126"
  DD_LOGS_INJECTION: "true"
  SENTRY_DSN: ${SENTRY_DSN:-}
  SENTRY_ENVIRONMENT: ${DD_ENV:-production}
  SENTRY_RELEASE: ${DOCKER_TAG:-latest}

services:
  api:
    image: ghcr.io/${GITHUB_REPOSITORY_OWNER}/shieldai-api:${DOCKER_TAG:-latest}
    restart: unless-stopped
    ports:
      - "${PORT:-3000}:3000"
    environment:
      DATABASE_URL: "postgresql://shieldai:${POSTGRES_PASSWORD}@postgres:5432/shieldai"
      REDIS_URL: "redis://redis:6379"
      PORT: "3000"
      LOG_LEVEL: info
      HIBP_API_KEY: ${HIBP_API_KEY}
      RESEND_API_KEY: ${RESEND_API_KEY}
      <<: *monitoring
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    networks:
      - shieldai

  darkwatch:
    image: ghcr.io/${GITHUB_REPOSITORY_OWNER}/shieldai-darkwatch:${DOCKER_TAG:-latest}
    restart: unless-stopped
    environment:
      DATABASE_URL: "postgresql://shieldai:${POSTGRES_PASSWORD}@postgres:5432/shieldai"
      REDIS_URL: "redis://redis:6379"
      HIBP_API_KEY: ${HIBP_API_KEY}
      DD_SERVICE: "shieldai-darkwatch"
      <<: *monitoring
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    networks:
      - shieldai

  spamshield:
    image: ghcr.io/${GITHUB_REPOSITORY_OWNER}/shieldai-spamshield:${DOCKER_TAG:-latest}
    restart: unless-stopped
    environment:
      DATABASE_URL: "postgresql://shieldai:${POSTGRES_PASSWORD}@postgres:5432/shieldai"
      REDIS_URL: "redis://redis:6379"
      DD_SERVICE: "shieldai-spamshield"
      <<: *monitoring
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    networks:
      - shieldai

  voiceprint:
    image: ghcr.io/${GITHUB_REPOSITORY_OWNER}/shieldai-voiceprint:${DOCKER_TAG:-latest}
    restart: unless-stopped
    environment:
      DATABASE_URL: "postgresql://shieldai:${POSTGRES_PASSWORD}@postgres:5432/shieldai"
      REDIS_URL: "redis://redis:6379"
      DD_SERVICE: "shieldai-voiceprint"
      <<: *monitoring
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    networks:
      - shieldai

  datadog-agent:
    image: datadog/agent:7
    restart: unless-stopped
    environment:
      DD_API_KEY: ${DD_API_KEY}
      DD_SITE: ${DD_SITE:-datadoghq.com}
      DD_ENV: ${DD_ENV:-production}
      DD_DOGSTATSD_NON_LOCAL_TRAFFIC: "true"
      DD_APM_ENABLED: "true"
      DD_APM_NON_LOCAL_TRAFFIC: "true"
      DD_LOGS_ENABLED: "true"
      DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL: "true"
      DD_HEALTH_PORT_ENABLE: "true"
    ports:
      - "8125:8125/udp"
      - "8126:8126"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /proc/:/host/proc/:ro
      - /sys/fs/cgroup:/host/sys/fs/cgroup:ro
    networks:
      - shieldai

  postgres:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: shieldai
      POSTGRES_USER: shieldai
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U shieldai"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - shieldai

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - shieldai

volumes:
  pgdata:

networks:
  shieldai:
    driver: bridge