version: "3.9"

services:
  nginx:
    container_name: infisical-bdd-nginx
    image: nginx
    restart: "always"
    ports:
      - 8080:80
      - 8443:443
    volumes:
      - ./nginx/default.dev.conf:/etc/nginx/conf.d/default.conf:ro
    depends_on:
      - backend
      - frontend

  db:
    image: postgres:14-alpine
    ports:
      - "5432:5432"
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: infisical
      POSTGRES_USER: infisical
      POSTGRES_DB: infisical

  redis:
    image: redis
    container_name: infisical-bdd-redis
    environment:
      - ALLOW_EMPTY_PASSWORD=yes
    ports:
      - 6379:6379
    volumes:
      - redis_data:/data


  backend:
    container_name: infisical-bdd-api
    build:
      context: ./backend
      dockerfile: Dockerfile.dev
    depends_on:
      db:
        condition: service_started
      redis:
        condition: service_started
    env_file:
      - .env
    ports:
      - 4000:4000
      - 9464:9464 # for OTEL collection of Prometheus metrics
    environment:
      - NODE_ENV=development
      - DB_CONNECTION_URI=postgres://infisical:infisical@db/infisical?sslmode=disable
      - TELEMETRY_ENABLED=false
      # This is needed to trust the Pebble CA certificate, which is used for the BDD tests
      - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/pebble.minica.crt
    volumes:
      - ./backend/src:/app/src
      # This is needed to trust the Pebble CA certificate, which is used for the BDD tests
      - ./backend/bdd/pebble/pebble.minica.pem:/usr/local/share/ca-certificates/pebble.minica.crt:ro
      - softhsm_tokens:/etc/softhsm2/tokens # SoftHSM tokens are stored in a volume to persist across container restarts
    extra_hosts:
      - "host.docker.internal:host-gateway"

  # TODO: not really needed, but it seems like nginx needs it to be present
  frontend:
    container_name: infisical-bdd-frontend
    restart: unless-stopped
    depends_on:
      - backend
    build:
      context: ./frontend
      dockerfile: Dockerfile.dev
    volumes:
      - ./frontend/src:/app/src/ # mounted whole src to avoid missing reload on new files
      - ./frontend/public:/app/public
    env_file: .env

  # ACME server for BDD tests
  pebble:
    image: ghcr.io/letsencrypt/pebble:2.8.0
    command: -config /var/data/pebble/pebble-config.json
    ports:
      - 14000:14000  # ACME port
      - 15000:15000  # Management port
    environment:
      # Do not perform validation sleep to make the BDD tests faster
      - PEBBLE_VA_NOSLEEP=1
      # Skip validation for now to make the BDD tests easier to write
      - PEBBLE_VA_ALWAYS_VALID=1
    volumes:
      - ./backend/bdd/pebble/:/var/data/pebble:ro

  technitium:
    image: technitium/dns-server:14.2.0
    ports:
      - "5380:5380/tcp"
    environment:
      - DNS_SERVER_ADMIN_PASSWORD=infisical

volumes:
  postgres-data:
    driver: local
  redis_data:
    driver: local
  softhsm_tokens:
    driver: local