# Run a pre-built production image from Docker Hub (no local PHP image build).
#
# Usage on the server (copy this file + your .env, no app source required):
#   docker compose -f compose.hub.yaml pull
#   docker compose -f compose.hub.yaml up -d
#   docker compose -f compose.hub.yaml exec php php bin/console doctrine:migrations:migrate --no-interaction
# Optional: copy Makefile.hub into the same directory, then: make -f Makefile.hub help
#
# Services: `php` (web), `database` (MySQL), `prewarm` (same image; `app:prewarm` every 10 min — see README).
# Optional: PREWARM_FLAGS in .env (same as dev `cron` service), then `docker compose up -d --force-recreate prewarm`.
#
# Required in .env: APP_SECRET. Set MYSQL_* (or replace DATABASE_URL after editing this file) if you
# use the bundled database. For TLS in front, set TRUSTED_PROXIES to include your reverse proxy CIDR.
#
# Host HTTP port defaults to 9080 (same idea as local dev) so Apache/nginx can keep :80. Override with
# HTTP_PUBLISH=80 or HTTP_PUBLISH=127.0.0.1:9080 in .env if needed.
#
# Build & push (on your machine or CI), e.g.:
#   docker build --platform linux/amd64 --target frankenphp_prod -t silberengel/unfold:latest .
#   docker push silberengel/unfold:latest
#
# Override image: UNFOLD_DOCKER_IMAGE=myregistry/unfold:1.0.0 docker compose -f compose.hub.yaml up -d

name: unfold

services:
  php:
    image: ${UNFOLD_DOCKER_IMAGE:-silberengel/unfold:latest}
    pull_policy: always
    restart: unless-stopped
    environment:
      APP_ENV: ${APP_ENV:-prod}
      APP_SECRET: ${APP_SECRET}
      TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8}
      SERVER_NAME: ${SERVER_NAME:-:80}
      DATABASE_URL: mysql://${MYSQL_USER:-unfold_user}:${MYSQL_PASSWORD:-password}@database:3306/${MYSQL_DATABASE:-unfold_db}?serverVersion=${MYSQL_VERSION:-8.0}&charset=${MYSQL_CHARSET:-utf8mb4}
    volumes:
      - caddy_data:/data
      - caddy_config:/config
    ports:
      - "${HTTP_PUBLISH:-9080}:80/tcp"
    # Caddy/FrankenPHP only listen after the entrypoint finishes DB wait + migrations — allow a slow
    # first MySQL + migrate on a small host (avoids "unhealthy" + failed `up` for dependents).
    # Liveness: GET /health (see HealthController), not /.
    healthcheck:
      test: ["CMD", "curl", "-fsS", "http://127.0.0.1/health", "-o", "/dev/null"]
      interval: 10s
      timeout: 5s
      retries: 10
      start_period: 180s
    depends_on:
      database:
        condition: service_healthy

  prewarm:
    image: ${UNFOLD_DOCKER_IMAGE:-silberengel/unfold:latest}
    pull_policy: always
    restart: unless-stopped
    # The app image healthchecks HTTP on :80; this service is CLI-only (no Caddy in this container).
    healthcheck:
      disable: true
    working_dir: /app
    # Do not wait on `curl http://php/`: Caddy in the `php` container is often only reachable on
    # 127.0.0.1 from *inside* that container, so cross-container HTTP can hang. Wait on the same MySQL
    # instead: `php` runs migrations in its entrypoint; the migration table is the readiness signal.
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
        until php bin/console dbal:run-sql -q "SELECT 1" 2>/dev/null; do
          echo "prewarm: waiting for database…"
          sleep 2
        done
        until php bin/console dbal:run-sql -q "SELECT 1 FROM doctrine_migration_versions LIMIT 1" 2>/dev/null; do
          echo "prewarm: waiting for migrations (php entrypoint)…"
          sleep 3
        done
        while true; do
          sleep 600
          php bin/console app:prewarm $${PREWARM_FLAGS-} || true
        done
    environment:
      APP_ENV: ${APP_ENV:-prod}
      APP_SECRET: ${APP_SECRET}
      TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8}
      SERVER_NAME: ${SERVER_NAME:-:80}
      DATABASE_URL: mysql://${MYSQL_USER:-unfold_user}:${MYSQL_PASSWORD:-password}@database:3306/${MYSQL_DATABASE:-unfold_db}?serverVersion=${MYSQL_VERSION:-8.0}&charset=${MYSQL_CHARSET:-utf8mb4}
      PREWARM_FLAGS: ${PREWARM_FLAGS:-}
    depends_on:
      database:
        condition: service_healthy
      php:
        condition: service_started

  database:
    image: mysql:${MYSQL_VERSION:-8.0}
    restart: unless-stopped
    environment:
      MYSQL_DATABASE: ${MYSQL_DATABASE:-unfold_db}
      MYSQL_USER: ${MYSQL_USER:-unfold_user}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD:-password}
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-root_password}
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      timeout: 5s
      retries: 5
      start_period: 60s
    volumes:
      - database_data:/var/lib/mysql:rw

volumes:
  caddy_data:
  caddy_config:
  database_data: