services:

  mssql:
    image: mcr.microsoft.com/mssql/server:2022-latest
    environment:
      SA_PASSWORD: ${SA_PASSWORD}
      ACCEPT_EULA: "Y"
      MSSQL_PID: Developer
    ports:
      - "1433:1433"
    volumes:
      - mssql_data:/var/opt/mssql
    healthcheck:
      test: ["CMD", "/opt/mssql-tools18/bin/sqlcmd", "-S", "localhost", "-U", "sa", "-P", "${SA_PASSWORD}", "-Q", "SELECT 1", "-No", "-l", "5"]
      interval: 10s
      timeout: 10s
      retries: 12
      start_period: 40s

  keycloak:
    image: quay.io/keycloak/keycloak:24.0
    command: start-dev --import-realm --http-port=8180
    environment:
      KEYCLOAK_ADMIN: ${KC_ADMIN}
      KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD}
      KC_DB: dev-file
      KC_HTTP_PORT: "8180"
      KC_HOSTNAME_STRICT: "false"
      KC_HOSTNAME_STRICT_HTTPS: "false"
      KC_HTTP_ENABLED: "true"
      KC_HEALTH_ENABLED: "true"
    ports:
      - "8180:8180"
    volumes:
      - ./keycloak:/opt/keycloak/data/import
      - keycloak_data:/opt/keycloak/data
    healthcheck:
      # Keycloak image has no curl/wget; use bash TCP to confirm port is open
      test: ["CMD-SHELL", "bash -c 'exec 3<>/dev/tcp/localhost/8180' 2>/dev/null && echo ok || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 18
      start_period: 30s

  api:
    build: .
    ports:
      - "9080:9080"
    env_file: .env
    environment:
      DB_DSN: "sqlserver://sa:${SA_PASSWORD}@mssql:1433?database=workorders"
      OIDC_ISSUER: "http://localhost:8180/realms/workorders"
      JWKS_URL: "http://keycloak:8180/realms/workorders/protocol/openid-connect/certs"
    extra_hosts:
      - "localhost:host-gateway"
    volumes:
      - uploads:/uploads
    depends_on:
      mssql:
        condition: service_healthy
      keycloak:
        condition: service_healthy
    restart: on-failure

volumes:
  mssql_data:
  keycloak_data:
  uploads: