docker-compose.yaml

version: "3.4"

services:
  php:
    image: koalati/app-php:${KOALATI_VERSION:-latest}
    restart: unless-stopped
    volumes:
      - php_socket:/var/run/php
    healthcheck:
      interval: 10s
      timeout: 3s
      retries: 3
      start_period: 30s
    depends_on:
        database:
            condition: service_healthy
    environment:
      APP_ENV: prod
      APP_SECRET: ${APP_SECRET}
      BASE_URL: ${BASE_URL}
      DATABASE_URL: ${DATABASE_URL}
      MERCURE_URL: http://caddy/.well-known/mercure
      MERCURE_PUBLIC_URL: ${MERCURE_PUBLIC_URL:-https://localhost/.well-known/mercure}
      MERCURE_JWT_SECRET: ${MERCURE_JWT_SECRET}
      TOOLS_API_WORKER_URL: http://tools-service:3000
      TOOLS_API_WORKER_BEARER_TOKEN: ${TOOLS_API_WORKER_BEARER_TOKEN}
      REDIS_HOST: redis
      REDIS_PORT: 6379
      REDIS_PASSWORD: ${REDIS_PASSWORD}
      MAILER_DSN: ${MAILER_DSN}
      SENTRY_DSN: ${SENTRY_DSN:-}
      SELF_HOSTING: ${SELF_HOSTING}
      INVITE_ONLY_REGISTRATION_MODE: ${INVITE_ONLY_REGISTRATION_MODE}

  caddy:
    image: koalati/app-caddy:${KOALATI_VERSION:-latest}
    depends_on:
      - php
    environment:
      APP_ENV: prod
      SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80}
      BASE_URL: ${BASE_URL}
      MERCURE_PUBLISHER_JWT: ${MERCURE_JWT_SECRET}
      MERCURE_SUBSCRIBER_JWT: ${MERCURE_JWT_SECRET}
    restart: unless-stopped
    volumes:
      - php_socket:/var/run/php
      - caddy_data:/data
      - caddy_config:/config
    ports:
      # HTTP
      - target: 80
        published: 80
        protocol: tcp
      # HTTPS
      - target: 443
        published: 443
        protocol: tcp
      # HTTP/3
      - target: 443
        published: 443
        protocol: udp

  tools-service:
    image: koalati/tools-service
    depends_on:
        database:
            condition: service_healthy
    environment:
      PORT: 3000
      MOCK_API: 0
      WEBHOOK_HOST: caddy
      WEBHOOK_PATH: /webhook/test-result
      JWT_SECRET: ${TOOLS_API_JWT_SECRET}
      AUTH_ACCESS_TOKEN: ${TOOLS_API_AUTH_ACCESS_TOKEN}
      DATABASE_HOST: database
      DATABASE_NAME: ${MYSQL_DATABASE}
      DATABASE_PASSWORD: ${MYSQL_PASSWORD}
      DATABASE_USER: ${MYSQL_USER}
      DATABASE_REJECT_UNAUTHORIZED: ${TOOLS_API_DATABASE_REJECT_UNAUTHORIZED}
    restart: unless-stopped
    ports:
    - 3000:3000

  redis:
    image: "redis:alpine"
    command: redis-server --requirepass ${REDIS_PASSWORD:-ChangeMe}

  database:
    image: mysql:${MYSQL_VERSION:-8.0}
    platform: linux/x86_64
    environment:
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
    cap_add:
      - SYS_NICE  # CAP_SYS_NICE
    volumes:
      - db-data:/var/lib/mysql:rw
    healthcheck: # @TODO: Figure out a more accurate "ready" check
      test: "mysql -h localhost -u $$MYSQL_USER --password=$$MYSQL_PASSWORD -X --execute \"SHOW DATABASES;\" | grep \">$$MYSQL_DATABASE<\""
      interval: 3s
      timeout: 3s
      retries: 10

  adminer:
    image: adminer
    restart: unless-stopped
    ports:
      - ${ADMINER_PORT:-8080}:8080

volumes:
  php_socket:
  caddy_data:
  caddy_config:
  db-data: