version: '3.8'
services:
  app:
    image: adelyao/sipintar-app:latest
    working_dir: /app
    ports:
      - "3000:3000"
    # environment:
    #   # DATABASE_URL: /run/secrets/db_url
    #   # DATABASE_URL_FILE: /run/secrets/db_url
    #   DATABASE_URL: "mysql://sipintar_user:$$(cat /run/secrets/db_password)@sipintar_mysql:3306/sipintar_school"
    depends_on:
      - db
    networks:
      - sipintar-overlay
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 350M
        reservations:
          cpus: '0.1'
          memory: 100M
      restart_policy:
        condition: on-failure
    command: ["sh", "-c", "export DATABASE_URL=$$(cat /run/secrets/db_url) && npm run start"] #nanti tambahin biar prisma langsung di run
    secrets:
      - db_url

  sipintar_mysql:
    image: mysql:5.7
    environment:
      MYSQL_DATABASE: sipintar_school
      MYSQL_USER: sipintar_user
      MYSQL_PASSWORD_FILE: /run/secrets/db_password
      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
    volumes:
      - mysql_data:/var/lib/mysql
      - ./setup-database.sql:/docker-entrypoint-initdb.d/setup-database.sql
    networks:
      - sipintar-overlay
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-p$$(cat /run/secrets/db_root_password)"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 40s
    deploy:
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: '0.5'
          memory: 350M
        reservations:
          cpus: '0.1'
          memory: 100M
    secrets:
      - db_password
      - db_root_password
      - db_url


  scanner:
    image: aquasec/trivy:latest
    working_dir: /app
    environment:
      TRIVY_SEVERITY: "CRITICAL,HIGH"
      TRIVY_IGNORE_UNFIXED: "true"
      TRIVY_OUTPUT: "/app/trivy-report.json"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./trivy-results:/tmp/trivy-results
    command: ["image", "-q", "--format", "json", "--severity", "CRITICAL,HIGH", "app", "--output", "/tmp/trivy-results/trivy-report.json"]
    networks:
      - sipintar-overlay
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 350M
        reservations:
          cpus: '0.1'
          memory: 100M

secrets:
  db_password:
    file: ./secrets/db_password.txt
  db_root_password:
    file: ./secrets/db_root_password.txt
  db_url:
    file: ./secrets/db_url.txt

volumes:
  mysql_data:

networks:
  sipintar-overlay:
    driver: overlay

#docker-compose -f docker-compose-prod.yml --env-file .env.prod build
#docker-compose -f docker-compose-prod.yml --env-file .env.prod up -d
#docker-compose -f docker-compose-prod.yml --env-file .env.prod up (yg ada pilusnya)
#docker-compose -f docker-compose-prod.yml --env-file .env.prod up --build -d
#docker stack deploy -c docker-compose-prod.yml sipintar_stack

#docker-compose down
# docker system prune -f
# docker network prune -f