docker-compose-prod.yml

services:
  mongo:
    image: bitnami/mongodb:7.0.8
    environment:
      - MONGODB_REPLICA_SET_NAME=repl-set
    volumes:
      - mongoVolume:/bitnami/mongodb
    ports:
      - 27017:27017
    healthcheck:
      test:
        test $$(mongosh --port 27017 --quiet --eval "try
        {rs.initiate({_id:'repl-set',members:[{_id:0,host:\"mongo:27017\"}]})} catch(e) {rs.status().ok}") -eq 1
      interval: 10s
      start_period: 30s

  minio:
    image: bitnami/minio:2024.4.6
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    ports:
      - 9000:9000
      - 9001:9001
    volumes:
      - minioVolume:/bitnami/minio

  clamd:
    image: clamav/clamav:1.3
    healthcheck:
      test: ['CMD-SHELL', "echo 'PING' | nc -w 5 localhost 3310"]
      interval: 30s
      timeout: 10s
      retries: 5

  modelscan:
    image: bailo_modelscan:latest
    build:
      context: ./lib/modelscan_api
      dockerfile: ./Dockerfile
    ports:
      - 3311:3311
    healthcheck:
      test: ['CMD-SHELL', 'curl --fail http://localhost:3311/info || exit 1']
      interval: 30s
      timeout: 10s
      retries: 5

  mailcrab:
    image: marlonb/mailcrab:v1.2.0
    ports:
      - 1080:1080
      - 1025:1025

  nginx:
    image: nginxinc/nginx-unprivileged:1.25.4-alpine3.18
    volumes:
      - ./infrastructure/nginx/nginx.conf:/etc/nginx/nginx.conf
    ports:
      - 8080:8080
    depends_on:
      - frontend
      - backend

  registry:
    restart: always
    image: registry:2.8.3
    ports:
      - 5000:5000
    environment:
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
      REGISTRY_HTTP_TLS_KEY: /certs/key.pem

      REGISTRY_STORAGE_S3_ACCESSKEY: minioadmin
      REGISTRY_STORAGE_S3_SECRETKEY: minioadmin

      REGISTRY_AUTH: token
      REGISTRY_AUTH_TOKEN_REALM: http://backend:3001/api/v1/registry_auth
      REGISTRY_AUTH_TOKEN_SERVICE: RegistryAuth
      REGISTRY_AUTH_TOKEN_ISSUER: RegistryIssuer
      REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/cert.pem
    volumes:
      - ./backend/config/registry.conf:/etc/docker/registry/config.yml
      - ./backend/certs:/certs

  frontend:
    image: bailo_frontend:latest
    build:
      context: ./frontend/
      dockerfile: ./Dockerfile
    depends_on:
      - backend
    ports:
      - 3000:3000

  backend:
    image: bailo_backend:latest
    build:
      context: ./backend/
      dockerfile: ./Dockerfile
    ports:
      - 3001:3001
    volumes:
      - ./backend/certs:/certs
      - ./backend/certs:/usr/local/share/ca-certificates
      - ./backend/config:/app/config
    depends_on:
      clamd:
        condition: service_healthy
      modelscan:
        condition: service_healthy
      minio:
        condition: service_started
      mongo:
        condition: service_started
    security_opt:
      - seccomp:unconfined
      - apparmor:unconfined
    environment:
      - NODE_CONFIG_ENV=docker_compose

volumes:
  minioVolume:
  mongoVolume: