# Docker Compose for E2E Testing
#
# This configuration runs Charon with a fresh, isolated database specifically for
# Playwright E2E tests. Use this to ensure tests start with a clean state.
#
# Usage:
#   docker compose -f .docker/compose/docker-compose.e2e.yml up -d
#
# The setup API will be available since no users exist in the fresh database.
# The auth.setup.ts fixture will create a test admin user automatically.

services:
  charon-e2e:
    image: charon:local
    container_name: charon-e2e
    restart: "no"
    ports:
      - "8080:8080"    # Management UI (Charon)
    environment:
      - CHARON_ENV=development
      - CHARON_DEBUG=0
      - TZ=UTC
      # Encryption key - MUST be provided via environment variable
      # Generate with: export CHARON_ENCRYPTION_KEY=$(openssl rand -base64 32)
      - CHARON_ENCRYPTION_KEY=${CHARON_ENCRYPTION_KEY:?CHARON_ENCRYPTION_KEY is required}
      # Emergency reset token - for break-glass recovery when locked out by ACL
      # Generate with: openssl rand -hex 32
      - CHARON_EMERGENCY_TOKEN=${CHARON_EMERGENCY_TOKEN:-test-emergency-token-for-e2e-32chars}
      - CHARON_HTTP_PORT=8080
      - CHARON_DB_PATH=/app/data/charon.db
      - CHARON_FRONTEND_DIR=/app/frontend/dist
      - CHARON_CADDY_ADMIN_API=http://localhost:2019
      - CHARON_CADDY_CONFIG_DIR=/app/data/caddy
      - CHARON_CADDY_BINARY=caddy
      - CHARON_ACME_STAGING=true
      # FEATURE_CERBERUS_ENABLED deprecated - Cerberus enabled by default
    tmpfs:
      # True tmpfs for E2E test data - fresh on every run, in-memory only
      # mode=1777 allows any user to write (container runs as non-root)
      - /app/data:size=100M,mode=1777
    healthcheck:
      test: ["CMD-SHELL", "curl -fsS http://localhost:8080/api/v1/health || exit 1"]
      interval: 5s
      timeout: 5s
      retries: 10
      start_period: 10s