version: '3.8'

services:
  web:
    build: .
    image: sneakyscanner:latest
    container_name: sneakyscanner-web
    # Override entrypoint to run Flask app instead of scanner
    entrypoint: ["python3", "-u"]
    command: ["-m", "web.app"]
    ports:
      - "5000:5000"
    volumes:
      # Mount configs directory (read-only) for scan configurations
      - ./configs:/app/configs:ro
      # Mount output directory for scan results
      - ./output:/app/output
      # Mount database file for persistence
      - ./data:/app/data
      # Mount logs directory
      - ./logs:/app/logs
    environment:
      # Flask configuration
      - FLASK_APP=web.app
      - FLASK_ENV=development
      - FLASK_DEBUG=true
      - FLASK_HOST=0.0.0.0
      - FLASK_PORT=5000
      # Database configuration (SQLite in mounted volume for persistence)
      - DATABASE_URL=sqlite:////app/data/sneakyscanner.db
      # Security settings
      - SECRET_KEY=${SECRET_KEY:-dev-secret-key-change-in-production}
      # Optional: CORS origins (comma-separated)
      - CORS_ORIGINS=${CORS_ORIGINS:-*}
      # Optional: Logging level
      - LOG_LEVEL=${LOG_LEVEL:-INFO}
    # Note: Scanner functionality requires privileged mode and host network
    # For now, the web app will trigger scans via subprocess
    # In Phase 2, we'll integrate scanner properly
    restart: unless-stopped

  # Optional: Initialize database on first run
  # Run with: docker-compose -f docker-compose-web.yml run --rm init-db
  init-db:
    build: .
    image: sneakyscanner:latest
    container_name: sneakyscanner-init-db
    entrypoint: ["python3"]
    command: ["init_db.py", "--db-url", "sqlite:////app/data/sneakyscanner.db"]
    volumes:
      - ./data:/app/data
    profiles:
      - tools