services:
  postgres:
    extends:
      file: docker-compose.yml
      service: postgres

  api:
    extends:
      file: docker-compose.yml
      service: api

  integration-tests:
    build:
      context: .
      dockerfile: SatelliteProvider.IntegrationTests/Dockerfile
    container_name: satellite-provider-integration-tests
    # AZ-505 AC-5: API now serves HTTPS for HTTP/2 via ALPN. The matching
    # public cert is mounted into /usr/local/share/ca-certificates so the
    # Dockerfile entrypoint can register it with update-ca-certificates
    # before tests run. After that every HttpClient trusts it transparently
    # — no per-test handler shim is required.
    environment:
      - API_URL=https://api:8080
      - INTEGRATION_TESTS_MODE=${INTEGRATION_TESTS_MODE:-full}
      - INTEGRATION_KEEP_STATE=${INTEGRATION_KEEP_STATE:-}
      - ASPNETCORE_ENVIRONMENT=Testing
      - DB_CONNECTION_STRING=Host=postgres;Port=5432;Database=satelliteprovider;Username=postgres;Password=postgres
      - JWT_SECRET=${JWT_SECRET}
      - JWT_ISSUER=${JWT_ISSUER}
      - JWT_AUDIENCE=${JWT_AUDIENCE}
    volumes:
      - ./ready:/app/ready
      - ./tiles:/app/tiles
      - ./certs/api.crt:/usr/local/share/ca-certificates/satellite-provider-dev.crt:ro
    # AZ-505 AC-5: register the dev CA at runtime so HttpClient trusts the API.
    # update-ca-certificates picks up everything under /usr/local/share/ca-certificates/.
    entrypoint:
      - /bin/sh
      - -c
      - update-ca-certificates >/dev/null 2>&1 && exec dotnet /app/SatelliteProvider.IntegrationTests.dll
    depends_on:
      api:
        condition: service_started
      postgres:
        condition: service_healthy
    restart: "no"

volumes:
  postgres_data: