services:
  portfolio:
    build:
      context: .
      dockerfile: Dockerfile
    image: portfolio:latest
    container_name: portfolio-app
    restart: unless-stopped
    ports:
      - "4000:4000"
    environment:
      - NODE_ENV=production
      - NEXT_TELEMETRY_DISABLED=1
    healthcheck:
      test: ["CMD", "wget", "-q", "-O", "/dev/null", "--spider", "http://localhost:4000"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    security_opt:
      - no-new-privileges:true
    read_only: true
    tmpfs:
      - /tmp
      - /app/.next/cache
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE