version: '3.8'

services:
  jenkins:
    image: jenkins/jenkins:lts
    container_name: KNELDevStack-CDS-jenkins-server
    restart: unless-stopped
    
    ports:
      - "11001:8080"
    
    volumes:
      # Jenkins home directory for persistence
      - /home/localuser/KNELDevStack-CDS/docker-data/jenkins:/var/jenkins_home
      # SSH private keys for connecting to remote systems
      - /home/localuser/KNELDevStack-CDS/docker-data/jenkins/ssh-private-keys:/var/jenkins_home/.ssh:ro
      # Admin password secret
      - /home/localuser/KNELDevStack-CDS/docker-data/jenkins/secrets:/var/jenkins_home/secrets:ro
    
    environment:
      # Set Java options for performance
      - JAVA_OPTS=-Djenkins.install.runSetupWizard=false -Xmx1g -Xms512m
      # Configure admin user from secret file
      - JENKINS_ADMIN_ID=admin
      - JENKINS_ADMIN_PASSWORD_FILE=/var/jenkins_home/secrets/jenkins-admin-pw
    
    # Resource limits for small instance
    deploy:
      resources:
        limits:
          memory: 1.5G
          cpus: '1.0'
        reservations:
          memory: 512M
          cpus: '0.5'
    
    # Health check
    healthcheck:
      test: ["CMD-SHELL", "curl -f http://localhost:8080/login || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s
    
    # Security options
    security_opt:
      - no-new-privileges:true
    
    # User configuration (run as jenkins user inside container)
    user: "1000:1000"

networks:
  default:
    name: jenkins-network