services:
  runner:
    build: .
    image: rolac-act-runner:latest
    restart: unless-stopped
    # host networking so the deploy step's `curl http://localhost:8080/api/health`
    # reaches the published edge port on the host.
    network_mode: host
    env_file: .env
    volumes:
      # talk to the host Docker daemon (build/push/compose all run on the host)
      - /var/run/docker.sock:/var/run/docker.sock
      # deploy target — must be the SAME path so compose's relative ./data and
      # ./nginx volumes resolve to real host paths
      - /opt/rolac:/opt/rolac
      # persist runner registration so it doesn't re-register on restart
      - ./runner-data:/data