services:
  sandbox-executor-manager:
    container_name: sandbox-executor-manager
    build:
      context: .
      dockerfile: executor_manager/Dockerfile
    image: sandbox-executor-manager:latest
    runtime: runc
    privileged: true
    ports:
      - "${EXECUTOR_PORT:-9385}:9385"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - sandbox-network
    restart: always
    security_opt:
      - no-new-privileges:true
    environment:
      - SANDBOX_EXECUTOR_MANAGER_POOL_SIZE=${SANDBOX_EXECUTOR_MANAGER_POOL_SIZE:-5}
      - SANDBOX_BASE_PYTHON_IMAGE=${SANDBOX_BASE_PYTHON_IMAGE-"sandbox-base-python:latest"}
      - SANDBOX_BASE_NODEJS_IMAGE=${SANDBOX_BASE_NODEJS_IMAGE-"sandbox-base-nodejs:latest"}
      - SANDBOX_ENABLE_SECCOMP=${SANDBOX_ENABLE_SECCOMP:-false}
    healthcheck:
      test: ["CMD-SHELL", "curl --fail http://localhost:9385/healthz || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 5
networks:
  sandbox-network:
    driver: bridge