Fix Gitea Actions compatibility and improve container configuration

- Update all GitHub Actions to v3 for Gitea compatibility
- Fix artifact upload/download actions (v4 -> v3)
- Remove GitHub-specific features (GITHUB_STEP_SUMMARY)
- Add complete Docker Compose configuration with PostgreSQL and Redis
- Add environment secrets support for all workflows
- Add debug workflow for secrets verification
- Add comprehensive documentation for secrets setup
- Improve container networking and health checks

.gitea/workflows/ci-cd.yml

@@ -16,10 +16,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: 'npm'
@@ -41,7 +41,7 @@ jobs:
     needs: test
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.30.0
@@ -63,7 +63,7 @@ jobs:
           echo "Security scan completed with fallback method"
 
       - name: Upload Trivy scan results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: always()
         with:
           name: trivy-results
@@ -76,10 +76,10 @@ jobs:
     if: github.ref == 'refs/heads/production'
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v2
 
       - name: Build Docker image
         run: |
@@ -91,7 +91,7 @@ jobs:
           docker save ${{ env.DOCKER_IMAGE }}:latest | gzip > ${{ env.DOCKER_IMAGE }}.tar.gz
 
       - name: Upload Docker image artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: docker-image
           path: ${{ env.DOCKER_IMAGE }}.tar.gz
@@ -103,10 +103,10 @@ jobs:
     if: github.ref == 'refs/heads/production'
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: Download Docker image artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
         with:
           name: docker-image
           path: ./
@@ -115,19 +115,43 @@ jobs:
         run: |
           gunzip -c ${{ env.DOCKER_IMAGE }}.tar.gz | docker load
 
-      - name: Stop existing container
+      - name: Stop existing services
         run: |
-          docker stop ${{ env.CONTAINER_NAME }} || true
+          docker-compose -f docker-compose.workflow.yml down || true
-          docker rm ${{ env.CONTAINER_NAME }} || true
 
-      - name: Start new container
+      - name: Verify secrets before deployment
         run: |
-          docker run -d \
+          echo "🔍 Verifying secrets..."
-            --name ${{ env.CONTAINER_NAME }} \
+          if [ -z "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
-            --restart unless-stopped \
+            echo "❌ NEXT_PUBLIC_BASE_URL secret is missing!"
-            -p 3000:3000 \
+            exit 1
-            -e NODE_ENV=production \
+          fi
-            ${{ env.DOCKER_IMAGE }}:latest
+          if [ -z "${{ secrets.MY_EMAIL }}" ]; then
+            echo "❌ MY_EMAIL secret is missing!"
+            exit 1
+          fi
+          if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
+            echo "❌ ADMIN_BASIC_AUTH secret is missing!"
+            exit 1
+          fi
+          echo "✅ All required secrets are present"
+
+      - name: Start services with Docker Compose
+        run: |
+          docker-compose -f docker-compose.workflow.yml up -d
+        env:
+          NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
+          MY_EMAIL: ${{ secrets.MY_EMAIL }}
+          MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
+          MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
+          MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
+          ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
+
+      - name: Verify container environment
+        run: |
+          echo "🔍 Checking container environment variables..."
+          sleep 10
+          docker exec portfolio-app sh -c 'echo "NODE_ENV: $NODE_ENV" && echo "DATABASE_URL: $DATABASE_URL" && echo "REDIS_URL: $REDIS_URL" && echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL" && echo "MY_EMAIL: $MY_EMAIL" && echo "ADMIN_BASIC_AUTH: [HIDDEN]"'
 
       - name: Wait for container to be ready
         run: |

.gitea/workflows/debug-secrets.yml

@@ -0,0 +1,126 @@
+name: Debug Secrets
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+
+jobs:
+  debug-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Debug Environment Variables
+        run: |
+          echo "🔍 Checking if secrets are available..."
+          echo ""
+          
+          # Check each secret (without revealing values)
+          if [ -n "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
+            echo "✅ NEXT_PUBLIC_BASE_URL: Set (length: ${#NEXT_PUBLIC_BASE_URL})"
+          else
+            echo "❌ NEXT_PUBLIC_BASE_URL: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_EMAIL }}" ]; then
+            echo "✅ MY_EMAIL: Set (length: ${#MY_EMAIL})"
+          else
+            echo "❌ MY_EMAIL: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_INFO_EMAIL }}" ]; then
+            echo "✅ MY_INFO_EMAIL: Set (length: ${#MY_INFO_EMAIL})"
+          else
+            echo "❌ MY_INFO_EMAIL: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_PASSWORD }}" ]; then
+            echo "✅ MY_PASSWORD: Set (length: ${#MY_PASSWORD})"
+          else
+            echo "❌ MY_PASSWORD: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_INFO_PASSWORD }}" ]; then
+            echo "✅ MY_INFO_PASSWORD: Set (length: ${#MY_INFO_PASSWORD})"
+          else
+            echo "❌ MY_INFO_PASSWORD: Not set"
+          fi
+          
+          if [ -n "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
+            echo "✅ ADMIN_BASIC_AUTH: Set (length: ${#ADMIN_BASIC_AUTH})"
+          else
+            echo "❌ ADMIN_BASIC_AUTH: Not set"
+          fi
+          
+          echo ""
+          echo "📋 Summary:"
+          echo "Total secrets checked: 6"
+          echo "Set secrets: $(echo "${{ secrets.NEXT_PUBLIC_BASE_URL }}${{ secrets.MY_EMAIL }}${{ secrets.MY_INFO_EMAIL }}${{ secrets.MY_PASSWORD }}${{ secrets.MY_INFO_PASSWORD }}${{ secrets.ADMIN_BASIC_AUTH }}" | grep -o . | wc -l)"
+        env:
+          NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
+          MY_EMAIL: ${{ secrets.MY_EMAIL }}
+          MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
+          MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
+          MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
+          ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
+
+      - name: Test Docker Environment
+        run: |
+          echo "🐳 Testing Docker environment with secrets..."
+          
+          # Create a test container to verify environment variables
+          docker run --rm \
+            -e NODE_ENV=production \
+            -e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
+            -e REDIS_URL=redis://redis:6379 \
+            -e NEXT_PUBLIC_BASE_URL="${{ secrets.NEXT_PUBLIC_BASE_URL }}" \
+            -e MY_EMAIL="${{ secrets.MY_EMAIL }}" \
+            -e MY_INFO_EMAIL="${{ secrets.MY_INFO_EMAIL }}" \
+            -e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
+            -e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
+            -e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
+            alpine:latest sh -c '
+              echo "Environment variables in container:"
+              echo "NODE_ENV: $NODE_ENV"
+              echo "DATABASE_URL: $DATABASE_URL"
+              echo "REDIS_URL: $REDIS_URL"
+              echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL"
+              echo "MY_EMAIL: $MY_EMAIL"
+              echo "MY_INFO_EMAIL: $MY_INFO_EMAIL"
+              echo "MY_PASSWORD: [HIDDEN - length: ${#MY_PASSWORD}]"
+              echo "MY_INFO_PASSWORD: [HIDDEN - length: ${#MY_INFO_PASSWORD}]"
+              echo "ADMIN_BASIC_AUTH: [HIDDEN - length: ${#ADMIN_BASIC_AUTH}]"
+            '
+
+      - name: Validate Secret Formats
+        run: |
+          echo "🔐 Validating secret formats..."
+          
+          # Check NEXT_PUBLIC_BASE_URL format
+          if [[ "${{ secrets.NEXT_PUBLIC_BASE_URL }}" =~ ^https?:// ]]; then
+            echo "✅ NEXT_PUBLIC_BASE_URL: Valid URL format"
+          else
+            echo "❌ NEXT_PUBLIC_BASE_URL: Invalid URL format (should start with http:// or https://)"
+          fi
+          
+          # Check email formats
+          if [[ "${{ secrets.MY_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+            echo "✅ MY_EMAIL: Valid email format"
+          else
+            echo "❌ MY_EMAIL: Invalid email format"
+          fi
+          
+          if [[ "${{ secrets.MY_INFO_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+            echo "✅ MY_INFO_EMAIL: Valid email format"
+          else
+            echo "❌ MY_INFO_EMAIL: Invalid email format"
+          fi
+          
+          # Check ADMIN_BASIC_AUTH format (should be username:password)
+          if [[ "${{ secrets.ADMIN_BASIC_AUTH }}" =~ ^[^:]+:.+$ ]]; then
+            echo "✅ ADMIN_BASIC_AUTH: Valid format (username:password)"
+          else
+            echo "❌ ADMIN_BASIC_AUTH: Invalid format (should be username:password)"
+          fi

.gitea/workflows/quick-deploy.yml

@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: 'npm'
@@ -33,19 +33,43 @@ jobs:
         run: |
           docker build -t ${{ env.DOCKER_IMAGE }}:latest .
 
-      - name: Stop existing container
+      - name: Stop existing services
         run: |
-          docker stop ${{ env.CONTAINER_NAME }} || true
+          docker-compose -f docker-compose.workflow.yml down || true
-          docker rm ${{ env.CONTAINER_NAME }} || true
 
-      - name: Start new container
+      - name: Verify secrets before deployment
         run: |
-          docker run -d \
+          echo "🔍 Verifying secrets..."
-            --name ${{ env.CONTAINER_NAME }} \
+          if [ -z "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
-            --restart unless-stopped \
+            echo "❌ NEXT_PUBLIC_BASE_URL secret is missing!"
-            -p 3000:3000 \
+            exit 1
-            -e NODE_ENV=production \
+          fi
-            ${{ env.DOCKER_IMAGE }}:latest
+          if [ -z "${{ secrets.MY_EMAIL }}" ]; then
+            echo "❌ MY_EMAIL secret is missing!"
+            exit 1
+          fi
+          if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
+            echo "❌ ADMIN_BASIC_AUTH secret is missing!"
+            exit 1
+          fi
+          echo "✅ All required secrets are present"
+
+      - name: Start services with Docker Compose
+        run: |
+          docker-compose -f docker-compose.workflow.yml up -d
+        env:
+          NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
+          MY_EMAIL: ${{ secrets.MY_EMAIL }}
+          MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
+          MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
+          MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
+          ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
+
+      - name: Verify container environment
+        run: |
+          echo "🔍 Checking container environment variables..."
+          sleep 10
+          docker exec portfolio-app sh -c 'echo "NODE_ENV: $NODE_ENV" && echo "DATABASE_URL: $DATABASE_URL" && echo "REDIS_URL: $REDIS_URL" && echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL" && echo "MY_EMAIL: $MY_EMAIL" && echo "ADMIN_BASIC_AUTH: [HIDDEN]"'
 
       - name: Health check
         run: |

.gitea/workflows/security-scan.yml

@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v3
         with:
           node-version: '20'
           cache: 'npm'
@@ -52,7 +52,7 @@ jobs:
           fi
 
       - name: Upload security scan results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: always()
         with:
           name: security-scan-results
@@ -63,16 +63,16 @@ jobs:
 
       - name: Security scan summary
         run: |
-          echo "## Security Scan Summary" >> $GITHUB_STEP_SUMMARY
+          echo "## Security Scan Summary"
-          echo "### NPM Audit Results" >> $GITHUB_STEP_SUMMARY
+          echo "### NPM Audit Results"
           if [ -f npm-audit-results.json ]; then
-            echo "✅ NPM audit completed" >> $GITHUB_STEP_SUMMARY
+            echo "✅ NPM audit completed"
           else
-            echo "❌ NPM audit failed" >> $GITHUB_STEP_SUMMARY
+            echo "❌ NPM audit failed"
           fi
-          echo "### Trivy Results" >> $GITHUB_STEP_SUMMARY
+          echo "### Trivy Results"
           if [ -f trivy-results.txt ]; then
-            echo "✅ Trivy scan completed" >> $GITHUB_STEP_SUMMARY
+            echo "✅ Trivy scan completed"
           else
-            echo "❌ Trivy scan failed" >> $GITHUB_STEP_SUMMARY
+            echo "❌ Trivy scan failed"
           fi

GITEA-SECRETS-SETUP.md

@@ -0,0 +1,56 @@
+# Gitea Secrets Setup
+
+Um die GitHub Actions Workflows korrekt zu verwenden, müssen die folgenden Secrets in deinem Gitea Repository konfiguriert werden:
+
+## Secrets konfigurieren
+
+1. Gehe zu deinem Repository in Gitea
+2. Klicke auf **Settings** → **Secrets**
+3. Füge die folgenden Secrets hinzu:
+
+### Erforderliche Secrets:
+
+| Secret Name | Beschreibung | Beispiel |
+|-------------|--------------|----------|
+| `NEXT_PUBLIC_BASE_URL` | Die öffentliche URL deiner Website | `https://dk0.dev` |
+| `MY_EMAIL` | Haupt-Email-Adresse für Kontaktformular | `contact@dk0.dev` |
+| `MY_INFO_EMAIL` | Info-Email-Adresse | `info@dk0.dev` |
+| `MY_PASSWORD` | Passwort für Haupt-Email | `dein_email_passwort` |
+| `MY_INFO_PASSWORD` | Passwort für Info-Email | `dein_info_email_passwort` |
+| `ADMIN_BASIC_AUTH` | Admin-Basic-Auth für geschützte Bereiche | `admin:dein_sicheres_passwort` |
+
+## Docker Compose Setup
+
+Die Workflows verwenden jetzt `docker-compose.workflow.yml` für eine vollständige Service-Konfiguration:
+
+- **PostgreSQL**: Datenbank für die Anwendung
+- **Redis**: Caching und Session-Management  
+- **Portfolio App**: Die Hauptanwendung
+
+## Netzwerk-Konfiguration
+
+Die Services sind im `portfolio_net` Netzwerk konfiguriert, damit sie miteinander kommunizieren können.
+
+## Health Checks
+
+Alle Services haben Health Checks konfiguriert:
+- PostgreSQL: `pg_isready`
+- Redis: `redis-cli ping`
+- Portfolio App: HTTP Health Check auf `/api/health`
+
+## Troubleshooting
+
+Falls die Workflows fehlschlagen:
+
+1. **Secrets prüfen**: Stelle sicher, dass alle Secrets korrekt konfiguriert sind
+2. **Netzwerk prüfen**: Überprüfe, ob das `portfolio_net` Netzwerk existiert
+3. **Ports prüfen**: Stelle sicher, dass Port 3000 frei ist
+4. **Logs prüfen**: Schaue in die Container-Logs für Fehlermeldungen
+
+```bash
+# Container-Logs anzeigen
+docker-compose -f docker-compose.workflow.yml logs
+
+# Services-Status prüfen
+docker-compose -f docker-compose.workflow.yml ps
+```

SECRETS-VERIFICATION.md

@@ -0,0 +1,105 @@
+# Secrets Verification Guide
+
+## Wie du überprüfst, ob Secrets korrekt geladen werden
+
+### 1. **Debug-Workflow ausführen**
+
+Ich habe einen speziellen Debug-Workflow erstellt (`.gitea/workflows/debug-secrets.yml`):
+
+1. Gehe zu deinem Repository in Gitea
+2. Klicke auf **Actions** → **Debug Secrets**
+3. Klicke auf **Run workflow** → **Run workflow**
+4. Der Workflow wird dir zeigen:
+   - ✅ Welche Secrets gesetzt sind
+   - ❌ Welche Secrets fehlen
+   - 🔐 Ob die Formate korrekt sind
+
+### 2. **Secrets in Gitea überprüfen**
+
+**Manuell in Gitea:**
+1. Gehe zu **Settings** → **Secrets**
+2. Überprüfe, ob alle Secrets vorhanden sind:
+   - `NEXT_PUBLIC_BASE_URL`
+   - `MY_EMAIL`
+   - `MY_INFO_EMAIL`
+   - `MY_PASSWORD`
+   - `MY_INFO_PASSWORD`
+   - `ADMIN_BASIC_AUTH`
+
+### 3. **Workflow-Logs überprüfen**
+
+Nach dem Ausführen eines Workflows:
+
+1. Gehe zu **Actions** → **Workflow runs**
+2. Klicke auf den neuesten Run
+3. Schaue dir die Logs an, besonders:
+   - "Verify secrets before deployment"
+   - "Verify container environment"
+
+### 4. **Container direkt überprüfen**
+
+Falls der Container läuft, kannst du ihn direkt überprüfen:
+
+```bash
+# Container-Environment anzeigen
+docker exec portfolio-app env | grep -E "(NEXT_PUBLIC_BASE_URL|MY_EMAIL|ADMIN_BASIC_AUTH)"
+
+# Container-Logs anzeigen
+docker logs portfolio-app
+
+# Services-Status prüfen
+docker-compose -f docker-compose.workflow.yml ps
+```
+
+### 5. **Häufige Probleme**
+
+**❌ Secret nicht gesetzt:**
+- Gehe zu Gitea → Settings → Secrets
+- Füge das fehlende Secret hinzu
+
+**❌ Falsches Format:**
+- `NEXT_PUBLIC_BASE_URL`: Muss mit `http://` oder `https://` beginnen
+- `MY_EMAIL`: Muss eine gültige Email-Adresse sein
+- `ADMIN_BASIC_AUTH`: Muss Format `username:password` haben
+
+**❌ Container kann nicht starten:**
+- Überprüfe die Docker-Logs
+- Stelle sicher, dass alle Services (PostgreSQL, Redis) laufen
+
+### 6. **Test-Schritte**
+
+1. **Führe den Debug-Workflow aus**
+2. **Überprüfe die Ausgabe**
+3. **Korrigiere fehlende/falsche Secrets**
+4. **Führe einen normalen Workflow aus**
+5. **Überprüfe die Container-Environment**
+
+### 7. **Erwartete Ausgabe**
+
+**Bei korrekten Secrets:**
+```
+✅ NEXT_PUBLIC_BASE_URL: Set (length: 15)
+✅ MY_EMAIL: Set (length: 20)
+✅ MY_INFO_EMAIL: Set (length: 18)
+✅ MY_PASSWORD: Set (length: 12)
+✅ MY_INFO_PASSWORD: Set (length: 12)
+✅ ADMIN_BASIC_AUTH: Set (length: 15)
+```
+
+**Bei fehlenden Secrets:**
+```
+❌ NEXT_PUBLIC_BASE_URL: Not set
+❌ MY_EMAIL: Not set
+```
+
+### 8. **Schnelltest**
+
+Führe diesen Befehl aus, um schnell zu testen:
+
+```bash
+# Debug-Workflow manuell ausführen
+curl -X POST "https://your-gitea-instance.com/api/v1/repos/your-username/portfolio/actions/workflows/debug-secrets.yml/dispatches" \
+  -H "Authorization: token YOUR_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"ref":"main"}'
+```

docker-compose.workflow.yml

@@ -0,0 +1,81 @@
+# Docker Compose configuration for GitHub Actions workflows
+# This ensures all required services are running before deployment
+
+services:
+  portfolio:
+    image: portfolio-app:latest
+    container_name: portfolio-app
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+    environment:
+      - NODE_ENV=production
+      - DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public
+      - REDIS_URL=redis://redis:6379
+      - NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL}
+      - MY_EMAIL=${MY_EMAIL}
+      - MY_INFO_EMAIL=${MY_INFO_EMAIL}
+      - MY_PASSWORD=${MY_PASSWORD}
+      - MY_INFO_PASSWORD=${MY_INFO_PASSWORD}
+      - ADMIN_BASIC_AUTH=${ADMIN_BASIC_AUTH}
+    volumes:
+      - portfolio_data:/app/.next/cache
+    networks:
+      - portfolio_net
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s
+
+  postgres:
+    image: postgres:16-alpine
+    container_name: portfolio-postgres
+    restart: unless-stopped
+    environment:
+      - POSTGRES_DB=portfolio_db
+      - POSTGRES_USER=portfolio_user
+      - POSTGRES_PASSWORD=portfolio_pass
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    networks:
+      - portfolio_net
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U portfolio_user -d portfolio_db"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+
+  redis:
+    image: redis:7-alpine
+    container_name: portfolio-redis
+    restart: unless-stopped
+    volumes:
+      - redis_data:/data
+    networks:
+      - portfolio_net
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+
+volumes:
+  portfolio_data:
+    driver: local
+  postgres_data:
+    driver: local
+  redis_data:
+    driver: local
+
+networks:
+  portfolio_net:
+    driver: bridge