# Production Pipeline Configuration
# Maximum safety and reliability

name: "Production Pipeline"
environment: production

# Global settings - strict failure handling
stop_on_failure: true
enable_rollback: true  # Automatic rollback on failure

# Global parameters
parameters:
  docker_compose_file: "docker-compose.production.yml"
  log_level: "warning"
  notify_on_failure: true
  notify_on_success: true
  notification_webhook: "${PRODUCTION_WEBHOOK_URL}"
  slack_channel: "#deployments"

# Pipeline stages
stages:
  # Build stage - optimized production build
  - stage: build
    enabled: true
    timeout: 900  # 15 minutes for production optimizations
    retries: 2
    parameters:
      composer_flags: "--no-dev --optimize-autoloader --classmap-authoritative --apcu-autoloader"
      npm_flags: "--production"
      optimize: true
      minify: true
      cache_bust: true

  # Test stage - skip in production (tests run in CI/CD)
  - stage: test
    enabled: false
    skip_environments:
      - production

  # Security check - critical in production
  - stage: security_check
    enabled: true
    timeout: 180  # 3 minutes
    retries: 0
    parameters:
      check_composer: true
      check_npm: true
      fail_on_medium: false
      fail_on_high: true
      fail_on_critical: true
      security_report: true

  # Backup - mandatory before production deployment
  - stage: backup
    enabled: true
    timeout: 600  # 10 minutes
    retries: 2
    parameters:
      backup_type: "full"
      retention_days: 30
      compress: true
      verify_backup: true
      offsite_copy: true
      backup_location: "${BACKUP_S3_BUCKET}"

  # Deploy stage - zero-downtime deployment
  - stage: deploy
    enabled: true
    timeout: 900  # 15 minutes
    retries: 0  # No retries - rollback instead
    parameters:
      restart_policy: "unless-stopped"
      pull_images: true
      build_images: false
      health_check_delay: 30
      rolling_update: true
      max_surge: 1
      max_unavailable: 0

  # Health check - extensive validation
  - stage: health_check
    enabled: true
    timeout: 300  # 5 minutes
    retries: 5
    parameters:
      check_interval: 15
      required_services:
        - php
        - nginx
        - redis
        - mysql
      http_checks:
        - url: "https://example.com/health"
          expected_status: 200
          timeout: 30
        - url: "https://example.com/api/health"
          expected_status: 200
          timeout: 30
      database_checks:
        - connection: true
        - migrations: true
        - data_integrity: true
      cache_checks:
        - redis_connection: true
        - cache_hit_rate_min: 0.8

  # Cleanup - careful cleanup in production
  - stage: cleanup
    enabled: true
    timeout: 300  # 5 minutes
    continue_on_failure: true
    parameters:
      clean_cache: true
      clean_logs: true
      clean_temp: true
      log_retention_days: 90
      keep_last_releases: 3
      clean_old_docker_images: true