services:
  db_vuln:
    image: mysql:8.0
    command: --default-authentication-plugin=mysql_native_password
    environment:
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
      MYSQL_ROOT_PASSWORD: rootpass
    healthcheck:
      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -uroot -p$${MYSQL_ROOT_PASSWORD} --silent"]
      interval: 10s
      timeout: 5s
      retries: 20
    networks:
      - cve_lab

  db_patched:
    image: mysql:8.0
    command: --default-authentication-plugin=mysql_native_password
    environment:
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
      MYSQL_ROOT_PASSWORD: rootpass
    healthcheck:
      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -uroot -p$${MYSQL_ROOT_PASSWORD} --silent"]
      interval: 10s
      timeout: 5s
      retries: 20
    networks:
      - cve_lab

  vuln:
    build:
      context: .
      dockerfile: vuln/Dockerfile
      args:
        PLUGIN_VERSION: "0.9.0"
    depends_on:
      db_vuln:
        condition: service_healthy
    ports:
      - "8081:80"
    environment:
      WORDPRESS_DB_HOST: db_vuln:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DEBUG: "1"
      WORDPRESS_LAB_URL: http://127.0.0.1:8081
      WORDPRESS_LAB_TITLE: CVE-2025-11262 Vulnerable Lab
      WORDPRESS_LAB_ADMIN_USER: admin
      WORDPRESS_LAB_ADMIN_PASSWORD: AdminPassw0rd!
      WORDPRESS_LAB_ADMIN_EMAIL: admin@example.test
    healthcheck:
      test: ["CMD-SHELL", "wp core is-installed --path=/var/www/html --allow-root >/dev/null 2>&1 && wp plugin is-active link-whisper --path=/var/www/html --allow-root >/dev/null 2>&1"]
      interval: 10s
      timeout: 5s
      retries: 30
    networks:
      - cve_lab

  patched:
    build:
      context: .
      dockerfile: patched/Dockerfile
      args:
        PLUGIN_VERSION: "0.9.1"
    depends_on:
      db_patched:
        condition: service_healthy
    ports:
      - "8082:80"
    environment:
      WORDPRESS_DB_HOST: db_patched:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DEBUG: "1"
      WORDPRESS_LAB_URL: http://127.0.0.1:8082
      WORDPRESS_LAB_TITLE: CVE-2025-11262 Patched Lab
      WORDPRESS_LAB_ADMIN_USER: admin
      WORDPRESS_LAB_ADMIN_PASSWORD: AdminPassw0rd!
      WORDPRESS_LAB_ADMIN_EMAIL: admin@example.test
    healthcheck:
      test: ["CMD-SHELL", "wp core is-installed --path=/var/www/html --allow-root >/dev/null 2>&1 && wp plugin is-active link-whisper --path=/var/www/html --allow-root >/dev/null 2>&1"]
      interval: 10s
      timeout: 5s
      retries: 30
    networks:
      - cve_lab

networks:
  cve_lab:
    driver: bridge