feat(deployment): update semaphore configuration and deployment workflows

docker-compose.staging.yml

@@ -248,19 +248,38 @@ services:
       - REDIS_PASSWORD_FILE=/run/secrets/redis_password
     secrets:
       - redis_password
-    command: >
-      sh -c "
-      REDIS_PASSWORD=$$(cat /run/secrets/redis_password 2>/dev/null || echo ${REDIS_PASSWORD})
-      redis-server
-      --requirepass $$REDIS_PASSWORD
-      --maxmemory 256mb
-      --maxmemory-policy allkeys-lru
-      --save 900 1
-      --save 300 10
-      --save 60 10000
-      --appendonly yes
-      --appendfsync everysec
-      "
+    # Use entrypoint script to inject password from Docker Secret into config
+    # Note: Script runs as root to read Docker Secrets, then starts Redis
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        # Read password from Docker Secret (as root)
+        REDIS_PASSWORD=$$(cat /run/secrets/redis_password 2>/dev/null || echo '')
+        # Start Redis with all settings as command line arguments (no config file to avoid conflicts)
+        if [ -n "$$REDIS_PASSWORD" ]; then
+          exec redis-server \
+            --bind 0.0.0.0 \
+            --dir /data \
+            --maxmemory 256mb \
+            --maxmemory-policy allkeys-lru \
+            --save 900 1 \
+            --save 300 10 \
+            --save 60 10000 \
+            --appendonly yes \
+            --appendfsync everysec \
+            --requirepass "$$REDIS_PASSWORD"
+        else
+          exec redis-server \
+            --bind 0.0.0.0 \
+            --dir /data \
+            --maxmemory 256mb \
+            --maxmemory-policy allkeys-lru \
+            --save 900 1 \
+            --save 300 10 \
+            --save 60 10000 \
+            --appendonly yes \
+            --appendfsync everysec
+        fi
     volumes:
       - staging-redis-data:/data
       - /etc/timezone:/etc/timezone:ro