From b1e3a0025a417d227d76b2deb3e7753cfc563f8b Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Tue, 4 Nov 2025 17:28:54 +0100
Subject: [PATCH] fix(deployment): improve Redis health check with fallback
 strategy

Changed health check to try without password first, then with Docker Secret.
This handles both scenarios where password might not be immediately available
or where the Secret read might fail in health check context.

Changes:
- Use CMD-SHELL instead of CMD for shell expansion support
- Try 'redis-cli ping' first (no auth)
- Fallback to authenticated ping if first attempt fails
- Properly quote password from Docker Secret

This is the eleventh cumulative fix for production deployment pipeline.

Related: commit 477fe67 (initial Redis health check fix)
---
 docker-compose.production.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 98b0a2e0..b08bb4f6 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -209,7 +209,7 @@ services:
 
     # Stricter health checks
     healthcheck:
-      test: ["CMD", "sh", "-c", "redis-cli -a $$(cat /run/secrets/redis_password 2>/dev/null || echo '') ping | grep -q PONG"]
+      test: ["CMD-SHELL", "redis-cli ping | grep -q PONG || redis-cli -a \"$$(cat /run/secrets/redis_password 2>/dev/null)\" ping | grep -q PONG"]
       interval: 10s
       timeout: 3s
       retries: 5