From bfe6a966b5d13bf53f24bf720197c90759fae51e Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Tue, 4 Nov 2025 21:16:25 +0100
Subject: [PATCH] fix(deployment): Redis health check reads password directly
 from Docker Secret

The health check now reads the password directly from /run/secrets/redis_password
instead of relying on an environment variable, which is not available in the
health check context.

This resolves the 'container application-redis-1 is unhealthy' error.
---
 docker-compose.production.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.production.yml b/docker-compose.production.yml
index 73e35597..fb51c04b 100644
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@@ -209,9 +209,9 @@ services:
           cpus: '0.5'
 
     # Stricter health checks
-    # Uses REDIS_PASSWORD environment variable exported by entrypoint
+    # Health check reads password directly from Docker Secret
     healthcheck:
-      test: ["CMD-SHELL", "redis-cli -a \"$REDIS_PASSWORD\" ping | grep -q PONG"]
+      test: ["CMD-SHELL", "redis-cli -a \"$(cat /run/secrets/redis_password 2>/dev/null || echo '')\" ping | grep -q PONG"]
       interval: 10s
       timeout: 3s
       retries: 5