Redis fix

.github/workflows/redis-docker.yml

@@ -5,16 +5,44 @@ on:
     branches:
       - redis
       - redis-tests
+  schedule:
+    - cron: '0 0 * * 1' # Run weekly to check for base image updates
 
 permissions:
   contents: read
   security-events: write
   packages: write
 
 jobs:
+  check-base-images:
+    name: Check Base Images
+    runs-on: ubuntu-latest
+    outputs:
+      base_image: ${{ steps.get-base-image.outputs.base_image }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get base image from Dockerfile
+        id: get-base-image
+        run: |
+          BASE_IMAGE=$(grep "^FROM.*as builder" Dockerfile | awk '{print $2}')
+          echo "base_image=${BASE_IMAGE}" >> "$GITHUB_OUTPUT"
+          echo "Found base image: ${BASE_IMAGE}"
+
+      - name: Check base image updates
+        uses: docker/scout-action@v1
+        with:
+          command: recommendations,cves
+          image: ${{ steps.get-base-image.outputs.base_image }}
+          only-fixed: true
+          only-severities: critical,high
+          exit-code: true
+
   security-checks:
     name: Security Checks
     runs-on: ubuntu-latest
+    needs: check-base-images
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

docker/docker-redis/docker-compose.yml

@@ -3,13 +3,15 @@ version: '3.8'
 services:
   redis:
     image: redis:7.2-alpine
-    command: redis-server /usr/local/etc/redis/redis.conf
+    command: >
+      sh -c "envsubst < /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf &&
+             redis-server /usr/local/etc/redis/redis.conf"
     volumes:
-      - ./redis.conf:/usr/local/etc/redis/redis.conf
+      - ./redis.conf:/usr/local/etc/redis/redis.conf.template:ro
     ports:
       - "6379:6379"
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
       interval: 5s
       timeout: 3s
       retries: 3
@@ -23,6 +25,9 @@ services:
     tmpfs:
       - /tmp
       - /var/run
+      - /usr/local/etc/redis
+    environment:
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
 
   api:
     build:
@@ -48,6 +53,7 @@ services:
       - AWS_CONFIG_FILE=/root/.aws/config
       - AWS_PROFILE=${AWS_PROFILE:-default}
       - CACHE_EXPIRY=600
+      - PYTHONUNBUFFERED=1
     volumes:
       - ~/.aws:/root/.aws:ro
     ports:
@@ -74,10 +80,9 @@ services:
     command: ["gunicorn", "--bind", "0.0.0.0:5001", "--workers", "${GUNICORN_WORKERS:-8}", "api:app"]
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:5001/health"]
-      interval: 30s
-      timeout: 10s
+      interval: 10s
+      timeout: 5s
       retries: 3
-      start_period: 10s
     logging:
       driver: "json-file"
       options:

docker/docker-redis/redis.conf

@@ -14,6 +14,9 @@ tls-key-file ""
 tls-auth-clients no
 tls-prefer-server-ciphers yes
 
+# Security
+requirepass ${REDIS_PASSWORD}
+
 # General
 daemonize no
 supervised no
@@ -33,23 +36,24 @@ dbfilename dump.rdb
 dir /data
 
 # Memory Management
-maxmemory 512mb
+maxmemory 256mb
 maxmemory-policy allkeys-lru
 maxmemory-samples 5
 
-# Security
-requirepass ${REDIS_PASSWORD}
-rename-command FLUSHDB ""
-rename-command FLUSHALL ""
-rename-command DEBUG ""
-rename-command CONFIG ""
+# Append only mode
+appendonly no
+appendfilename "appendonly.aof"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
 
 # Slow Log
 slowlog-log-slower-than 10000
 slowlog-max-len 128
 
 # Latency Monitor
-latency-monitor-threshold 100
+latency-monitor-threshold 0
 
 # Event Notification
 notify-keyspace-events ""