Refactor backend scripts naming

[mnaimfaizy]

This pull request focuses on improving Redis SSL/TLS security and configuration robustness, especially for production deployments. It also standardizes Docker entrypoints and script naming across environments, and enhances Docker Compose service configuration for clarity and best practices.

Redis SSL/TLS Security and Configuration:

• Enforces strict SSL/TLS verification for Redis in production, requiring CA certificates and enabling hostname verification by default. If certificates are missing in production, the application will now fail fast with clear error messages instead of silently downgrading security. Logging around SSL configuration and certificate detection is improved for better diagnostics. (backend/app/backend_pre_start.py) [1] [2] [3]
• Updates Docker Compose production environment variables to require SSL certificate verification (ssl_cert_reqs=required) and hostname checking (ssl_check_hostname=true) for all Redis and Celery connections. (backend/docker-compose.prod.yml) [1] [2] [3]
• Removes the use of the --insecure flag from Redis healthchecks and switches Redis CLI host to localhost for better security and reliability. (backend/docker-compose.prod.yml)

Docker Entrypoint and Script Standardization:

• Renames and consolidates Docker entrypoint and startup scripts for development, testing, and production, updating all Dockerfiles and Compose files to use the new standardized script names. (backend/Dockerfile, backend/Dockerfile.prod, backend/docker-compose.dev.yml, backend/docker-compose.test.yml, backend/docker-compose.test.minimal.yml) [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12]

Docker Compose Improvements:

• Adds a named volume for logs in production (fastapi_rbac_logs_prod_data) and updates log volume mounting for consistency and easier overrides. (backend/docker-compose.prod.yml) [1] [2] [3] [4]
• Adds CELERY_BEAT_SCHEDULER environment variable to the Celery beat service for explicit scheduler configuration. (backend/docker-compose.prod.yml)

Other Minor Improvements:

• Cleans up environment detection logic and improves type annotations and logging formatting in the Redis pre-start script. (backend/app/backend_pre_start.py) [1] [2] [3]
• Updates VSCode task for integration testing to ensure the correct working directory is used. (.vscode/tasks.json)

[Copilot]

Pull request overview

This pull request enhances Redis SSL/TLS security for production deployments, standardizes Docker entrypoint script naming across all environments, and improves Docker Compose service configuration. The changes emphasize fail-fast security practices and better operational clarity.

Key Changes:

• Enforces strict Redis SSL/TLS certificate verification in production with clear error messages when certificates are missing
• Renames Docker entrypoint scripts to a consistent naming pattern (entrypoint-{env}.sh)
• Replaces hardcoded admin credentials in integration tests with configuration-based references

Reviewed changes

Copilot reviewed 26 out of 45 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
backend/app/backend_pre_start.py	Enhanced Redis SSL/TLS security with fail-fast validation, improved logging, and production-grade hostname verification
backend/docker-compose.prod.yml	Updated Redis URLs to require SSL certificate verification, removed insecure flags from healthchecks, added named log volume
backend/Dockerfile	Updated CMD to use renamed entrypoint script entrypoint-dev.sh
backend/Dockerfile.prod	Updated CMD to use renamed entrypoint script entrypoint-prod.sh
backend/queue.dockerfile	Updated script paths and removed unnecessary symlink workarounds
backend/queue.dockerfile.prod	Updated script paths to match new scripts/docker/ structure
backend/docker-compose.dev.yml	Updated all service commands to reference renamed scripts in scripts/docker/
backend/docker-compose.test.yml	Updated test environment scripts to use entrypoint-test.sh and standardized worker/beat script names
backend/docker-compose.test.minimal.yml	Updated entrypoint to use renamed entrypoint-test.sh
backend/scripts/docker/entrypoint-dev.sh	New standardized development entrypoint script
backend/scripts/docker/entrypoint-test.sh	New standardized testing entrypoint script
backend/scripts/docker/entrypoint-prod.sh	New standardized production entrypoint script
backend/scripts/docker/entrypoint.sh	New generic entrypoint script
backend/scripts/docker/start-worker.sh	Updated PYTHONPATH to use /app convention
backend/scripts/docker/start-beat.sh	New Celery beat startup script for Docker
backend/scripts/docker/start-flower.sh	New Flower monitoring startup script for Docker
backend/scripts/local/*.sh	New local development convenience scripts with cross-platform support
backend/scripts/local/*.ps1	New PowerShell equivalents for Windows developers
backend/scripts/README.md	New documentation explaining script organization and usage
backend/test_runner.py	Improved type annotations using Sequence[str] for better compatibility
backend/test/test_csrf_implementation.py	New CSRF protection verification test script
backend/test/integration/test_api_*.py	Updated to use settings.FIRST_SUPERUSER_EMAIL and settings.FIRST_SUPERUSER_PASSWORD instead of hardcoded credentials
docs/database-initialization.md	Updated documentation to reflect new entrypoint script names and correct paths
docs/internal/2025-07-07-refactor-maintenance.md	Updated to reference new entrypoint naming convention
.vscode/tasks.json	Fixed working directory for integration test task
backend/scripts/fix-imports.ps1	Removed (consolidated into local/format scripts)
backend/scripts/beat-start-unix.sh	Removed (replaced by local/start-beat.sh)