Environment Hardening and Production Readiness for Render Deployment

[MrViincciLeRoy]

Summary

This PR introduces critical configuration changes to transition the Job Finders application from a development-centric setup to a production-ready environment, specifically optimized for Render.
The updates focus on environment variable management, enhanced security logging, and infrastructure configuration. Key changes include the transition from required to optional (defaulted) environment variables in Pydantic settings, the inclusion of a render.yaml Blueprint for automated infrastructure provisioning, and fixes to logging and database relationship definitions.

Key Changes

📂 Infrastructure & Deployment

• Render Blueprint: Added render.yaml to define the web service, managed PostgreSQL database, and environment variable mappings.
• Environment Settings: Updated src/config/init.py to use default="" for several sensitive keys (PayFast, Hashnode, Redis). This prevents the application from crashing on startup if these optional integrations are missing.
• Dependency Management: Finalized requirements.txt with specific version pinning for core libraries like Flask, SQLAlchemy, and SpaCy.

🔐 Security & Reliability

• Logging: Updated AppLogger to automatically create the logs/ directory if it doesn't exist, preventing FileNotFoundError in new environments.
• Security Middleware: Refined the Flask factory (create_app) to include security headers, attack detection middleware, and automated security auditing for every request.
• Database Fix: Corrected a ForeignKey reference in billing_sql.py to point to the correct companies table, ensuring data integrity for payment methods.

🛠 Code Quality & Logic

• Factory Pattern: Streamlined the create_app boot sequence, including better integration for the AP Scheduler and teardown logic for database controllers.
• Typing & Formatting: Fixed various syntax issues in src/routes/utils.py, including incorrect quote usage and type hinting for the User model.
• Template Filters: Added a safe_html filter using bleach to sanitize user-generated content and prevent XSS.

🚀 Deployment Notes

• Ensure the following variables are set in the Render Dashboard if they differ from the defaults:
  • PRODUCTION_SQL_DB (Connection String)
  • RESEND_API_KEY
  • OPENROUTER_API_KEY
• The build command now automatically downloads the en_core_web_sm SpaCy model required for job parsing.

How to Review

1. Verify the render.yaml configuration matches our expected resource plan (Free tier).
2. Check src/config/init.py to ensure that removing ... (required fields) doesn't bypass critical security checks in local dev environments.
3. Confirm the database migration strategy for the changed company_id ForeignKey.

Note

• At this point the code still isn't working well