chore(docker): bump flex docker to php8.5 (#628)

* chore(docker): bump flex docker to php8.5

* builds apline 3.23

* build 811 aplpine 3.23, php 8.5

* 8.5 fixes

* fix hardcoded tests

* use future proof pattern

* typo

* 3.23 is now default flex

* php8.5 for 8.1.0

* fix comment

* restore php-session mistakenly removed, nice spot Brady

* default to php8.5 in benchmark test

* fix comment for is_default_flex

* use ubuntu 24 with build flex workflow

Author: stephenwaite

.github/workflows/build-322.yml

@@ -12,8 +12,6 @@ name: Flex 3.22 Dockers Build
 #
 # The is_default_flex environment variable is used to determine if this is the default flex image.
 #
-# THIS ALPINE 3.22 VERSION IS TAGGED AS openemr/openemr:flex (THE DEFAULT FLEX IMAGE SINCE is_default_flex IS TRUE)
-# (ENSURE TO MAKE THIS (is_default_flex) FALSE WHEN A NEW ALPINE VERSION TAKES OVER AS THE DEFAULT!)
 
 on:
   workflow_dispatch:
@@ -22,7 +20,7 @@ jobs:
   build:
     uses: ./.github/workflows/build-flex-core.yml
     with:
-      is_default_flex: true
+      is_default_flex: false
       alpine_version: "3.22"
       php_versions: '["8.2", "8.3", "8.4"]'
       php_default: "8.4"

.github/workflows/build-323.yml

@@ -0,0 +1,29 @@
+name: Flex 3.23 Dockers Build
+
+# This workflow builds the OpenEMR Flex Docker images with Alpine 3.23 and PHP versions 8.3, 8.4, and 8.5.
+# And in this configuration will create following dockers (and tags):
+#    PHP 8.3: openemr/openemr:flex-3.23-php-8.3
+#    PHP 8.4: openemr/openemr:flex-3.23-php-8.4
+#    PHP 8.5: openemr/openemr:flex-3.23-php-8.5, openemr/openemr:flex-3.23, openemr/openemr:flex
+#
+# php_versions is a JSON array of PHP versions to build.
+#
+# The php_default will determine the default PHP version (ie. above tag without a php version).
+#
+# The is_default_flex environment variable is used to determine if this is the default flex image.
+#
+# THIS ALPINE 3.23 VERSION IS TAGGED AS openemr/openemr:flex (THE DEFAULT FLEX IMAGE SINCE is_default_flex IS TRUE)
+# (ENSURE TO MAKE THIS (is_default_flex) FALSE WHEN A NEW ALPINE VERSION TAKES OVER AS THE DEFAULT!)
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build-flex-core.yml
+    with:
+      is_default_flex: true
+      alpine_version: "3.23"
+      php_versions: '["8.3", "8.4", "8.5"]'
+      php_default: "8.5"
+    secrets: inherit

.github/workflows/build-flex-core.yml

@@ -19,7 +19,7 @@ on:
 jobs:
   build:
     if: github.repository_owner == 'openemr' && github.repository == 'openemr/openemr-devops' && github.ref == 'refs/heads/master'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         php_version: ${{ fromJson(inputs.php_versions) }}

.github/workflows/test-flex-323.yml

@@ -0,0 +1,35 @@
+# This will run the OpenEMR flex dockers with Alpine 3.23 version. It will test the flex docker images in both
+#  development (ie. dev) mode (codebase used from a shared volume) and production (ie. prod) mode (codebase collected via git).
+#  - is_production_docker is required and needs to be false.
+#  - alpine_versions is set to 3.23
+#  - php_versions are set to 8.3, 8.4 and 8.5
+#  - note not using the coverage settings (is_flex_coverage_docker, flex_coverage_php_version) in this workflow. see
+#    test-flex-edge.yml for use of these settings.
+
+name: OpenEMR Flex 3.23 Docker Test
+
+on:
+  push:
+    branches:
+    - master
+    paths:
+    - '.github/workflows/test-flex-323.yml'
+    - 'docker/openemr/flex/**'
+    - '.github/actions/test-actions-core/action.yml'
+    - '.github/workflows/test-core.yml'
+  pull_request:
+    branches:
+    - master
+    paths:
+    - '.github/workflows/test-flex-323.yml'
+    - 'docker/openemr/flex/**'
+    - '.github/actions/test-actions-core/action.yml'
+    - '.github/workflows/test-core.yml'
+
+jobs:
+  build:
+    uses: ./.github/workflows/test-core.yml
+    with:
+      is_production_docker: false
+      alpine_version: "3.23"
+      php_versions: '["8.3", "8.4", "8.5"]'

docker/openemr/8.1.0/Dockerfile

@@ -21,15 +21,15 @@
 # ============================================================================
 # Alpine Linux version - centralized setting for easy updates
 # Note: This is NOT meant to be used as a build argument (unlike the flex series)
-ARG ALPINE_VERSION=3.22
+ARG ALPINE_VERSION=3.23
 FROM alpine:${ALPINE_VERSION} AS base
 
 # PHP version configuration
 # Note: This is NOT meant to be used as a build argument (unlike the flex series)
 # Important: When updating PHP version, also update php.ini file to match
-ARG PHP_VERSION=8.4
+ARG PHP_VERSION=8.5
 ENV PHP_VERSION=${PHP_VERSION}
-# Create abbreviated version (e.g., "8.4" -> "84") for package naming
+# Create abbreviated version (e.g., "8.5" -> "85") for package naming
 ARG PHP_VERSION_ABBR=${PHP_VERSION//./}
 ENV PHP_VERSION_ABBR=${PHP_VERSION_ABBR}
 
@@ -93,18 +93,16 @@ RUN apk add --no-cache \
     php${PHP_VERSION_ABBR}-gd \
     php${PHP_VERSION_ABBR}-iconv \
     php${PHP_VERSION_ABBR}-intl \
-    php${PHP_VERSION_ABBR}-json \
     php${PHP_VERSION_ABBR}-ldap \
     php${PHP_VERSION_ABBR}-mbstring \
     php${PHP_VERSION_ABBR}-mysqli \
-    "$(if [ "${PHP_VERSION}" = "8.2" ] || [ "${PHP_VERSION}" = "8.3" ] || [ "${PHP_VERSION}" = "8.4" ]; then echo php${PHP_VERSION_ABBR}-opcache; fi)" \
     php${PHP_VERSION_ABBR}-openssl \
     php${PHP_VERSION_ABBR}-pdo \
     php${PHP_VERSION_ABBR}-pdo_mysql \
     php${PHP_VERSION_ABBR}-pecl-apcu \
     php${PHP_VERSION_ABBR}-pecl-imagick \
     php${PHP_VERSION_ABBR}-phar \
-    php${PHP_VERSION_ABBR}-redis \
+    php${PHP_VERSION_ABBR}-pecl-redis \
     php${PHP_VERSION_ABBR}-session \
     php${PHP_VERSION_ABBR}-simplexml \
     php${PHP_VERSION_ABBR}-soap \

docker/openemr/8.1.0/php.ini

@@ -119,16 +119,16 @@
 ;   Development Value: 60 (60 seconds)
 ;   Production Value: 60 (60 seconds)
 
+; mysqlnd.collect_memory_statistics
+;   Default Value: Off
+;   Development Value: On
+;   Production Value: Off
+
 ; output_buffering
 ;   Default Value: Off
 ;   Development Value: 4096
 ;   Production Value: 4096
 
-; register_argc_argv
-;   Default Value: On
-;   Development Value: Off
-;   Production Value: Off
-
 ; request_order
 ;   Default Value: None
 ;   Development Value: "GP"
@@ -322,11 +322,6 @@ serialize_precision = -1
 ; https://php.net/disable-functions
 disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
 
-; This directive allows you to disable certain classes.
-; It receives a comma-delimited list of class names.
-; https://php.net/disable-classes
-disable_classes =
-
 ; Colors for Syntax Highlighting mode.  Anything that's acceptable in
 ; <span style="color: ???????"> would work.
 ; https://php.net/syntax-highlighting
@@ -433,6 +428,7 @@ max_input_vars = 3000
 ; Maximum amount of memory a script may consume
 ; https://php.net/memory-limit
 memory_limit = 512M
+max_memory_limit = -1
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@@ -533,12 +529,6 @@ ignore_repeated_errors = Off
 ; https://php.net/ignore-repeated-source
 ignore_repeated_source = Off
 
-; If this parameter is set to Off, then memory leaks will not be shown (on
-; stdout or in the log). This is only effective in a debug compile, and if
-; error reporting includes E_WARNING in the allowed list
-; https://php.net/report-memleaks
-report_memleaks = On
-
 ; This setting is off by default.
 ;report_zend_debug = 0
 
@@ -617,6 +607,12 @@ report_memleaks = On
 ; Development value: 0
 ; Production value: 0
 
+; This directive controls whether PHP will output the backtrace of fatal errors.
+; Default Value: On
+; Development Value: On
+; Production Value: On
+;fatal_error_backtraces = On
+
 ;;;;;;;;;;;;;;;;;
 ; Data Handling ;
 ;;;;;;;;;;;;;;;;;
@@ -666,12 +662,10 @@ request_order = "GP"
 ; that were passed when the script was invoked. These arrays are extremely
 ; useful when running scripts from the command line. When this directive is
 ; enabled, registering these variables consumes CPU cycles and memory each time
-; a script is executed. For performance reasons, this feature should be disabled
-; on production servers.
-; Note: This directive is hardcoded to On for the CLI SAPI
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
+; a script is executed. For security reasons, this feature should be disabled
+; for non-CLI SAPIs.
+; Note: This directive is ignored for the CLI SAPI
+; This directive is deprecated.
 ; https://php.net/register-argc-argv
 register_argc_argv = Off
 
@@ -738,7 +732,7 @@ default_charset = "UTF-8"
 ;;;;;;;;;;;;;;;;;;;;;;;;;
 
 ; UNIX: "/path1:/path2"
-include_path = ".:/usr/share/php84"
+include_path = ".:/usr/share/php85"
 ;
 ; Windows: "\path1;\path2"
 ;include_path = ".;c:\php\includes"
@@ -814,6 +808,12 @@ enable_dl = Off
 ; https://php.net/fastcgi.impersonate
 ;fastcgi.impersonate = 1
 
+; Prevent decoding of SCRIPT_FILENAME when using Apache ProxyPass or
+; ProxyPassMatch. This should be used if script file paths are not stored
+; in an encoded format on the file system.
+; Default is 1.
+;fastcgi.script_path_encoded = 0
+
 ; Disable logging through FastCGI connection. PHP's default behavior is to enable
 ; this feature.
 ;fastcgi.logging = 0
@@ -916,8 +916,8 @@ default_socket_timeout = 60
 ;   Be sure to appropriately set the extension_dir directive.
 ;
 ;extension=bz2
-
 ;extension=curl
+;extension=exif
 ;extension=ffi
 ;extension=ftp
 ;extension=fileinfo
@@ -927,7 +927,6 @@ default_socket_timeout = 60
 ;extension=intl
 ;extension=ldap
 ;extension=mbstring
-;extension=exif      ; Must be after mbstring as it depends on it
 ;extension=mysqli
 ;extension=odbc
 ;extension=openssl
@@ -951,8 +950,6 @@ default_socket_timeout = 60
 ;extension=xsl
 ;extension=zip
 
-;zend_extension=opcache
-
 ;;;;;;;;;;;;;;;;;;;
 ; Module Settings ;
 ;;;;;;;;;;;;;;;;;;;
@@ -1008,8 +1005,12 @@ cli_server.color = On
 ; This directive allows you to produce PHP errors when some error
 ; happens within intl functions. The value is the level of the error produced.
 ; Default is 0, which does not produce any errors.
+; This directive is deprecated.
 ;intl.error_level = E_WARNING
-;intl.use_exceptions = 0
+; If enabled this directive indicates that when an error occurs within an
+; intl function a IntlException should be thrown.
+; Default is Off, which means errors need to be handled manually.
+;intl.use_exceptions = On
 
 [sqlite3]
 ; Directory pointing to SQLite3 extensions
@@ -1087,6 +1088,14 @@ mail.add_x_header = Off
 ; RFC 2822 non conformant MTA.
 mail.mixed_lf_and_crlf = Off
 
+; Control line ending mode for mail messages and headers.
+; Possible values: "crlf" (default), "lf", "mixed", "os"
+; - crlf: Use CRLF line endings
+; - lf: Use LF line endings only (converts CRLF in message to LF)
+; - mixed: Same as mail.mixed_lf_and_crlf = On
+; - os: Use CRLF on Windows, LF on other systems
+mail.cr_lf_mode = crlf
+
 ; The path to a log file that will log all mail() calls. Log entries include
 ; the full path of the script, line number, To address and headers.
 ;mail.log =
@@ -1156,10 +1165,7 @@ mysqli.allow_persistent = On
 ; https://php.net/mysqli.max-links
 mysqli.max_links = -1
 
-; Default port number for mysqli_connect().  If unset, mysqli_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
-; at MYSQL_PORT.
+; Default port number for mysqli_connect().
 ; https://php.net/mysqli.default-port
 mysqli.default_port = 3306
 
@@ -1168,15 +1174,15 @@ mysqli.default_port = 3306
 ; https://php.net/mysqli.default-socket
 mysqli.default_socket =
 
-; Default host for mysqli_connect() (doesn't apply in safe mode).
+; Default host for mysqli_connect().
 ; https://php.net/mysqli.default-host
 mysqli.default_host =
 
-; Default user for mysqli_connect() (doesn't apply in safe mode).
+; Default user for mysqli_connect().
 ; https://php.net/mysqli.default-user
 mysqli.default_user =
 
-; Default password for mysqli_connect() (doesn't apply in safe mode).
+; Default password for mysqli_connect().
 ; Note that this is generally a *bad* idea to store passwords in this file.
 ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
 ; and reveal this password!  And of course, any users with read access to this
@@ -1196,6 +1202,9 @@ mysqlnd.collect_statistics = On
 
 ; Enable / Disable collection of memory usage statistics by mysqlnd which can be
 ; used to tune and monitor MySQL operations.
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
 mysqlnd.collect_memory_statistics = Off
 
 ; Records communication from all extensions using mysqlnd to the specified log
@@ -1310,6 +1319,9 @@ session.use_cookies = 1
 ; https://php.net/session.cookie-secure
 ;session.cookie_secure =
 
+; https://php.net/session.cookie-partitioned
+;session.cookie_partitioned = 0
+
 ; This option forces PHP to fetch and use a cookie for storing and maintaining
 ; the session id. We encourage this operation as it's very helpful in combating
 ; session hijacking when not specifying and managing your own session id. It is
@@ -1769,6 +1781,15 @@ opcache.enable=1
 ; SHM reset. The default "" disables file based caching.
 ;opcache.file_cache=
 
+; Enables or disables read-only mode for the second level cache directory.
+; It should improve performance for read-only containers,
+; when the cache is pre-warmed and packaged alongside the application.
+; Best used with `opcache.validate_timestamps=0`, `opcache.enable_file_override=1`
+; and `opcache.file_cache_consistency_checks=0`.
+; Note: A cache generated with a different build of PHP, a different file path,
+; or different settings (including which extensions are loaded), may be ignored.
+;opcache.file_cache_read_only=0
+
 ; Enables or disables opcode caching in shared memory.
 ;opcache.file_cache_only=0
 
@@ -1840,6 +1861,14 @@ opcache.enable=1
 ; SSL stream context option.
 ;openssl.capath=
 
+; The libctx is an OpenSSL library context. OpenSSL defines a default library
+; context, but PHP OpenSSL also defines its own library context to avoid
+; interference with other libraries using OpenSSL and to provide an independent
+; context for each thread in ZTS. Possible values:
+;  "custom"  - use a custom library context (default)
+;  "default" - use the default OpenSSL library context
+;openssl.libctx=custom
+
 [ffi]
 ; FFI API restriction. Possible values:
 ; "preload" - enabled in CLI scripts and preloaded files (default)