From e6da6c3d3345cb5b1ef2d66b750f0824a0108a7a Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 28 Jan 2026 07:58:35 +0000
Subject: [PATCH 1/2] Use flexible PHP version in Docker builds

- Switch from Docker Hub to AWS ECR Public Gallery for base images
  to avoid rate limiting issues (addresses #268)
- Use build args for PHP and Composer versions, allowing version
  flexibility without changing the Dockerfile
- Copy Composer binary from official image into PHP base image,
  ensuring the PHP version used for dependency installation matches
  the runtime version
- Add PHP version matrix to Docker build CI workflow, testing builds
  with all PHP versions supported by the project (currently 8.3, 8.4)

This change enables Dependabot Composer updates to work correctly
by decoupling the Composer version from the PHP version used in builds.

https://claude.ai/code/session_01UkUqTPwnnc56NFoFqo52Lv
---
 .github/workflows/docker-build.yml | 20 +++++++++++++++++---
 Dockerfile                         | 16 ++++++++++++++--
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 6603717..46fc003 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -4,13 +4,27 @@ name: Docker build and run
 permissions:
   contents: read
 jobs:
+  php-versions:
+    name: Lookup PHP versions
+    runs-on: ubuntu-24.04
+    outputs:
+      matrix: ${{ steps.versions.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v6
+      - uses: antfroger/php-version-action@v1
+        id: versions
+
   build:
-    name: Docker build and run
+    name: Docker build and run (PHP ${{ matrix.php-version }})
+    needs: php-versions
     if: '!github.event.deleted'
     runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        php-version: ${{ fromJSON(needs.php-versions.outputs.matrix) }}
     steps:
       - uses: actions/checkout@v6
       - name: Docker build
-        run: docker build --tag github-security-jira:latest .
+        run: docker build --build-arg PHP_VERSION=${{ matrix.php-version }} --tag github-security-jira:php${{ matrix.php-version }} .
       - name: Run in Docker
-        run: docker run -t --rm github-security-jira:latest --version
+        run: docker run -t --rm github-security-jira:php${{ matrix.php-version }} --version
diff --git a/Dockerfile b/Dockerfile
index 52efa46..36a41aa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,16 @@
+# Build arguments for version flexibility
+ARG PHP_VERSION=8.3
+ARG COMPOSER_VERSION=2
+
+# -----------------
+# Get Composer binary from official image
+FROM public.ecr.aws/docker/library/composer:${COMPOSER_VERSION} AS composer
+
 # -----------------
-FROM composer:2.9.1@sha256:7384cf9fa70b710af02c9f40bec6e44472e07138efa5ab3428a058087c0d2724 AS build-env
+# Build stage: install dependencies using matching PHP version
+FROM public.ecr.aws/docker/library/php:${PHP_VERSION}-alpine AS build-env
+
+COPY --from=composer /usr/bin/composer /usr/bin/composer
 
 COPY . /opt/ghsec-jira/
 
@@ -8,7 +19,8 @@ WORKDIR /opt/ghsec-jira
 RUN composer install --prefer-dist --no-dev
 
 # -----------------
-FROM php:8.3.7-alpine3.18@sha256:3da837b84db645187ae2f24ca664da3faee7c546f0e8d930950b12d24f0d8fa0
+# Runtime stage
+FROM public.ecr.aws/docker/library/php:${PHP_VERSION}-alpine
 
 COPY --from=build-env /opt/ghsec-jira/ /opt/ghsec-jira/
 

From f3c44c1d0042ca4ba58930248cf072b6150477df Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 28 Jan 2026 08:03:52 +0000
Subject: [PATCH 2/2] Use Docker Hub images instead of ECR

Keep using standard Docker Hub image references rather than
switching to AWS ECR Public Gallery.

https://claude.ai/code/session_01UkUqTPwnnc56NFoFqo52Lv
---
 Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 36a41aa..02fcbc6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,11 +4,11 @@ ARG COMPOSER_VERSION=2
 
 # -----------------
 # Get Composer binary from official image
-FROM public.ecr.aws/docker/library/composer:${COMPOSER_VERSION} AS composer
+FROM composer:${COMPOSER_VERSION} AS composer
 
 # -----------------
 # Build stage: install dependencies using matching PHP version
-FROM public.ecr.aws/docker/library/php:${PHP_VERSION}-alpine AS build-env
+FROM php:${PHP_VERSION}-alpine AS build-env
 
 COPY --from=composer /usr/bin/composer /usr/bin/composer
 
@@ -20,7 +20,7 @@ RUN composer install --prefer-dist --no-dev
 
 # -----------------
 # Runtime stage
-FROM public.ecr.aws/docker/library/php:${PHP_VERSION}-alpine
+FROM php:${PHP_VERSION}-alpine
 
 COPY --from=build-env /opt/ghsec-jira/ /opt/ghsec-jira/