Use PHP 8.5 for the base image

[samdark]

Q	A
Is bugfix?	❌
New feature?	❌
Breaks BC?	❌
Fixed issues	-

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.96%. Comparing base (07cc123) to head (9af4a41).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #423   +/-   ##
=========================================
  Coverage     76.96%   76.96%           
  Complexity       29       29           
=========================================
  Files            11       11           
  Lines           178      178           
=========================================
  Hits            137      137           
  Misses           41       41           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR attempts to upgrade the Docker base image from PHP 8.2 to PHP 8.5 for the FrankenPHP-based application. However, this change is problematic as PHP 8.5 has not been released yet.

Key Change:

• Updates the base Docker image from dunglas/frankenphp:1-php8.2-bookworm to dunglas/frankenphp:1-php8.5-bookworm

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The base image dunglas/frankenphp:1-php8.5-bookworm is referenced only by a mutable tag, which makes the build dependent on whatever image is pushed to that tag in the future. If the upstream registry or image owner is compromised, an attacker could publish a malicious image under the same tag and your builds would consume it without any Dockerfile changes. To reduce supply chain risk, pin this dependency to an immutable image digest and, if possible, verify its provenance in your build pipeline.

[vjik]

Why? Minimal PHP version for template is 8.2.

[samdark]

Mainly because of initial installation using composer from Docker https://yiisoft.github.io/docs/guide/start/creating-project.html

docker run --rm -it -v "$(pwd):/app" composer/composer create-project yiisoft/app your_project
sudo chown -R $(id -u):$(id -g) your_project

In this case composer has PHP 8.5 inside so it creates the app with dependencies targeted for 8.5.

[samdark]

composer/composer#12691

[samdark]

Solved with additional make composer update in the guide for now.