From 8bd81e7cd1935f67ef152ba80000184df30563fe Mon Sep 17 00:00:00 2001
From: Daniel Del Rio <daniel@passbolt.com>
Date: Tue, 6 Jun 2023 09:27:10 +0000
Subject: [PATCH 1/3] PB-24921: add slack message on image publish step

---
 .gitlab-ci/Jobs/publish.yaml                  |  7 ++--
 .../scripts/bin/slack-status-messages.sh      | 41 +++++++++++++++++++
 2 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 .gitlab-ci/scripts/bin/slack-status-messages.sh

diff --git a/.gitlab-ci/Jobs/publish.yaml b/.gitlab-ci/Jobs/publish.yaml
index fbf82c1..61ca91a 100644
--- a/.gitlab-ci/Jobs/publish.yaml
+++ b/.gitlab-ci/Jobs/publish.yaml
@@ -99,7 +99,7 @@ publish-ce:
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:latest" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest"
-
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
 publish-ce-non-root:
   extends: .publish
   variables:
@@ -111,7 +111,7 @@ publish-ce-non-root:
     - ./manifest-tool-linux-amd64 push from-spec manifests.yaml
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
-
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
 publish-pro:
   extends: .publish
   variables:
@@ -123,10 +123,10 @@ publish-pro:
     - ./manifest-tool-linux-amd64 push from-spec manifests.yaml
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
   rules:
     - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_PUBLISH == "pro"'
       when: on_success
-
 publish-pro-non-root:
   extends: .publish
   variables:
@@ -138,6 +138,7 @@ publish-pro-non-root:
     - ./manifest-tool-linux-amd64 push from-spec manifests.yaml
     - crane cp "${CI_REGISTRY_IMAGE}:latest-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:latest-${PASSBOLT_IMAGE_FLAVOUR}"
     - crane cp "${CI_REGISTRY_IMAGE}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}" "${DOCKER_HUB_PASSBOLT_REGISTRY}:${PASSBOLT_VERSION}-${PASSBOLT_IMAGE_FLAVOUR}"
+    - 'bash .gitlab-ci/scripts/bin/slack-status-messages.sh ":whale: $PASSBOLT_VERSION $PASSBOLT_IMAGE_FLAVOUR docker image has been published" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"'
   rules:
     - if: '$PASSBOLT_VERSION && $CI_COMMIT_BRANCH == "master" && $PASSBOLT_PUBLISH == "pro"'
       when: on_success
diff --git a/.gitlab-ci/scripts/bin/slack-status-messages.sh b/.gitlab-ci/scripts/bin/slack-status-messages.sh
new file mode 100644
index 0000000..6e408c7
--- /dev/null
+++ b/.gitlab-ci/scripts/bin/slack-status-messages.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Variables required
+# CI_PROJECT_NAME
+# CI_PIPELINE_ID
+# SLACK_CHANNEL_ID
+# SLACK_WEBHOOK
+
+title="$1"
+url="$2"
+
+curl -X POST -H 'Content-type: application/json' $SLACK_WEBHOOK \
+--data-binary @- <<EOF
+{
+  "channel": "$SLACK_CHANNEL_ID",
+  "attachments": [
+    {
+      "color": "#36A64F",
+      "title": "$title",
+      "attachment_type": "default",
+      "actions": [
+        {
+          "name": "Logs",
+          "text": "Logs",
+          "type": "button",
+          "style": "default",
+          "url": "$url"
+        },
+        {
+          "name": "DockerHub",
+          "text": "DockerHub",
+          "type": "button",
+          "style": "primary",
+          "url": "https://hub.docker.com/r/passbolt/passbolt/tags"
+        }
+      ]
+    }
+  ]
+}
+EOF
+

From f9019b3c594d2aad5981ad45022dc36bf8535790 Mon Sep 17 00:00:00 2001
From: Diego Lendoiro <diego@passbolt.com>
Date: Thu, 15 Jun 2023 07:56:20 +0000
Subject: [PATCH 2/3] Feature/pb 24985

---
 .gitignore                                    | 36 +--------------
 .gitlab-ci/Jobs/build_image.yml               | 32 ++++++-------
 conf/supervisor/php.conf                      |  2 +-
 debian/Dockerfile                             |  7 ++-
 debian/Dockerfile.rootless                    |  8 ++--
 docker-compose/docker-compose-ce.yaml         | 14 ++++--
 docker-compose/docker-compose-pro.yaml        |  4 +-
 spec/docker_image/image_spec.rb               |  2 +-
 spec/docker_runtime/runtime_spec.rb           | 11 ++---
 .../runtime_no_envs_spec.rb                   | 45 +++++++++----------
 .../docker_runtime_with_passbolt_php_spec.rb  | 14 +++---
 11 files changed, 74 insertions(+), 101 deletions(-)

diff --git a/.gitignore b/.gitignore
index 090b678..bdd5127 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,42 +1,10 @@
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# IDE and editor specific files
-/nbproject
-.idea
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-## File-based project format:
-*.iws
-
-## Plugin-specific files:
-
-# IntelliJ
-/out/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
 # Generated docker files
 conf/*.key
 
-# src directory used for local development
-src
-
-.ruby-version
-
 .bundle
 
 # docker compose specific
 dev/.env
-
-# Vim session files
 *.vim
+vendor
+*subscription_key.txt
diff --git a/.gitlab-ci/Jobs/build_image.yml b/.gitlab-ci/Jobs/build_image.yml
index 8545575..1022731 100644
--- a/.gitlab-ci/Jobs/build_image.yml
+++ b/.gitlab-ci/Jobs/build_image.yml
@@ -59,7 +59,7 @@ build-ce-stable-docker:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-ce-stable-rootless:
@@ -68,7 +68,7 @@ build-ce-stable-rootless:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-pro-stable-docker:
@@ -77,7 +77,7 @@ build-pro-stable-docker:
     DOCKERFILE_PATH: "debian/Dockerfile"
     DOCKER_TAG: "root"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-pro-stable-rootless:
@@ -86,7 +86,7 @@ build-pro-stable-rootless:
     DOCKERFILE_PATH: "debian/Dockerfile.rootless"
     DOCKER_TAG: "rootless"
     SUPERCRONIC_ARCH: amd64
-    SUPERCRONIC_SHA1SUM: 2319da694833c7a147976b8e5f337cd83397d6be
+    SUPERCRONIC_SHA1SUM: 642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
     PLATFORM: "linux/amd64"
 
 build-ce-stable-docker-arm64-v8:
@@ -98,7 +98,7 @@ build-ce-stable-docker-arm64-v8:
     DOCKER_TAG: "root-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-ce-stable-rootless-arm64-v8:
   tags:
@@ -109,7 +109,7 @@ build-ce-stable-rootless-arm64-v8:
     DOCKER_TAG: "rootless-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-pro-stable-docker-arm64-v8:
   tags:
@@ -120,7 +120,7 @@ build-pro-stable-docker-arm64-v8:
     DOCKER_TAG: "root-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-pro-stable-rootless-arm64-v8:
   tags:
@@ -131,7 +131,7 @@ build-pro-stable-rootless-arm64-v8:
     DOCKER_TAG: "rootless-arm64-v8"
     PLATFORM: "linux/arm64/v8"
     SUPERCRONIC_ARCH: arm64
-    SUPERCRONIC_SHA1SUM: c7d51b610d96a9a58d5eef0308922acc8be62eac
+    SUPERCRONIC_SHA1SUM: 0b658d66bd54cf10aeccd9bdbd95fc7d9ba84a61
 
 build-ce-stable-docker-arm-v5:
   tags:
@@ -142,7 +142,7 @@ build-ce-stable-docker-arm-v5:
     DOCKER_TAG: "root-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-rootless-arm-v5:
   tags:
@@ -153,7 +153,7 @@ build-ce-stable-rootless-arm-v5:
     DOCKER_TAG: "rootless-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-docker-arm-v5:
   tags:
@@ -164,7 +164,7 @@ build-pro-stable-docker-arm-v5:
     DOCKER_TAG: "root-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-rootless-arm-v5:
   tags:
@@ -175,7 +175,7 @@ build-pro-stable-rootless-arm-v5:
     DOCKER_TAG: "rootless-arm-v5"
     PLATFORM: "linux/arm/v5"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-docker-arm-v7:
   tags:
@@ -186,7 +186,7 @@ build-ce-stable-docker-arm-v7:
     DOCKER_TAG: "root-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-ce-stable-rootless-arm-v7:
   tags:
@@ -197,7 +197,7 @@ build-ce-stable-rootless-arm-v7:
     DOCKER_TAG: "rootless-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-docker-arm-v7:
   tags:
@@ -208,7 +208,7 @@ build-pro-stable-docker-arm-v7:
     DOCKER_TAG: "root-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
 
 build-pro-stable-rootless-arm-v7:
   tags:
@@ -219,4 +219,4 @@ build-pro-stable-rootless-arm-v7:
     DOCKER_TAG: "rootless-arm-v7"
     PLATFORM: "linux/arm/v7"
     SUPERCRONIC_ARCH: arm
-    SUPERCRONIC_SHA1SUM: f6a61efbdd9a223e750aa03d16bbc417113a64d9
+    SUPERCRONIC_SHA1SUM: 4f625d77d2f9a790ea4ad679d0d2c318a14ec3be
diff --git a/conf/supervisor/php.conf b/conf/supervisor/php.conf
index c590572..d2d3e71 100644
--- a/conf/supervisor/php.conf
+++ b/conf/supervisor/php.conf
@@ -1,5 +1,5 @@
 [program:php-fpm]
-command=php-fpm7.4 -F
+command=php-fpm8.2 -F
 autostart=true
 priority=5
 stdout_logfile=/dev/stdout
diff --git a/debian/Dockerfile b/debian/Dockerfile
index 2e71234..48e5d5b 100644
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="Passbolt SA <contact@passbolt.com>"
 
@@ -9,7 +9,7 @@ ARG PASSBOLT_SERVER_KEY="hkps://keys.mailvelope.com "
 ARG PASSBOLT_REPO_URL="https://download.passbolt.com/$PASSBOLT_FLAVOUR/debian"
 
 ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
-ENV PHP_VERSION=7.4
+ENV PHP_VERSION=8.2
 ENV GNUPGHOME=/var/lib/passbolt/.gnupg
 ENV PASSBOLT_FLAVOUR=$PASSBOLT_FLAVOUR
 ENV PASSBOLT_PKG="passbolt-$PASSBOLT_FLAVOUR-server"
@@ -28,7 +28,6 @@ RUN apt-get update \
   curl \
   && rm -f /etc/passbolt/jwt/* \
   && rm /etc/nginx/sites-enabled/default \
-  && mkdir /run/php \
   && cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \
   && sed -i 's,;clear_env = no,clear_env = no,' /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \
   && sed -i 's,# include __PASSBOLT_SSL__,include /etc/nginx/snippets/passbolt-ssl.conf;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \
@@ -63,4 +62,4 @@ EXPOSE 80 443
 
 WORKDIR /usr/share/php/passbolt
 
-CMD ["//docker-entrypoint.sh"]
+CMD ["/docker-entrypoint.sh"]
diff --git a/debian/Dockerfile.rootless b/debian/Dockerfile.rootless
index 6ba8bd6..4f72553 100644
--- a/debian/Dockerfile.rootless
+++ b/debian/Dockerfile.rootless
@@ -1,9 +1,9 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
 LABEL maintainer="Passbolt SA <contact@passbolt.com>"
 
 ARG SUPERCRONIC_ARCH=amd64
-ARG SUPERCRONIC_SHA1SUM=2319da694833c7a147976b8e5f337cd83397d6be
+ARG SUPERCRONIC_SHA1SUM=642f4f5a2b67f3400b5ea71ff24f18c0a7d77d49
 
 ARG PASSBOLT_DISTRO="buster"
 ARG PASSBOLT_COMPONENT="stable"
@@ -13,9 +13,9 @@ ARG PASSBOLT_PKG=passbolt-$PASSBOLT_FLAVOUR-server
 ARG PASSBOLT_REPO_URL="https://download.passbolt.com/$PASSBOLT_FLAVOUR/debian"
 
 ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
-ENV PHP_VERSION=7.4
+ENV PHP_VERSION=8.2
 ENV GNUPGHOME=/var/lib/passbolt/.gnupg
-ENV SUPERCRONIC_VERSION=0.2.2
+ENV SUPERCRONIC_VERSION=0.2.25
 ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v${SUPERCRONIC_VERSION}/supercronic-linux-${SUPERCRONIC_ARCH} \
     SUPERCRONIC=supercronic-linux-${SUPERCRONIC_ARCH}
 ENV PASSBOLT_FLAVOUR="${PASSBOLT_FLAVOUR}"
diff --git a/docker-compose/docker-compose-ce.yaml b/docker-compose/docker-compose-ce.yaml
index 60b54af..96a46aa 100644
--- a/docker-compose/docker-compose-ce.yaml
+++ b/docker-compose/docker-compose-ce.yaml
@@ -1,7 +1,7 @@
-version: '3.9'
+version: "3.9"
 services:
   db:
-    image: mariadb:10.10
+    image: mariadb:10.11
     restart: unless-stopped
     environment:
       MYSQL_RANDOM_ROOT_PASSWORD: "true"
@@ -27,7 +27,15 @@ services:
     volumes:
       - gpg_volume:/etc/passbolt/gpg
       - jwt_volume:/etc/passbolt/jwt
-    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
+    command:
+      [
+        "/usr/bin/wait-for.sh",
+        "-t",
+        "0",
+        "db:3306",
+        "--",
+        "/docker-entrypoint.sh",
+      ]
     ports:
       - 80:80
       - 443:443
diff --git a/docker-compose/docker-compose-pro.yaml b/docker-compose/docker-compose-pro.yaml
index fa6f74e..5bd0077 100644
--- a/docker-compose/docker-compose-pro.yaml
+++ b/docker-compose/docker-compose-pro.yaml
@@ -1,7 +1,7 @@
-version: '3.9'
+version: "3.9"
 services:
   db:
-    image: mariadb:10.10
+    image: mariadb:10.11
     restart: unless-stopped
     environment:
       MYSQL_RANDOM_ROOT_PASSWORD: "true"
diff --git a/spec/docker_image/image_spec.rb b/spec/docker_image/image_spec.rb
index 1863a95..a21b5c5 100644
--- a/spec/docker_image/image_spec.rb
+++ b/spec/docker_image/image_spec.rb
@@ -36,7 +36,7 @@
   end
 
   let(:nginx_conf)      { '/etc/nginx/nginx.conf' }
-  let(:php_conf)        { '/etc/php/7.4/fpm/php.ini' }
+  let(:php_conf)        { '/etc/php/8.2/fpm/php.ini' }
   let(:site_conf)       { '/etc/nginx/sites-enabled/nginx-passbolt.conf' }
   let(:supervisor_conf) do
     ['/etc/supervisor/conf.d/nginx.conf',
diff --git a/spec/docker_runtime/runtime_spec.rb b/spec/docker_runtime/runtime_spec.rb
index 6935b14..57b9be4 100644
--- a/spec/docker_runtime/runtime_spec.rb
+++ b/spec/docker_runtime/runtime_spec.rb
@@ -13,10 +13,10 @@
 
     @mysql = Docker::Container.create(
       'Env' => [
-        'MYSQL_ROOT_PASSWORD=test',
-        'MYSQL_DATABASE=passbolt',
-        'MYSQL_USER=passbolt',
-        'MYSQL_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
+        'MARIADB_ROOT_PASSWORD=test',
+        'MARIADB_DATABASE=passbolt',
+        'MARIADB_USER=passbolt',
+        'MARIADB_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
       ],
       'Healthcheck' => {
         "Test": [
@@ -87,7 +87,8 @@
 
   let(:rootless_env_setup) do
     # The sed command needs to create a temporary file on the same directory as the destination file (/etc/cron.d).
-    # So when running this tests on the rootless image we have to move the crontab file to tmp, execute the sed on it and copy it back to /etc/cron.d.
+    # So when running this tests on the rootless image we have to move the crontab file to tmp, execute the sed on it
+    # and copy it back to /etc/cron.d.
     @container.exec(['cp', "/etc/cron.d/passbolt-#{ENV['PASSBOLT_FLAVOUR']}-server", '/tmp/passbolt-cron'])
     @container.exec(['cp', "/etc/cron.d/passbolt-#{ENV['PASSBOLT_FLAVOUR']}-server", '/tmp/passbolt-cron-temporary'])
     @container.exec(
diff --git a/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb b/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb
index f71719a..fb6cb5d 100644
--- a/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb
+++ b/spec/docker_runtime_no_envs/runtime_no_envs_spec.rb
@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe 'passbolt_api service' do
-
   before(:all) do
     if ENV['GITLAB_CI']
       @mysql_image = Docker::Image.create('fromImage' => 'registry.gitlab.com/passbolt/passbolt-ci-docker-images/mariadb-10.3:latest')
@@ -10,23 +9,22 @@
     end
     @mysql = Docker::Container.create(
       'Env' => [
-        'MYSQL_ROOT_PASSWORD=test',
-        'MYSQL_DATABASE=passbolt',
-        'MYSQL_USER=passbolt',
-        'MYSQL_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
+        'MARIADB_ROOT_PASSWORD=test',
+        'MARIADB_DATABASE=passbolt',
+        'MARIADB_USER=passbolt',
+        'MARIADB_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
       ],
-      "Healthcheck" => {
+      'Healthcheck' => {
         "Test": [
-          "CMD-SHELL",
-          "mysqladmin ping --silent"
+          'CMD-SHELL',
+          'mysqladmin ping --silent'
         ]
       },
-      'Image' => @mysql_image.id)
+      'Image' => @mysql_image.id
+    )
     @mysql.start
 
-    while @mysql.json['State']['Health']['Status'] != 'healthy'
-      sleep 1
-    end
+    sleep 1 while @mysql.json['State']['Health']['Status'] != 'healthy'
 
     if ENV['GITLAB_CI']
       Docker.authenticate!(
@@ -34,25 +32,27 @@
         'password' => ENV['CI_REGISTRY_PASSWORD'].to_s,
         'serveraddress' => 'https://registry.gitlab.com/'
       )
-      if ENV['ROOTLESS'] == 'true'
-        @image = Docker::Image.create('fromImage' => "#{ENV['CI_REGISTRY_IMAGE']}:#{ENV['PASSBOLT_FLAVOUR']}-rootless-latest")
-      else
-        @image = Docker::Image.create('fromImage' => "#{ENV['CI_REGISTRY_IMAGE']}:#{ENV['PASSBOLT_FLAVOUR']}-root-latest")
-      end
+      @image = if ENV['ROOTLESS'] == 'true'
+                 Docker::Image.create('fromImage' => "#{ENV['CI_REGISTRY_IMAGE']}:#{ENV['PASSBOLT_FLAVOUR']}-rootless-latest")
+               else
+                 Docker::Image.create('fromImage' => "#{ENV['CI_REGISTRY_IMAGE']}:#{ENV['PASSBOLT_FLAVOUR']}-root-latest")
+               end
     else
-      @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES, { 'dockerfile' => $dockerfile, 'buildargs' => JSON.generate($buildargs) } )
+      @image = Docker::Image.build_from_dir(ROOT_DOCKERFILES,
+                                            { 'dockerfile' => $dockerfile, 'buildargs' => JSON.generate($buildargs) })
     end
 
     @container = Docker::Container.create(
       'Env' => [
-        "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}",
+        "DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}"
       ],
       'Binds' => $binds.append(
         "#{FIXTURES_PATH + '/passbolt.php'}:#{PASSBOLT_CONFIG_PATH + '/passbolt.php'}",
         "#{FIXTURES_PATH + '/public-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure.key'}",
-        "#{FIXTURES_PATH + '/private-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure_private.key'}",
+        "#{FIXTURES_PATH + '/private-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure_private.key'}"
       ),
-      'Image' => @image.id)
+      'Image' => @image.id
+    )
 
     @container.start
     @container.logs(stdout: true)
@@ -67,7 +67,7 @@
   end
 
   let(:passbolt_host)     { @container.json['NetworkSettings']['IPAddress'] }
-  let(:uri)               { "/healthcheck/status.json" }
+  let(:uri)               { '/healthcheck/status.json' }
   let(:curl)              { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}:#{$https_port}/#{uri}" }
 
   describe 'php service' do
@@ -119,5 +119,4 @@
       expect(command("#{curl} | grep 'server:'").stdout.strip).to match(/^server:\s+nginx.*$/)
     end
   end
-
 end
diff --git a/spec/docker_runtime_with_passbolt_php/docker_runtime_with_passbolt_php_spec.rb b/spec/docker_runtime_with_passbolt_php/docker_runtime_with_passbolt_php_spec.rb
index 5b08f9a..c35281a 100644
--- a/spec/docker_runtime_with_passbolt_php/docker_runtime_with_passbolt_php_spec.rb
+++ b/spec/docker_runtime_with_passbolt_php/docker_runtime_with_passbolt_php_spec.rb
@@ -1,4 +1,3 @@
-
 require 'spec_helper'
 
 describe 'passbolt_api service' do
@@ -14,10 +13,10 @@
 
     @mysql = Docker::Container.create(
       'Env' => [
-        'MYSQL_ROOT_PASSWORD=test',
-        'MYSQL_DATABASE=passbolt',
-        'MYSQL_USER=passbolt',
-        'MYSQL_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
+        'MARIADB_ROOT_PASSWORD=test',
+        'MARIADB_DATABASE=passbolt',
+        'MARIADB_USER=passbolt',
+        'MARIADB_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
       ],
       'Healthcheck' => {
         "Test": [
@@ -71,8 +70,8 @@
       'Binds' => $binds.append(
         "#{FIXTURES_PATH + '/passbolt-no-fingerprint.php'}:#{PASSBOLT_CONFIG_PATH + '/passbolt.php'}",
         "#{FIXTURES_PATH + '/public-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure.key'}",
-        "#{FIXTURES_PATH + '/private-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure_private.key'}",
-      ),
+        "#{FIXTURES_PATH + '/private-test.key'}:#{PASSBOLT_CONFIG_PATH + 'gpg/unsecure_private.key'}"
+      )
     )
 
     @container.start
@@ -92,5 +91,4 @@
       expect(file('/etc/environment').content).to match(/PASSBOLT_GPG_SERVER_KEY_FINGERPRINT/)
     end
   end
-
 end

From 809fa0844dcda8fc7097e5e2640f23f2bddd1b94 Mon Sep 17 00:00:00 2001
From: Daniel Del Rio Figueira <daniel@passbolt.com>
Date: Thu, 15 Jun 2023 10:02:20 +0200
Subject: [PATCH 3/3] PB-24985: update changelog for 4.0.0

---
 CHANGELOG.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ab32cf..3ca3d6d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,17 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v3.10.0...HEAD)
+## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/4.0.0...HEAD)
+
+## [4.0.0](https://github.com/passbolt/passbolt_docker/compare/v3.10.0...4.0.0) - 2023-06-15
+
+### Changed
+- bookworm as base container
+- php version set to 8.2
+- Mariadb set to 10.11
+- Updated rootless superchronic to 0.2.25
+- Supervisor php-fpm command updated to php-fpm8.2
+- Small refactor in kitchen tests
 
 ## [3.10.0](https://github.com/passbolt/passbolt_docker/compare/v3.9.4...v3.10.0) - 2023-05-02