prep for rel-702 (#373)

* prep for rel-702

* fix

Author: bradymiller

.github/workflows/build-702.yml

@@ -24,7 +24,7 @@ jobs:
         uses: docker/build-push-action@v3
         with:
           context: "{{defaultContext}}:docker/openemr/7.0.2"
-          tags: openemr/openemr:7.0.2 , openemr/openemr:next , openemr/openemr:dev
+          tags: openemr/openemr:7.0.2 , openemr/openemr:next
           platforms: linux/amd64,linux/arm64,linux/arm/v7
           push: true
           no-cache: true

.github/workflows/build-703.yml

@@ -0,0 +1,30 @@
+name: Development 7.0.3 Docker Nightly Build
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 2 * * *' # run at 2 AM UTC
+
+jobs:
+  build:
+    # Only run from master branch on the main repository
+    if: github.repository_owner == 'openemr' && github.repository == 'openemr/openemr-devops' && github.ref == 'refs/heads/master'
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push 7.0.3 docker
+        uses: docker/build-push-action@v3
+        with:
+          context: "{{defaultContext}}:docker/openemr/7.0.3"
+          tags: openemr/openemr:7.0.3 , openemr/openemr:dev
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          no-cache: true

docker/openemr/7.0.2/Dockerfile

@@ -21,7 +21,7 @@ RUN cp /usr/bin/php82 /usr/bin/php
 RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
 
 RUN apk add --no-cache git build-base \
-    && git clone https://github.com/openemr/openemr.git --depth 1 \
+    && git clone https://github.com/openemr/openemr.git --branch rel-702 --depth 1 \
     && rm -rf openemr/.git \
     && cd openemr \
     && composer install --no-dev \

docker/openemr/7.0.3/.dockerignore

@@ -0,0 +1,2 @@
+.gitignore
+docker-compose*yml

docker/openemr/7.0.3/.gitignore

@@ -0,0 +1 @@
+docker-compose.yml

docker/openemr/7.0.3/Dockerfile

@@ -0,0 +1,87 @@
+FROM alpine:3.18
+
+#Install dependencies and fix issue in apache
+RUN apk --no-cache upgrade
+RUN apk add --no-cache \
+    apache2 apache2-ssl apache2-utils git php82 php82-tokenizer php82-ctype php82-session php82-apache2 \
+    php82-json php82-pdo php82-pdo_mysql php82-curl php82-ldap php82-openssl php82-iconv \
+    php82-xml php82-xsl php82-gd php82-zip php82-soap php82-mbstring php82-zlib \
+    php82-mysqli php82-sockets php82-xmlreader php82-redis php82-simplexml php82-xmlwriter php82-phar php82-fileinfo \
+    php82-sodium php82-calendar php82-intl php82-opcache php82-pecl-apcu \
+    perl mysql-client tar curl imagemagick nodejs npm \
+    certbot openssl openssl-dev dcron \
+    rsync shadow ncurses \
+    && sed -i 's/^Listen 80$/Listen 0.0.0.0:80/' /etc/apache2/httpd.conf
+# Needed to ensure permissions work across shared volumes with openemr, nginx, and php-fpm dockers
+RUN usermod -u 1000 apache
+
+#BELOW LINE NEEDED TO SUPPORT PHP8 ON ALPINE 3.13+; SHOULD BE ABLE TO REMOVE THIS IN FUTURE ALPINE VERSIONS
+RUN cp /usr/bin/php82 /usr/bin/php
+# Install composer for openemr package building
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
+
+RUN apk add --no-cache git build-base \
+    && git clone https://github.com/openemr/openemr.git --depth 1 \
+    && rm -rf openemr/.git \
+    && cd openemr \
+    && composer install --no-dev \
+    && npm install --unsafe-perm \
+    && npm run build \
+    && cd ccdaservice \
+    && npm install --unsafe-perm \
+    && cd ../ \
+    && composer global require phing/phing \
+    && /root/.composer/vendor/bin/phing vendor-clean \
+    && /root/.composer/vendor/bin/phing assets-clean \
+    && composer global remove phing/phing \
+    && composer dump-autoload --optimize --apcu \
+    && composer clearcache \
+    && npm cache clear --force \
+    && rm -fr node_modules \
+    && cd ../ \
+    && chmod 666 openemr/sites/default/sqlconf.php \
+    && chown -R apache openemr/ \
+    && mv openemr /var/www/localhost/htdocs/ \
+    && mkdir -p /etc/ssl/certs /etc/ssl/private \
+    && apk del --no-cache git build-base \
+    && sed -i 's/^ *CustomLog/#CustomLog/' /etc/apache2/httpd.conf \
+    && sed -i 's/^ *ErrorLog/#ErrorLog/' /etc/apache2/httpd.conf \
+    && sed -i 's/^ *CustomLog/#CustomLog/' /etc/apache2/conf.d/ssl.conf \
+    && sed -i 's/^ *TransferLog/#TransferLog/' /etc/apache2/conf.d/ssl.conf
+WORKDIR /var/www/localhost/htdocs/openemr
+VOLUME [ "/etc/letsencrypt/", "/etc/ssl" ]
+#configure apache & php properly
+ENV APACHE_LOG_DIR=/var/log/apache2
+COPY php.ini /etc/php82/php.ini
+COPY openemr.conf /etc/apache2/conf.d/
+#add runner and auto_configure and prevent auto_configure from being run w/o being enabled
+COPY openemr.sh ssl.sh xdebug.sh auto_configure.php /var/www/localhost/htdocs/openemr/
+COPY utilities/unlock_admin.php utilities/unlock_admin.sh /root/
+RUN chmod 500 openemr.sh ssl.sh xdebug.sh /root/unlock_admin.sh \
+    && chmod 000 auto_configure.php /root/unlock_admin.php
+#bring in pieces used for automatic upgrade process
+COPY upgrade/docker-version \
+     upgrade/fsupgrade-1.sh \
+     upgrade/fsupgrade-2.sh \
+     upgrade/fsupgrade-3.sh \
+     upgrade/fsupgrade-4.sh \
+     upgrade/fsupgrade-5.sh \
+     /root/
+RUN chmod 500 \
+    /root/fsupgrade-1.sh \
+    /root/fsupgrade-2.sh \
+    /root/fsupgrade-3.sh \
+    /root/fsupgrade-4.sh \
+    /root/fsupgrade-5.sh
+#fix issue with apache2 dying prematurely
+RUN mkdir -p /run/apache2
+#Copy dev tools library to root
+COPY utilities/devtoolsLibrary.source /root/
+#Ensure swarm/orchestration pieces are available if needed
+RUN mkdir /swarm-pieces \
+    && rsync --owner --group --perms --delete --recursive --links /etc/ssl /swarm-pieces/ \
+    && rsync --owner --group --perms --delete --recursive --links /var/www/localhost/htdocs/openemr/sites /swarm-pieces/
+#go
+CMD [ "./openemr.sh" ]
+
+EXPOSE 80 443

docker/openemr/7.0.3/README.md

@@ -0,0 +1,70 @@
+# OpenEMR Official Docker Image
+
+The docker image is maintained at https://hub.docker.com/r/openemr/openemr/
+(see there for more details)
+
+## Tags
+
+See the https://hub.docker.com/r/openemr/openemr/ page for documentation of tags and their current aliases.
+
+It is recommended to specify a version number in production, to ensure your build process pulls what you expect it to.
+
+## How can I just spin up OpenEMR?
+
+*You **need** to run an instance of mysql/mariadb as well and connect it to this container! You can then either use auto-setup with environment variables (see below) or you can manually set up, telling the server where to find the db.* The easiest way is to use `docker-compose`. The following `docker-compose.yml` file is a good example:
+  - If you are using Raspberry Pi, then change the `mariadb:10.11` to `jsurf/rpi-mariadb`.
+```yaml
+# Use admin/pass as user/password credentials to login to openemr (from OE_USER and OE_PASS below)
+# MYSQL_HOST and MYSQL_ROOT_PASS are required for openemr
+# MYSQL_USER, MYSQL_PASS, OE_USER, MYSQL_PASS are optional for openemr and
+#   if not provided, then default to openemr, openemr, admin, and pass respectively.
+version: '3.1'
+services:
+  mysql:
+    restart: always
+    image: mariadb:10.11
+    command: ['mysqld','--character-set-server=utf8mb4']
+    volumes:
+    - databasevolume:/var/lib/mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: root
+  openemr:
+    restart: always
+    image: openemr/openemr:7.0.3
+    ports:
+    - 80:80
+    - 443:443
+    volumes:
+    - logvolume01:/var/log
+    - sitevolume:/var/www/localhost/htdocs/openemr/sites
+    environment:
+      MYSQL_HOST: mysql
+      MYSQL_ROOT_PASS: root
+      MYSQL_USER: openemr
+      MYSQL_PASS: openemr
+      OE_USER: admin
+      OE_PASS: pass
+    depends_on:
+    - mysql
+volumes:
+  logvolume01: {}
+  sitevolume: {}
+  databasevolume: {}
+```
+[![Try it!](https://github.com/play-with-docker/stacks/raw/cff22438cb4195ace27f9b15784bbb497047afa7/assets/images/button.png)](http://play-with-docker.com/?stack=https://gist.githubusercontent.com/bradymiller/cecc3159ce806aa520712bb2e1379392/raw/70e97b2ea90b555f16386c4403194c5cc709ec94/openemr-703-docker-example-docker-compose.yml)
+
+## Environment Variables
+
+See the https://hub.docker.com/r/openemr/openemr/ page for documentation of environment variables.
+
+## Support on Raspberry Pi
+
+Both 32 bit and 64 bit architectures are supported on Raspberry Pi. If you are using Raspberry Pi, then you need to change the `mariadb:10.11` to `jsurf/rpi-mariadb` in the above docker-compose.yml example.
+
+## Where to get help?
+
+For general knowledge, our [wiki](https://www.open-emr.org/wiki) is a repository of helpful information. The [Forum](https://community.open-emr.org/) are a great source for assistance and news about emerging features. We also have a [Chat](https://www.open-emr.org/chat/) system for real-time advice and to coordinate our development efforts.
+
+## How can I contribute?
+
+The OpenEMR community is a vibrant and active group, and people from any background can contribute meaningfully, whether they are optimizing our DB calls, or they're doing translations to their native tongue. Feel free to reach out to us at via [Chat](https://www.open-emr.org/chat/)!

docker/openemr/7.0.3/auto_configure.php

@@ -0,0 +1,47 @@
+<?php
+require_once('/var/www/localhost/htdocs/openemr/vendor/autoload.php');
+// Set up default configuration settings
+$installSettings = array();
+$installSettings['iuser']                    = 'admin';
+$installSettings['iuname']                   = 'Administrator';
+$installSettings['iuserpass']                = 'pass';
+$installSettings['igroup']                   = 'Default';
+$installSettings['server']                   = 'localhost'; // mysql server
+$installSettings['loginhost']                = 'localhost'; // php/apache server
+$installSettings['port']                     = '3306';
+$installSettings['root']                     = 'root';
+$installSettings['rootpass']                 = 'BLANK';
+$installSettings['login']                    = 'openemr';
+$installSettings['pass']                     = 'openemr';
+$installSettings['dbname']                   = 'openemr';
+$installSettings['collate']                  = 'utf8mb4_general_ci';
+$installSettings['site']                     = 'default';
+$installSettings['source_site_id']           = 'BLANK';
+$installSettings['clone_database']           = 'BLANK';
+$installSettings['no_root_db_access']        = 'BLANK';
+$installSettings['development_translations'] = 'BLANK';
+// Collect parameters(if exist) for installation configuration settings
+for ($i=1; $i < count($argv); $i++) {
+    $indexandvalue = explode("=", $argv[$i]);
+    $index = $indexandvalue[0];
+    $value = $indexandvalue[1] ?? '';
+    $installSettings[$index] = $value;
+}
+// Convert BLANK settings to empty
+$tempInstallSettings = array();
+foreach ($installSettings as $setting => $value) {
+    if ($value == "BLANK") {
+        $value = '';
+    }
+    $tempInstallSettings[$setting] = $value;
+}
+$installSettings = $tempInstallSettings;
+// Install and configure OpenEMR using the Installer class
+$installer = new Installer($installSettings);
+if (! $installer->quick_install()) {
+  // Failed, report error
+    throw new Exception("ERROR: " . $installer->error_message . "\n");
+} else {
+  // Successful
+    echo $installer->debug_message . "\n";
+}

docker/openemr/7.0.3/openemr.conf

@@ -0,0 +1,67 @@
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule allowmethods_module modules/mod_allowmethods.so
+
+## Security Options
+# Strong HTTP Protocol
+HTTPProtocolOptions Strict
+Protocols http/1.1
+# Don't Reveal Server
+ServerSignature off
+ServerTokens Prod
+Header unset Server
+# No ETag
+FileETag None
+Header unset ETag
+# Set HSTS and X-XSS protection
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+Header set X-XSS-Protection "1; mode=block"
+# Narrow document root
+DocumentRoot /var/www/localhost/htdocs/openemr
+
+# These are the overrides if a virtual host does not exist.
+ErrorLog "|/usr/sbin/rotatelogs -n 5 ${APACHE_LOG_DIR}/error.log 86400"
+CustomLog "|/usr/sbin/rotatelogs -n 5 ${APACHE_LOG_DIR}/access.log 86400" combined
+
+<Directory /var/www/localhost/htdocs/openemr>
+    # Only allow these HTTP Methods
+    AllowMethods GET POST PUT DELETE HEAD OPTIONS
+    # No indexes anywhere
+    Options -Indexes
+    AllowOverride FileInfo
+    Require all granted
+</Directory>
+
+<Directory "/var/www/localhost/htdocs/openemr/sites">
+    AllowOverride None
+</Directory>
+
+<Directory "/var/www/localhost/htdocs/openemr/sites/*/documents">
+    Require all denied
+</Directory>
+
+#######################################
+### Uncomment the following 3 lines ###
+### with #'s below to enable HTTPS  ###
+### redirection & require HTTPS only ##
+#######################################
+<VirtualHost *:80>
+    #RewriteEngine On
+    #RewriteCond %{HTTPS} off
+    #RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost _default_:443>
+    #   SSL Engine Switch:
+    #   Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    #   Used following tool to produce below ciphers and protocol (only TLSv1.2 and TLSv1.3) and related settings :
+    #     https://ssl-config.mozilla.org/#server=apache&version=2.4.48&config=intermediate&openssl=1.1.1&hsts=false&ocsp=false&guideline=5.6
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+    SSLHonorCipherOrder off
+    SSLSessionTickets off
+
+    SSLCertificateFile    /etc/ssl/certs/webserver.cert.pem
+    SSLCertificateKeyFile /etc/ssl/private/webserver.key.pem
+</VirtualHost>