chore: Update Dockerfiles, Makefile and documentation

- Updated Dockerfile.production
- Updated Makefile
- Updated deployment documentation
- Updated docker/ci/Dockerfile, docker/php/Dockerfile, docker/worker/Dockerfile
- Updated dependency scanning documentation
- Added git-hooks documentation

Dockerfile.production

@@ -1,9 +1,11 @@
 # Production Dockerfile - Multi-Stage Build
 
+ARG PHP_VERSION=8.5.0RC3
+# Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases
 ARG RUNTIME_IMAGE=runtime-base
 
 # Stage: Composer Dependencies (Production)
-FROM php:8.5.0RC3-fpm AS composer-deps-production
+FROM php:${PHP_VERSION}-fpm AS composer-deps-production
 
 WORKDIR /app
 
@@ -53,7 +55,8 @@ COPY tsconfig.json ./
 RUN npm run build
 
 # Stage: Runtime Base Image (shared)
-FROM php:8.5.0RC3-fpm AS runtime-base
+ARG PHP_VERSION=8.5.0RC3
+FROM php:${PHP_VERSION}-fpm AS runtime-base
 
 # Install system dependencies + nginx for production
 RUN apt-get update && apt-get install -y \

Makefile

@@ -215,10 +215,14 @@ logs-production: ## Show production logs
 	@echo "📋 Showing production logs..."
 	@cd deployment && make logs-prod-php
 
-logs-staging: ## Show staging-app container logs via SSH
-	@echo "📋 Showing staging-app logs..."
+logs-staging: ## Show staging-app container logs via SSH (container stdout/stderr)
+	@echo "📋 Showing staging-app container logs..."
 	@ssh -i ~/.ssh/production deploy@94.16.110.151 "cd ~/deployment/stacks/staging && docker compose logs -f staging-app"
 
+logs-staging-php: ## Show PHP application logs from staging-app (log files)
+	@echo "📋 Showing PHP application logs from staging-app..."
+	@ssh -i ~/.ssh/production deploy@94.16.110.151 "docker exec -i staging-app tail -f /var/www/html/storage/logs/*.log 2>/dev/null || docker exec -i staging-app ls -la /var/www/html/storage/logs/ 2>/dev/null || echo 'Log directory /var/www/html/storage/logs/ not accessible'"
+
 # SSL Certificate Management (PHP Framework Integration)
 ssl-init: ## Initialize Let's Encrypt certificates
 	@echo "🔒 Initializing SSL certificates..."
@@ -253,4 +257,4 @@ ssl-backup: ## Backup Let's Encrypt certificates
 push-staging: ## Pusht den aktuellen Stand nach origin/staging
 	git push origin HEAD:staging
 
-.PHONY: up down build restart logs ps phpinfo deploy setup clean clean-coverage status fix-ssh-perms setup-ssh test test-coverage test-coverage-html test-unit test-framework test-domain test-watch test-parallel test-profile test-filter security-check security-audit-json security-check-prod update-production restart-production deploy-production-quick status-production logs-production logs-staging ssl-init ssl-init-staging ssl-test ssl-renew ssl-status ssl-backup push-staging
+.PHONY: up down build restart logs ps phpinfo deploy setup clean clean-coverage status fix-ssh-perms setup-ssh test test-coverage test-coverage-html test-unit test-framework test-domain test-watch test-parallel test-profile test-filter security-check security-audit-json security-check-prod update-production restart-production deploy-production-quick status-production logs-production logs-staging logs-staging-php ssl-init ssl-init-staging ssl-test ssl-renew ssl-status ssl-backup push-staging

deployment/docs/guides/deployment-commands.md

@@ -158,3 +158,15 @@ ansible-playbook ... --check --diff
 ```bash
 ansible -i inventory/production.yml production -m ping
 ```
+
+### PHP Version anpassen
+
+```bash
+# 1. Workflow-Variable aktualisieren (.gitea/workflows/production-deploy.yml)
+PHP_VERSION=8.5.0RC4
+
+# 2. Optionale lokale Builds (alle Dockerfiles akzeptieren PHP_VERSION):
+docker build --build-arg PHP_VERSION=8.5.0RC4 -f docker/php/Dockerfile .
+docker build --build-arg PHP_VERSION=8.5.0RC4 -f docker/ci/Dockerfile .
+docker build --build-arg PHP_VERSION=8.5.0RC4 -f docker/worker/Dockerfile .
+```

docker/ci/Dockerfile

@@ -1,6 +1,8 @@
 # Dockerfile für CI/CD Workflows
 # Optimiert für Gitea Actions Runner mit PHP 8.5 und allen benötigten Tools
-FROM php:8.5.0RC3-cli
+ARG PHP_VERSION=8.5.0RC3
+# Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases
+FROM php:${PHP_VERSION}-cli
 
 # System-Abhängigkeiten für CI/CD
 RUN apt-get update && apt-get install -y \

docker/php/Dockerfile

@@ -1,5 +1,7 @@
 # Dockerfile für PHP-FPM
-FROM php:8.5.0RC3-fpm AS base
+ARG PHP_VERSION=8.5.0RC3
+# Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases
+FROM php:${PHP_VERSION}-fpm AS base
 
 # System-Abhängigkeiten: Werden selten geändert, daher ein eigener Layer
 RUN apt-get update && apt-get install -y \
@@ -155,7 +157,8 @@ COPY tsconfig.json ./
 RUN npm run build
 
 # Stage: Production Runtime
-FROM php:8.5.0RC3-fpm AS production
+ARG PHP_VERSION=8.5.0RC3
+FROM php:${PHP_VERSION}-fpm AS production
 
 # Install system dependencies + nginx for production
 RUN apt-get update && apt-get install -y \

docker/worker/Dockerfile

@@ -1,4 +1,6 @@
-FROM php:8.5-rc-cli
+ARG PHP_VERSION=8.5.0RC3
+# Keep aligned with runtime PHP tag (override via --build-arg PHP_VERSION=X)
+FROM php:${PHP_VERSION}-cli
 
 # Install system dependencies including libraries for GD and other extensions
 RUN apt-get update && apt-get install -y \

docs/contributing/git-hooks.md

@@ -0,0 +1,151 @@
+# Git Hooks
+
+Dieses Projekt verwendet Git Hooks, um Code-Quality und Commit-Standards automatisch zu ?berpr?fen.
+
+## Aktivierte Hooks
+
+### Pre-commit Hook
+**Zweck**: Schnelle Checks vor jedem Commit
+
+**Pr?ft**:
+- ? PHP Code Style (PHP-CS-Fixer) f?r ge?nderte PHP-Dateien
+- ? JavaScript/TypeScript Linting (ESLint) f?r ge?nderte JS/TS-Dateien
+- ? Merge-Konflikt-Marker in staged Dateien
+
+**?berspringen**: `git commit --no-verify`
+
+**Beispiel-Fehler**:
+```
+? Code style issues found in src/MyClass.php
+?? Run: make cs-fix
+```
+
+### Commit-msg Hook
+**Zweck**: Validierung der Commit-Message nach Conventional Commits
+
+**Format**: `type(scope): subject`
+
+**Erlaubte Types**:
+- `feat`: Neue Features
+- `fix`: Bugfixes
+- `docs`: Dokumentation
+- `style`: Code-Formatierung (ohne Funktions?nderung)
+- `refactor`: Code-Refactoring
+- `perf`: Performance-Verbesserungen
+- `test`: Tests hinzuf?gen/?ndern
+- `build`: Build-System/Abh?ngigkeiten
+- `ci`: CI/CD Konfiguration
+- `chore`: Sonstige ?nderungen
+- `revert`: Revert eines Commits
+
+**Beispiele**:
+```bash
+feat: Add user authentication
+fix(api): Resolve 502 error in staging
+docs: Update README
+refactor(framework): Improve DI container
+```
+
+**?berspringen**: `git commit --no-verify`
+
+### Pre-push Hook
+**Zweck**: Langsamere Checks vor dem Push
+
+**Pr?ft**:
+- ? PHPStan Static Analysis
+- ? Unit Tests (schneller Teil der Test-Suite)
+
+**Hinweis**: Dieser Hook kann etwas l?nger dauern. Er fragt bei Fehlern, ob trotzdem gepusht werden soll.
+
+**?berspringen**: `git push --no-verify`
+
+## Hook deaktivieren
+
+### Einzelnen Commit ?berspringen
+```bash
+git commit --no-verify
+```
+
+### Einzelnen Push ?berspringen
+```bash
+git push --no-verify
+```
+
+### Hooks komplett deaktivieren
+```bash
+# Tempor?r alle Hooks deaktivieren
+git config core.hooksPath /dev/null
+
+# Wieder aktivieren
+git config --unset core.hooksPath
+```
+
+## Hook manuell testen
+
+```bash
+# Pre-commit Hook testen
+.git/hooks/pre-commit
+
+# Commit-msg Hook testen
+echo "test: Test message" | .git/hooks/commit-msg /dev/stdin
+
+# Pre-push Hook testen
+.git/hooks/pre-push
+```
+
+## Hook anpassen
+
+Die Hook-Dateien befinden sich in `.git/hooks/`:
+- `.git/hooks/pre-commit` - Pre-commit Checks
+- `.git/hooks/commit-msg` - Commit-Message Validierung
+- `.git/hooks/pre-push` - Pre-push Checks
+
+**Wichtig**: Hook-Dateien werden nicht ins Repository committed (sie sind in `.git/hooks/`, nicht im Working Directory).
+
+Um Hooks f?r das gesamte Team zu teilen, gibt es mehrere M?glichkeiten:
+1. **Husky** (npm package) - f?r Node.js-Projekte
+2. **CaptainHook** (PHP package) - f?r PHP-Projekte
+3. Manuelles Setup-Skript
+
+## Best Practices
+
+1. **Pre-commit**: Schnelle Checks (< 5 Sekunden)
+   - Code Style
+   - Syntax-Checks
+   - Merge-Konflikt-Detection
+
+2. **Pre-push**: Langsamere Checks (< 2 Minuten)
+   - Static Analysis
+   - Unit Tests
+   - Integration Tests (optional)
+
+3. **CI/CD**: Umfassende Checks
+   - Alle Tests
+   - Coverage Reports
+   - Security Scans
+
+## Troubleshooting
+
+### Hook wird nicht ausgef?hrt
+```bash
+# Pr?fe Berechtigungen
+ls -la .git/hooks/
+
+# Mache Hook ausf?hrbar
+chmod +x .git/hooks/pre-commit
+```
+
+### Hook ist zu langsam
+- Verringere die Anzahl der Checks im pre-commit Hook
+- Verschiebe langsamere Checks in den pre-push Hook
+- Nutze `--no-verify` f?r schnelle WIP-Commits
+
+### Hook schl?gt im Docker fehl
+Die Hooks pr?fen automatisch, ob sie in Docker laufen und passen die Befehle entsprechend an.
+
+## Weitere Hooks hinzuf?gen
+
+Weitere n?tzliche Hooks:
+- `post-merge`: Automatische `composer install` nach `git pull`
+- `post-checkout`: Automatische Dependency-Updates
+- `prepare-commit-msg`: Automatische Ticket-Nummern in Commit-Messages

docs/dependency-scanning.md

@@ -201,14 +201,19 @@ Roave automatically blocks `composer install` or `composer update` if any instal
 
 ### Why Deferred?
 
-Current project uses **PHP 8.5 RC2** (bleeding edge), which causes dependency resolution conflicts:
+Current project uses **PHP 8.5 RC3** (bleeding edge), which causes dependency resolution conflicts:
 ```
 brianium/paratest v7.8.4 requires php ~8.2.0 || ~8.3.0 || ~8.4.0
-your php version (8.5.0RC2) does not satisfy that requirement
+your php version (8.5.0RC3) does not satisfy that requirement
 ```
 
 **Planned Integration:** When PHP 8.5 stable is released and all testing dependencies support it.
 
+> ℹ️ **PHP Runtime Strategy:**  
+> - Runtime container builds accept `--build-arg PHP_VERSION` (default `8.5.0RC3`) to keep PHP aligned with upstream RC tags.  
+> - `.gitea/workflows/production-deploy.yml` sets the same version for CI rebuilds (`--pull` ensures fresh layers).  
+> - We'll move to `8.5.0RC4` as soon as upstream publishes the image and switch to the latest stable PHP release at the end of November.
+
 ### Roave vs Composer Audit
 
 | Feature | Roave Security Advisories | Composer Audit |