chore: add BASE_IMAGE build arg to Dockerfile

pranavjain97 · pranavjain97 · commit 7f6a8ae92fdc · 2025-11-13T12:41:53.000-05:00
Ticket: WP-6774
diff --git a/.github/workflows/release-to-ghcr.yaml b/.github/workflows/release-to-ghcr.yaml
@@ -153,6 +153,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
+          platforms: linux/amd64
           push: true
           tags: |
             ghcr.io/bitgo/advanced-wallets:${{ needs.get-context.outputs.new-version }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,8 @@
 # syntax=docker/dockerfile:1.4
 
 # Build stage
-# Using node:22-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
-# Pinned to specific SHA256 digest for supply chain security and deterministic builds
-# To update: podman pull node:22-alpine && podman inspect node:22-alpine --format '{{index .RepoDigests 0}}'
-# Last updated: 2025-10-24
-FROM --platform=$BUILDPLATFORM node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6 AS builder
+# Using node:22.1.0-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
+FROM node:22.1.0-alpine AS builder
 
 # Set build-time variables for reproducibility
 ARG NODE_ENV=development
@@ -55,9 +52,8 @@ COPY . .
 RUN npm run build
 
 # Production stage
-# Using node:22-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
-# Pinned to specific SHA256 digest for supply chain security and deterministic builds
-FROM --platform=$TARGETPLATFORM node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6 AS production
+# Using node:22.1.0-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
+FROM node:22.1.0-alpine AS production
 
 # Declare build arguments in production stage
 ARG PORT=3081
