chore: add BASE_IMAGE build arg to Dockerfile

Ticket: WP-6774

Author: pranavjain97

.github/workflows/release-to-ghcr.yaml

@@ -153,13 +153,27 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
+          platforms: linux/amd64
           push: true
+          provenance: false
           tags: |
             ghcr.io/bitgo/advanced-wallets:${{ needs.get-context.outputs.new-version }}
             ghcr.io/bitgo/advanced-wallets:latest
           build-args: |
+            BASE_IMAGE=node:22-alpine
             BUILD_VERSION=${{ needs.get-context.outputs.new-version }}
             BUILD_DATE=${{ github.event.repository.updated_at }}
             VCS_REF=${{ github.sha }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  update-api-docs:
+    name: Update API Docs (Dev)
+    uses: BitGo/gha-dev-portal-updater/.github/workflows/generate-and-update.yml@v5
+    with:
+      target-repo: api-docs
+      service-name: advanced-wallets
+      api-spec-file: src/masterBitgoExpress/routers/index.ts
+      api-spec-title: Advanced Wallets
+      remote-working-directory: ''
+    secrets: inherit

Dockerfile

@@ -5,7 +5,9 @@
 # Pinned to specific SHA256 digest for supply chain security and deterministic builds
 # To update: podman pull node:22-alpine && podman inspect node:22-alpine --format '{{index .RepoDigests 0}}'
 # Last updated: 2025-10-24
-FROM --platform=$BUILDPLATFORM node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6 AS builder
+# For local builds with network issues, override with: --build-arg BASE_IMAGE=node:22-alpine
+ARG BASE_IMAGE=node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6
+FROM ${BASE_IMAGE} AS builder
 
 # Set build-time variables for reproducibility
 ARG NODE_ENV=development
@@ -57,7 +59,8 @@ RUN npm run build
 # Production stage
 # Using node:22-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
 # Pinned to specific SHA256 digest for supply chain security and deterministic builds
-FROM --platform=$TARGETPLATFORM node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6 AS production
+ARG BASE_IMAGE=node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6
+FROM ${BASE_IMAGE} AS production
 
 # Declare build arguments in production stage
 ARG PORT=3081

package.json

@@ -18,8 +18,8 @@
     "lint:fix": "eslint --quiet --ignore-pattern scripts/bump-version.ts . --fix",
     "generate-test-ssl": "openssl req -x509 -newkey rsa:2048 -keyout demo.key -out demo.crt -days 365 -nodes -subj '/CN=localhost'",
     "generate:openapi:masterExpress": "npx @api-ts/openapi-generator --name @bitgo/master-bitgo-express ./src/api/master/routers/index.ts > masterBitgoExpress.json",
-    "container:build:master-bitgo-express": "podman build --build-arg PORT=3081 -t master-bitgo-express .",
-    "container:build:advanced-wallet-manager": "podman build --build-arg PORT=3080 -t advanced-wallet-manager .",
+    "container:build:master-bitgo-express": "podman build --build-arg PORT=3081 --build-arg BASE_IMAGE=node:22-alpine -t master-bitgo-express .",
+    "container:build:advanced-wallet-manager": "podman build --build-arg PORT=3080 --build-arg BASE_IMAGE=node:22-alpine -t advanced-wallet-manager .",
     "bump-versions": "ts-node scripts/bump-version.ts"
   },
   "dependencies": {