From d1b4483727b1451f01185945abe49861c3c5d000 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 19:12:24 +0200
Subject: [PATCH 01/13] CI: lint dockerfiles

---
 .github/workflows/lint.yml | 16 ++++++++++++++++
 Makefile                   |  8 ++++++++
 2 files changed, 24 insertions(+)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 4f38356f0f..228ed8abdd 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -47,3 +47,19 @@ jobs:
           components: clippy, rustfmt
       - name: Run transaction Fuzzing check
         run: make check-tx-fuzzing
+
+  hadolint:
+    name: Hadolint - ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install hadolint
+        run: |
+          wget -O /tmp/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
+          chmod +x /tmp/hadolint
+          sudo mv /tmp/hadolint /usr/local/bin/hadolint
+      - name: Run hadolint
+        run: make lint-dockerfiles
diff --git a/Makefile b/Makefile
index 63c6096ed6..40fac54ea8 100644
--- a/Makefile
+++ b/Makefile
@@ -95,6 +95,14 @@ format-md: ## Format all markdown files to wrap at 80 characters
 lint: ## Run linter (clippy)
 	cargo clippy --all-targets -- -D warnings --allow clippy::mutable_key_type
 
+.PHONY: lint-dockerfiles
+lint-dockerfiles: ## Check all Dockerfiles using hadolint
+	@if [ "$$GITHUB_ACTIONS" = "true" ]; then \
+		find . -name "Dockerfile*" -type f -exec hadolint {} \;; \
+	else \
+		find . -name "Dockerfile*" -type f -exec sh -c 'docker run --rm -i hadolint/hadolint < "$$1"' _ {} \;; \
+	fi
+
 .PHONY: setup-wasm-toolchain
 setup-wasm-toolchain: ## Setup the WebAssembly toolchain, using nightly
 		@ARCH=$$(uname -m); \

From 8a806ca06a9da7ac73ec7657a5575fa292b8d663 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 19:15:04 +0200
Subject: [PATCH 02/13] Dockerfiles: add --no-install-recommends to all apt-get
 install cmds

- Reduces Docker image size by avoiding installation of recommended packages
- Fixes hadolint DL3015 warnings across all Dockerfiles
---
 Dockerfile                                 | 4 ++--
 docker/producer-dashboard/Dockerfile       | 4 ++--
 frontend/Dockerfile                        | 2 +-
 node/testing/docker/Dockerfile.debugger    | 2 +-
 node/testing/docker/Dockerfile.light       | 2 +-
 node/testing/docker/Dockerfile.light.focal | 2 +-
 node/testing/docker/Dockerfile.openmina    | 2 +-
 tools/bootstrap-sandbox/Dockerfile         | 2 +-
 tools/fuzzing/Dockerfile                   | 2 +-
 tools/heartbeats-processor/Dockerfile      | 4 ++--
 10 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 58a13deafd..beee4c70c5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 FROM rust:bullseye AS build
-RUN apt-get update && apt-get install -y protobuf-compiler && apt-get clean
+RUN apt-get update && apt-get install -y --no-install-recommends protobuf-compiler && apt-get clean
 RUN rustup default 1.84 && rustup component add rustfmt
 WORKDIR /openmina
 COPY . .
@@ -19,7 +19,7 @@ RUN git clone --depth 1 https://github.com/openmina/circuit-blobs.git \
     && rm -rf circuit-blobs/berkeley_rc1 circuit-blobs/*/tests
 
 FROM debian:bullseye
-RUN apt-get update && apt-get install -y libjemalloc2 libssl1.1 libpq5 curl jq procps && apt-get clean
+RUN apt-get update && apt-get install -y --no-install-recommends libjemalloc2 libssl1.1 libpq5 curl jq procps && apt-get clean
 
 COPY --from=build /openmina/release-bin/openmina /usr/local/bin/
 COPY --from=build /openmina/testing-release-bin/openmina-node-testing /usr/local/bin/
diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index 0db06f8521..7552633b53 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -8,7 +8,7 @@ RUN cd producer-dashboard && SQLX_OFFLINE=true cargo install --path .
 
 FROM ubuntu:noble AS mina-builder
 
-RUN apt-get update && apt-get install -y openssl ca-certificates
+RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates
 
 # Build mina from source
 RUN apt-get update && \
@@ -78,7 +78,7 @@ RUN eval $(opam config env) && make build_all_sigs
 
 FROM ubuntu:noble
 
-RUN apt-get update && apt-get install -y libpq5 libjemalloc2
+RUN apt-get update && apt-get install -y --no-install-recommends libpq5 libjemalloc2
 
 COPY --from=app-builder /usr/local/cargo/bin/openmina-producer-dashboard /usr/local/bin/openmina-producer-dashboard
 COPY --from=mina-builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index ad489347c7..88fd344a85 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -13,7 +13,7 @@ RUN echo "---------- USING APACHE ----------"
 FROM httpd:2.4
 
 RUN apt-get update && \
-    apt-get install -y curl && \
+    apt-get install -y --no-install-recommends curl && \
     rm -rf /var/lib/apt/lists/*
 
 COPY --from=BUILD_IMAGE /app/dist/frontend/browser /usr/local/apache2/htdocs/
diff --git a/node/testing/docker/Dockerfile.debugger b/node/testing/docker/Dockerfile.debugger
index 6bce30aaf0..7b00f502ba 100644
--- a/node/testing/docker/Dockerfile.debugger
+++ b/node/testing/docker/Dockerfile.debugger
@@ -5,4 +5,4 @@ FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley
 
 COPY --from=debugger /usr/bin/bpf-recorder /usr/bin/bpf-recorder
 
-RUN apt-get update && apt-get -y install libelf-dev
+RUN apt-get update && apt-get -y install --no-install-recommends libelf-dev
diff --git a/node/testing/docker/Dockerfile.light b/node/testing/docker/Dockerfile.light
index 59643bde29..f36e7af546 100644
--- a/node/testing/docker/Dockerfile.light
+++ b/node/testing/docker/Dockerfile.light
@@ -1,7 +1,7 @@
 FROM golang:1.18.10-buster AS builder
 
 RUN apt-get update && \
-  apt-get -y install \
+  apt-get -y install --no-install-recommends \
     apt-transport-https \
     ca-certificates \
     pkg-config \
diff --git a/node/testing/docker/Dockerfile.light.focal b/node/testing/docker/Dockerfile.light.focal
index 5384c61312..6d57fda394 100644
--- a/node/testing/docker/Dockerfile.light.focal
+++ b/node/testing/docker/Dockerfile.light.focal
@@ -1,7 +1,7 @@
 FROM golang:1.18.10-focal AS builder
 
 RUN apt-get update && \
-  apt-get -y install \
+  apt-get -y install --no-install-recommends \
     apt-transport-https \
     ca-certificates \
     pkg-config \
diff --git a/node/testing/docker/Dockerfile.openmina b/node/testing/docker/Dockerfile.openmina
index acf620b5e3..be1ce5b31f 100644
--- a/node/testing/docker/Dockerfile.openmina
+++ b/node/testing/docker/Dockerfile.openmina
@@ -3,7 +3,7 @@ FROM ubuntu:20.04 AS builder
 ENV TZ=UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
-  apt-get -y install git curl gcc libssl-dev pkg-config
+  apt-get -y install --no-install-recommends git curl gcc libssl-dev pkg-config
 
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
diff --git a/tools/bootstrap-sandbox/Dockerfile b/tools/bootstrap-sandbox/Dockerfile
index 2fffd3462d..f1f1bf4b47 100644
--- a/tools/bootstrap-sandbox/Dockerfile
+++ b/tools/bootstrap-sandbox/Dockerfile
@@ -8,7 +8,7 @@ RUN cargo install --git https://github.com/openmina/openmina.git --branch fix/bo
 
 FROM debian:bullseye
 
-RUN apt-get update && apt-get install -y libssl-dev
+RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev
 
 COPY --from=builder /usr/local/cargo/bin/openmina-bootstrap-sandbox \
     /usr/local/bin/openmina-bootstrap-sandbox
diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile
index 301471ac4b..fa644e6bae 100644
--- a/tools/fuzzing/Dockerfile
+++ b/tools/fuzzing/Dockerfile
@@ -3,7 +3,7 @@ FROM debian:bullseye
 
 RUN apt -y update && \
   apt -y upgrade && \
-  apt -y install \
+  apt -y install --no-install-recommends \
     apt-transport-https \
     ca-certificates \
     pkg-config \
diff --git a/tools/heartbeats-processor/Dockerfile b/tools/heartbeats-processor/Dockerfile
index f13a04b697..3505c6795f 100644
--- a/tools/heartbeats-processor/Dockerfile
+++ b/tools/heartbeats-processor/Dockerfile
@@ -2,7 +2,7 @@
 FROM rust:1.84-slim-bookworm AS builder
 
 WORKDIR /usr/src/app
-RUN apt-get update && apt-get install -y pkg-config libssl-dev && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends pkg-config libssl-dev && rm -rf /var/lib/apt/lists/*
 
 COPY . .
 RUN ls -la tools/heartbeats-processor
@@ -11,7 +11,7 @@ RUN cargo build --release -p heartbeats-processor
 # Runtime stage
 FROM debian:bookworm-slim
 
-RUN apt-get update && apt-get install -y libsqlite3-0 ca-certificates && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends libsqlite3-0 ca-certificates && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 

From e692a105c63d8d72efd64a2f19b1d767861b0a6a Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 19:21:00 +0200
Subject: [PATCH 03/13] fix: quote cmd subst. to prevent word splitting in
 Dockerfiles

- Added quotes around $(opam config env) in all Dockerfiles
- Fixes hadolint SC2046 warnings for proper shell quoting
- Affects tools/fuzzing, node/testing/docker, and producer-dashboard Dockerfiles
---
 docker/producer-dashboard/Dockerfile       | 4 ++--
 node/testing/docker/Dockerfile.light       | 4 ++--
 node/testing/docker/Dockerfile.light.focal | 4 ++--
 tools/fuzzing/Dockerfile                   | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index 7552633b53..4078151b37 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -61,7 +61,7 @@ RUN apt-get -y --no-install-recommends install m4 pkg-config
 
 RUN opam init --disable-sandboxing
 RUN opam switch create .
-RUN eval $(opam config env)
+RUN eval "$(opam config env)"
 RUN opam switch import -y opam.export
 RUN ./scripts/pin-external-packages.sh
 
@@ -73,7 +73,7 @@ RUN make libp2p_helper
 
 ENV PATH="/root/.cargo/bin:${PATH}"
 RUN apt-get -y --no-install-recommends install zlib1g-dev
-RUN eval $(opam config env) && make build_all_sigs
+RUN eval "$(opam config env)" && make build_all_sigs
 # RUN /bin/bash -c "source ~/.cargo/env && eval $(opam config env) && make build_all_sigs"
 
 FROM ubuntu:noble
diff --git a/node/testing/docker/Dockerfile.light b/node/testing/docker/Dockerfile.light
index f36e7af546..c1f0f6faa9 100644
--- a/node/testing/docker/Dockerfile.light
+++ b/node/testing/docker/Dockerfile.light
@@ -53,7 +53,7 @@ RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-
 
 RUN opam init --disable-sandboxing \
   && opam switch create . \
-  && eval $(opam config env) \
+  && eval "$(opam config env)" \
   && opam switch import -y opam.export \
   && ./scripts/pin-external-packages.sh
 
@@ -63,7 +63,7 @@ RUN git apply patch
 
 RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 
-RUN source ~/.cargo/env && eval $(opam config env) && make build_all_sigs
+RUN source ~/.cargo/env && eval "$(opam config env)" && make build_all_sigs
 
 FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-buster-berkeley
 
diff --git a/node/testing/docker/Dockerfile.light.focal b/node/testing/docker/Dockerfile.light.focal
index 6d57fda394..2612708234 100644
--- a/node/testing/docker/Dockerfile.light.focal
+++ b/node/testing/docker/Dockerfile.light.focal
@@ -53,7 +53,7 @@ RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-
 
 RUN opam init --disable-sandboxing \
   && opam switch create . \
-  && eval $(opam config env) \
+  && eval "$(opam config env)" \
   && opam switch import -y opam.export \
   && ./scripts/pin-external-packages.sh
 
@@ -63,7 +63,7 @@ RUN git apply patch
 
 RUN rm /bin/sh && ln -s /bin/bash /bin/sh 
 
-RUN source ~/.cargo/env && eval $(opam config env) && make build_all_sigs
+RUN source ~/.cargo/env && eval "$(opam config env)" && make build_all_sigs
 
 FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley
 
diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile
index fa644e6bae..df2c3b60a2 100644
--- a/tools/fuzzing/Dockerfile
+++ b/tools/fuzzing/Dockerfile
@@ -65,11 +65,11 @@ RUN git submodule update --init --recursive && \
     git checkout openmina/fuzzer
 RUN opam init --disable-sandboxing && \
     opam switch create .&& \
-    eval $(opam config env) && \
+    eval "$(opam config env)" && \
     opam switch import -y opam.export && \
     ./scripts/pin-external-packages.sh
 RUN source ~/.cargo/env && \
-    eval $(opam config env) && \
+    eval "$(opam config env)" && \
     export PATH=$PATH:/usr/local/go/bin && \
     export DUNE_PROFILE=devnet && \
     make libp2p_helper && \

From dfe97abc3d0ed2b1878d4cd16544ad5e271d0474 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 19:24:05 +0200
Subject: [PATCH 04/13] fix: use SHELL instead of substituing sh with bash

---
 node/testing/docker/Dockerfile.light       | 2 +-
 node/testing/docker/Dockerfile.light.focal | 2 +-
 node/testing/docker/Dockerfile.openmina    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/node/testing/docker/Dockerfile.light b/node/testing/docker/Dockerfile.light
index c1f0f6faa9..5641cc31ae 100644
--- a/node/testing/docker/Dockerfile.light
+++ b/node/testing/docker/Dockerfile.light
@@ -61,7 +61,7 @@ COPY patch patch
 
 RUN git apply patch
 
-RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+SHELL ["/bin/bash", "-c"]
 
 RUN source ~/.cargo/env && eval "$(opam config env)" && make build_all_sigs
 
diff --git a/node/testing/docker/Dockerfile.light.focal b/node/testing/docker/Dockerfile.light.focal
index 2612708234..1785e46a22 100644
--- a/node/testing/docker/Dockerfile.light.focal
+++ b/node/testing/docker/Dockerfile.light.focal
@@ -61,7 +61,7 @@ COPY patch patch
 
 RUN git apply patch
 
-RUN rm /bin/sh && ln -s /bin/bash /bin/sh 
+SHELL ["/bin/bash", "-c"]
 
 RUN source ~/.cargo/env && eval "$(opam config env)" && make build_all_sigs
 
diff --git a/node/testing/docker/Dockerfile.openmina b/node/testing/docker/Dockerfile.openmina
index be1ce5b31f..47fad9be95 100644
--- a/node/testing/docker/Dockerfile.openmina
+++ b/node/testing/docker/Dockerfile.openmina
@@ -7,7 +7,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
 
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
-RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+SHELL ["/bin/bash", "-c"]
 
 RUN source ~/.cargo/env && rustup update 1.84
 

From 355501b16679805a4d7b44a1851f213b184bb186 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 19:28:09 +0200
Subject: [PATCH 05/13] Makefile: introduce targets to build all dockerfiles

---
 Makefile | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/Makefile b/Makefile
index 40fac54ea8..883d4c2cc8 100644
--- a/Makefile
+++ b/Makefile
@@ -141,3 +141,66 @@ test-release: ## Run tests in release mode
 .PHONY: test-vrf
 test-vrf: ## Run VRF tests, requires nightly Rust
 	@cd vrf && cargo +nightly test --release -- -Z unstable-options --report-time
+
+# Docker build targets
+DOCKER_ORG ?= openmina
+GIT_COMMIT := $(shell git rev-parse --short=8 HEAD)
+
+.PHONY: docker-build-all
+docker-build-all: docker-build-bootstrap-sandbox docker-build-debugger \
+	docker-build-frontend docker-build-fuzzing docker-build-heartbeats-processor \
+	docker-build-light docker-build-light-focal docker-build-openmina \
+	docker-build-openmina-testing docker-build-producer-dashboard \
+	docker-build-test ## Build all Docker images
+
+.PHONY: docker-build-bootstrap-sandbox
+docker-build-bootstrap-sandbox: ## Build bootstrap sandbox Docker image
+	docker build -t $(DOCKER_ORG)/openmina-bootstrap-sandbox:$(GIT_COMMIT) \
+		tools/bootstrap-sandbox/
+
+.PHONY: docker-build-debugger
+docker-build-debugger: ## Build debugger Docker image
+	docker build -t $(DOCKER_ORG)/openmina-debugger:$(GIT_COMMIT) \
+		-f node/testing/docker/Dockerfile.debugger node/testing/docker/
+
+.PHONY: docker-build-frontend
+docker-build-frontend: ## Build frontend Docker image
+	docker build -t $(DOCKER_ORG)/openmina-frontend:$(GIT_COMMIT) frontend/
+
+.PHONY: docker-build-fuzzing
+docker-build-fuzzing: ## Build fuzzing Docker image
+	docker build -t $(DOCKER_ORG)/openmina-fuzzing:$(GIT_COMMIT) tools/fuzzing/
+
+.PHONY: docker-build-heartbeats-processor
+docker-build-heartbeats-processor: ## Build heartbeats processor Docker image
+	docker build -t $(DOCKER_ORG)/openmina-heartbeats-processor:$(GIT_COMMIT) \
+		tools/heartbeats-processor/
+
+.PHONY: docker-build-light
+docker-build-light: ## Build light Docker image
+	docker build -t $(DOCKER_ORG)/openmina-light:$(GIT_COMMIT) \
+		-f node/testing/docker/Dockerfile.light node/testing/docker/
+
+.PHONY: docker-build-light-focal
+docker-build-light-focal: ## Build light focal Docker image
+	docker build -t $(DOCKER_ORG)/openmina-light-focal:$(GIT_COMMIT) \
+		-f node/testing/docker/Dockerfile.light.focal node/testing/docker/
+
+.PHONY: docker-build-openmina
+docker-build-openmina: ## Build main OpenMina Docker image
+	docker build -t $(DOCKER_ORG)/openmina:$(GIT_COMMIT) .
+
+.PHONY: docker-build-openmina-testing
+docker-build-openmina-testing: ## Build OpenMina testing Docker image
+	docker build -t $(DOCKER_ORG)/openmina-testing:$(GIT_COMMIT) \
+		-f node/testing/docker/Dockerfile.openmina node/testing/docker/
+
+.PHONY: docker-build-producer-dashboard
+docker-build-producer-dashboard: ## Build producer dashboard Docker image
+	docker build -t $(DOCKER_ORG)/openmina-producer-dashboard:$(GIT_COMMIT) \
+		-f docker/producer-dashboard/Dockerfile .
+
+.PHONY: docker-build-test
+docker-build-test: ## Build test Docker image
+	docker build -t $(DOCKER_ORG)/openmina-test:$(GIT_COMMIT) \
+		-f node/testing/docker/Dockerfile.test node/testing/docker/

From af77b1f429cf9909944f6c9c7e5c58fb3a3f8aea Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 20:58:52 +0200
Subject: [PATCH 06/13] Dockerfiles: fix warning DL3059, consolidate RUN
 statements

---
 docker/producer-dashboard/Dockerfile  | 10 +++++-----
 frontend/Dockerfile                   |  9 ++++-----
 tools/heartbeats-processor/Dockerfile |  4 ++--
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index 4078151b37..795782e632 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -59,11 +59,11 @@ RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-
 
 RUN apt-get -y --no-install-recommends install m4 pkg-config
 
-RUN opam init --disable-sandboxing
-RUN opam switch create .
-RUN eval "$(opam config env)"
-RUN opam switch import -y opam.export
-RUN ./scripts/pin-external-packages.sh
+RUN opam init --disable-sandboxing && \
+    opam switch create . && \
+    eval "$(opam config env)" && \
+    opam switch import -y opam.export && \
+    ./scripts/pin-external-packages.sh
 
 RUN curl -L https://go.dev/dl/go1.19.linux-amd64.tar.gz -o go1.19.tar.gz \
     && tar -C /usr/local -xzf go1.19.tar.gz \
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index 88fd344a85..3d824f0e8b 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -3,11 +3,10 @@ FROM node:18 AS BUILD_IMAGE
 ARG BUILD_CONFIGURATION=production
 WORKDIR /app
 COPY . .
-RUN npm install
-RUN node_modules/.bin/ng build --configuration ${BUILD_CONFIGURATION}
-RUN npm prune --production
-
-RUN echo "---------- USING APACHE ----------"
+RUN npm install && \
+    node_modules/.bin/ng build --configuration ${BUILD_CONFIGURATION} && \
+    npm prune --production && \
+    echo "---------- USING APACHE ----------"
 
 
 FROM httpd:2.4
diff --git a/tools/heartbeats-processor/Dockerfile b/tools/heartbeats-processor/Dockerfile
index 3505c6795f..dfc98a9883 100644
--- a/tools/heartbeats-processor/Dockerfile
+++ b/tools/heartbeats-processor/Dockerfile
@@ -5,8 +5,8 @@ WORKDIR /usr/src/app
 RUN apt-get update && apt-get install -y --no-install-recommends pkg-config libssl-dev && rm -rf /var/lib/apt/lists/*
 
 COPY . .
-RUN ls -la tools/heartbeats-processor
-RUN cargo build --release -p heartbeats-processor
+RUN ls -la tools/heartbeats-processor && \
+    cargo build --release -p heartbeats-processor
 
 # Runtime stage
 FROM debian:bookworm-slim

From d9f640b647c9be55a0325580532f34ab1f5e11f0 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 21:04:57 +0200
Subject: [PATCH 07/13] Dockerfiles: fix DL4006, using `pipefail -c`

---
 docker/producer-dashboard/Dockerfile       | 2 +-
 node/testing/docker/Dockerfile.light       | 1 +
 node/testing/docker/Dockerfile.light.focal | 1 +
 node/testing/docker/Dockerfile.openmina    | 3 +--
 tools/fuzzing/Dockerfile                   | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index 795782e632..fb13520ce2 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -37,7 +37,7 @@ RUN apt-get update && \
     unzip \
     rsync
 
-
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
 WORKDIR /go
diff --git a/node/testing/docker/Dockerfile.light b/node/testing/docker/Dockerfile.light
index 5641cc31ae..1df8eda793 100644
--- a/node/testing/docker/Dockerfile.light
+++ b/node/testing/docker/Dockerfile.light
@@ -35,6 +35,7 @@ RUN apt-get update && \
     rsync \
     liblmdb-dev
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
 WORKDIR /go
diff --git a/node/testing/docker/Dockerfile.light.focal b/node/testing/docker/Dockerfile.light.focal
index 1785e46a22..ef21ea0eaa 100644
--- a/node/testing/docker/Dockerfile.light.focal
+++ b/node/testing/docker/Dockerfile.light.focal
@@ -35,6 +35,7 @@ RUN apt-get update && \
     rsync \
     liblmdb-dev
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
 WORKDIR /go
diff --git a/node/testing/docker/Dockerfile.openmina b/node/testing/docker/Dockerfile.openmina
index 47fad9be95..20c5b8aff1 100644
--- a/node/testing/docker/Dockerfile.openmina
+++ b/node/testing/docker/Dockerfile.openmina
@@ -5,10 +5,9 @@ RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
   apt-get -y install --no-install-recommends git curl gcc libssl-dev pkg-config
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 
-SHELL ["/bin/bash", "-c"]
-
 RUN source ~/.cargo/env && rustup update 1.84
 
 RUN git clone https://github.com/openmina/openmina
diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile
index df2c3b60a2..5ff34e08e0 100644
--- a/tools/fuzzing/Dockerfile
+++ b/tools/fuzzing/Dockerfile
@@ -35,7 +35,7 @@ RUN apt -y update && \
     liblmdb-dev \
     rsync
 
-SHELL ["/bin/bash", "-c"]
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
 RUN yes "" | sh <(curl -fsSL https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh)

From 9e6b8356df5575c91644b0ae7764a374b4cfdcd1 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 21:10:21 +0200
Subject: [PATCH 08/13] Dockerfiles: fix DL3003

---
 docker/producer-dashboard/Dockerfile |  3 ++-
 tools/fuzzing/Dockerfile             | 14 +++++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index fb13520ce2..81342b2c9e 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -4,7 +4,8 @@ WORKDIR /usr/src/openmina-producer-dashboard
 
 COPY ../ .
 
-RUN cd producer-dashboard && SQLX_OFFLINE=true cargo install --path .
+WORKDIR /usr/src/openmina-producer-dashboard/producer-dashboard
+RUN SQLX_OFFLINE=true cargo install --path .
 
 FROM ubuntu:noble AS mina-builder
 
diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile
index 5ff34e08e0..e7a2639953 100644
--- a/tools/fuzzing/Dockerfile
+++ b/tools/fuzzing/Dockerfile
@@ -50,13 +50,13 @@ RUN ARCH=$(uname -m) && \
     rm -rf /usr/local/go && \
     curl -sSL https://go.dev/dl/go1.19.5.linux-$ARCH.tar.gz | tar -C /usr/local -xzf -
 RUN export PATH=$PATH:/usr/local/go/bin
-RUN curl -sSL https://capnproto.org/capnproto-c++-0.10.2.tar.gz | tar -zxf - \
-  && cd capnproto-c++-0.10.2 \
-  && ./configure \
-  && make -j6 check \
-  && make install \
-  && cd .. \
-  && rm -rf capnproto-c++-0.10.2
+RUN curl -sSL https://capnproto.org/capnproto-c++-0.10.2.tar.gz | tar -zxf -
+WORKDIR /capnproto-c++-0.10.2
+RUN ./configure && \
+    make -j6 check && \
+    make install
+WORKDIR /
+RUN rm -rf capnproto-c++-0.10.2
 
 RUN git clone https://github.com/openmina/mina.git
 WORKDIR /mina

From d8c727c66710b77f0d9cd5d2ae151f7909b79048 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 21:13:03 +0200
Subject: [PATCH 09/13] Dockerfiles: fix DL3009

---
 Dockerfile                              | 2 +-
 docker/producer-dashboard/Dockerfile    | 2 +-
 node/testing/docker/Dockerfile.debugger | 2 +-
 node/testing/docker/Dockerfile.openmina | 3 ++-
 tools/bootstrap-sandbox/Dockerfile      | 2 +-
 5 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index beee4c70c5..30765be6ef 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,7 @@ RUN git clone --depth 1 https://github.com/openmina/circuit-blobs.git \
     && rm -rf circuit-blobs/berkeley_rc1 circuit-blobs/*/tests
 
 FROM debian:bullseye
-RUN apt-get update && apt-get install -y --no-install-recommends libjemalloc2 libssl1.1 libpq5 curl jq procps && apt-get clean
+RUN apt-get update && apt-get install -y --no-install-recommends libjemalloc2 libssl1.1 libpq5 curl jq procps && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 COPY --from=build /openmina/release-bin/openmina /usr/local/bin/
 COPY --from=build /openmina/testing-release-bin/openmina-node-testing /usr/local/bin/
diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index 81342b2c9e..24756fa472 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -79,7 +79,7 @@ RUN eval "$(opam config env)" && make build_all_sigs
 
 FROM ubuntu:noble
 
-RUN apt-get update && apt-get install -y --no-install-recommends libpq5 libjemalloc2
+RUN apt-get update && apt-get install -y --no-install-recommends libpq5 libjemalloc2 && rm -rf /var/lib/apt/lists/*
 
 COPY --from=app-builder /usr/local/cargo/bin/openmina-producer-dashboard /usr/local/bin/openmina-producer-dashboard
 COPY --from=mina-builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper
diff --git a/node/testing/docker/Dockerfile.debugger b/node/testing/docker/Dockerfile.debugger
index 7b00f502ba..8e413aed88 100644
--- a/node/testing/docker/Dockerfile.debugger
+++ b/node/testing/docker/Dockerfile.debugger
@@ -5,4 +5,4 @@ FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley
 
 COPY --from=debugger /usr/bin/bpf-recorder /usr/bin/bpf-recorder
 
-RUN apt-get update && apt-get -y install --no-install-recommends libelf-dev
+RUN apt-get update && apt-get -y install --no-install-recommends libelf-dev && rm -rf /var/lib/apt/lists/*
diff --git a/node/testing/docker/Dockerfile.openmina b/node/testing/docker/Dockerfile.openmina
index 20c5b8aff1..9c0fc3f326 100644
--- a/node/testing/docker/Dockerfile.openmina
+++ b/node/testing/docker/Dockerfile.openmina
@@ -3,7 +3,8 @@ FROM ubuntu:20.04 AS builder
 ENV TZ=UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
-  apt-get -y install --no-install-recommends git curl gcc libssl-dev pkg-config
+  apt-get -y install --no-install-recommends git curl gcc libssl-dev pkg-config && \
+  rm -rf /var/lib/apt/lists/*
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
diff --git a/tools/bootstrap-sandbox/Dockerfile b/tools/bootstrap-sandbox/Dockerfile
index f1f1bf4b47..6223d58e92 100644
--- a/tools/bootstrap-sandbox/Dockerfile
+++ b/tools/bootstrap-sandbox/Dockerfile
@@ -8,7 +8,7 @@ RUN cargo install --git https://github.com/openmina/openmina.git --branch fix/bo
 
 FROM debian:bullseye
 
-RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev
+RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /usr/local/cargo/bin/openmina-bootstrap-sandbox \
     /usr/local/bin/openmina-bootstrap-sandbox

From 12704b2d00e15a10c9949da3bda93b30c8626f30 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 21:18:15 +0200
Subject: [PATCH 10/13] Dockerfiles: ignore DL3008

---
 Dockerfile                                 | 2 ++
 docker/producer-dashboard/Dockerfile       | 5 +++++
 frontend/Dockerfile                        | 1 +
 node/testing/docker/Dockerfile.debugger    | 1 +
 node/testing/docker/Dockerfile.light       | 1 +
 node/testing/docker/Dockerfile.light.focal | 1 +
 node/testing/docker/Dockerfile.openmina    | 1 +
 node/testing/docker/Dockerfile.test        | 1 +
 tools/bootstrap-sandbox/Dockerfile         | 1 +
 tools/fuzzing/Dockerfile                   | 1 +
 tools/heartbeats-processor/Dockerfile      | 2 ++
 11 files changed, 17 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 30765be6ef..82e17380c3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
 FROM rust:bullseye AS build
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends protobuf-compiler && apt-get clean
 RUN rustup default 1.84 && rustup component add rustfmt
 WORKDIR /openmina
@@ -19,6 +20,7 @@ RUN git clone --depth 1 https://github.com/openmina/circuit-blobs.git \
     && rm -rf circuit-blobs/berkeley_rc1 circuit-blobs/*/tests
 
 FROM debian:bullseye
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends libjemalloc2 libssl1.1 libpq5 curl jq procps && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 COPY --from=build /openmina/release-bin/openmina /usr/local/bin/
diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index 24756fa472..d2a8a6737e 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -9,9 +9,11 @@ RUN SQLX_OFFLINE=true cargo install --path .
 
 FROM ubuntu:noble AS mina-builder
 
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates
 
 # Build mina from source
+# hadolint ignore=DL3008
 RUN apt-get update && \
   apt-get -y --no-install-recommends install \
     libboost-dev \
@@ -58,6 +60,7 @@ RUN git apply ./output_binprot_breadcrumbs.patch
 
 RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam
 
+# hadolint ignore=DL3008
 RUN apt-get -y --no-install-recommends install m4 pkg-config
 
 RUN opam init --disable-sandboxing && \
@@ -73,12 +76,14 @@ ENV PATH="/usr/local/go/bin:${PATH}"
 RUN make libp2p_helper
 
 ENV PATH="/root/.cargo/bin:${PATH}"
+# hadolint ignore=DL3008
 RUN apt-get -y --no-install-recommends install zlib1g-dev
 RUN eval "$(opam config env)" && make build_all_sigs
 # RUN /bin/bash -c "source ~/.cargo/env && eval $(opam config env) && make build_all_sigs"
 
 FROM ubuntu:noble
 
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends libpq5 libjemalloc2 && rm -rf /var/lib/apt/lists/*
 
 COPY --from=app-builder /usr/local/cargo/bin/openmina-producer-dashboard /usr/local/bin/openmina-producer-dashboard
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index 3d824f0e8b..e369c54b4e 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -11,6 +11,7 @@ RUN npm install && \
 
 FROM httpd:2.4
 
+# hadolint ignore=DL3008
 RUN apt-get update && \
     apt-get install -y --no-install-recommends curl && \
     rm -rf /var/lib/apt/lists/*
diff --git a/node/testing/docker/Dockerfile.debugger b/node/testing/docker/Dockerfile.debugger
index 8e413aed88..2e30d0329a 100644
--- a/node/testing/docker/Dockerfile.debugger
+++ b/node/testing/docker/Dockerfile.debugger
@@ -5,4 +5,5 @@ FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley
 
 COPY --from=debugger /usr/bin/bpf-recorder /usr/bin/bpf-recorder
 
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get -y install --no-install-recommends libelf-dev && rm -rf /var/lib/apt/lists/*
diff --git a/node/testing/docker/Dockerfile.light b/node/testing/docker/Dockerfile.light
index 1df8eda793..26a34c814a 100644
--- a/node/testing/docker/Dockerfile.light
+++ b/node/testing/docker/Dockerfile.light
@@ -1,5 +1,6 @@
 FROM golang:1.18.10-buster AS builder
 
+# hadolint ignore=DL3008
 RUN apt-get update && \
   apt-get -y install --no-install-recommends \
     apt-transport-https \
diff --git a/node/testing/docker/Dockerfile.light.focal b/node/testing/docker/Dockerfile.light.focal
index ef21ea0eaa..7a1eee835c 100644
--- a/node/testing/docker/Dockerfile.light.focal
+++ b/node/testing/docker/Dockerfile.light.focal
@@ -1,5 +1,6 @@
 FROM golang:1.18.10-focal AS builder
 
+# hadolint ignore=DL3008
 RUN apt-get update && \
   apt-get -y install --no-install-recommends \
     apt-transport-https \
diff --git a/node/testing/docker/Dockerfile.openmina b/node/testing/docker/Dockerfile.openmina
index 9c0fc3f326..7b0c7318f1 100644
--- a/node/testing/docker/Dockerfile.openmina
+++ b/node/testing/docker/Dockerfile.openmina
@@ -2,6 +2,7 @@ FROM ubuntu:20.04 AS builder
 
 ENV TZ=UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+# hadolint ignore=DL3008
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
   apt-get -y install --no-install-recommends git curl gcc libssl-dev pkg-config && \
   rm -rf /var/lib/apt/lists/*
diff --git a/node/testing/docker/Dockerfile.test b/node/testing/docker/Dockerfile.test
index 9ecf3095f5..2462860478 100644
--- a/node/testing/docker/Dockerfile.test
+++ b/node/testing/docker/Dockerfile.test
@@ -1,3 +1,4 @@
+# hadolint ignore=DL3008
 FROM vladsimplestakingcom/mina-openmina-builder:focal AS builder
 
 RUN git fetch && git checkout feat/tests-with-debugger
diff --git a/tools/bootstrap-sandbox/Dockerfile b/tools/bootstrap-sandbox/Dockerfile
index 6223d58e92..09e8eabddb 100644
--- a/tools/bootstrap-sandbox/Dockerfile
+++ b/tools/bootstrap-sandbox/Dockerfile
@@ -8,6 +8,7 @@ RUN cargo install --git https://github.com/openmina/openmina.git --branch fix/bo
 
 FROM debian:bullseye
 
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /usr/local/cargo/bin/openmina-bootstrap-sandbox \
diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile
index e7a2639953..ad24bbf278 100644
--- a/tools/fuzzing/Dockerfile
+++ b/tools/fuzzing/Dockerfile
@@ -1,6 +1,7 @@
 # FIXME: not working :(
 FROM debian:bullseye
 
+# hadolint ignore=DL3008
 RUN apt -y update && \
   apt -y upgrade && \
   apt -y install --no-install-recommends \
diff --git a/tools/heartbeats-processor/Dockerfile b/tools/heartbeats-processor/Dockerfile
index dfc98a9883..2e08a7a8de 100644
--- a/tools/heartbeats-processor/Dockerfile
+++ b/tools/heartbeats-processor/Dockerfile
@@ -2,6 +2,7 @@
 FROM rust:1.84-slim-bookworm AS builder
 
 WORKDIR /usr/src/app
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends pkg-config libssl-dev && rm -rf /var/lib/apt/lists/*
 
 COPY . .
@@ -11,6 +12,7 @@ RUN ls -la tools/heartbeats-processor && \
 # Runtime stage
 FROM debian:bookworm-slim
 
+# hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends libsqlite3-0 ca-certificates && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app

From b2804741d33e40ee4fc9515a52c4d6cdbb5fb129 Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 21:22:37 +0200
Subject: [PATCH 11/13] Dockerfiles: fix the remaining warnings and info

Issues Fixed:

1. DL3027 - Replaced apt with apt-get in tools/fuzzing/Dockerfile
2. SC2086 - Added double quotes around $ARCH variable in
tools/fuzzing/Dockerfile
3. DL3059 - Consolidated consecutive RUN instructions in
tools/fuzzing/Dockerfile
4. SC2174 - Fixed mkdir -p -m by separating into mkdir -p and chmod commands in
tools/bootstrap-sandbox/Dockerfile
5. SC3046 - Replaced source with . in node/testing/docker/Dockerfile.test
6. DL3009 - Added missing rm -rf /var/lib/apt/lists/* cleanup in
tools/fuzzing/Dockerfile
---
 node/testing/docker/Dockerfile.test |  2 +-
 tools/bootstrap-sandbox/Dockerfile  |  2 +-
 tools/fuzzing/Dockerfile            | 16 ++++++++--------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/node/testing/docker/Dockerfile.test b/node/testing/docker/Dockerfile.test
index 2462860478..0ca302c97c 100644
--- a/node/testing/docker/Dockerfile.test
+++ b/node/testing/docker/Dockerfile.test
@@ -3,7 +3,7 @@ FROM vladsimplestakingcom/mina-openmina-builder:focal AS builder
 
 RUN git fetch && git checkout feat/tests-with-debugger
 
-RUN source ~/.cargo/env && cargo +1.84 build --release -p openmina-node-testing --bin runner --bin openmina-node-testing
+RUN . ~/.cargo/env && cargo +1.84 build --release -p openmina-node-testing --bin runner --bin openmina-node-testing
 
 FROM vladsimplestakingcom/mina-debugger:2.0.0rampup4-focal
 
diff --git a/tools/bootstrap-sandbox/Dockerfile b/tools/bootstrap-sandbox/Dockerfile
index 09e8eabddb..d1ccd3068b 100644
--- a/tools/bootstrap-sandbox/Dockerfile
+++ b/tools/bootstrap-sandbox/Dockerfile
@@ -1,6 +1,6 @@
 FROM rust:1.84.0-bullseye AS builder
 
-RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
+RUN mkdir -p ~/.ssh && chmod 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
 
 ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
 
diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile
index ad24bbf278..53e828aa18 100644
--- a/tools/fuzzing/Dockerfile
+++ b/tools/fuzzing/Dockerfile
@@ -2,9 +2,9 @@
 FROM debian:bullseye
 
 # hadolint ignore=DL3008
-RUN apt -y update && \
-  apt -y upgrade && \
-  apt -y install --no-install-recommends \
+RUN apt-get -y update && \
+  apt-get -y upgrade && \
+  apt-get -y install --no-install-recommends \
     apt-transport-https \
     ca-certificates \
     pkg-config \
@@ -34,7 +34,8 @@ RUN apt -y update && \
     python3 \
     tzdata \
     liblmdb-dev \
-    rsync
+    rsync && \
+  rm -rf /var/lib/apt/lists/*
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
@@ -49,7 +50,7 @@ RUN ARCH=$(uname -m) && \
         echo "Unsupported architecture: $ARCH" && exit 1; \
     fi && \
     rm -rf /usr/local/go && \
-    curl -sSL https://go.dev/dl/go1.19.5.linux-$ARCH.tar.gz | tar -C /usr/local -xzf -
+    curl -sSL https://go.dev/dl/go1.19.5.linux-"$ARCH".tar.gz | tar -C /usr/local -xzf -
 RUN export PATH=$PATH:/usr/local/go/bin
 RUN curl -sSL https://capnproto.org/capnproto-c++-0.10.2.tar.gz | tar -zxf -
 WORKDIR /capnproto-c++-0.10.2
@@ -57,9 +58,8 @@ RUN ./configure && \
     make -j6 check && \
     make install
 WORKDIR /
-RUN rm -rf capnproto-c++-0.10.2
-
-RUN git clone https://github.com/openmina/mina.git
+RUN rm -rf capnproto-c++-0.10.2 && \
+    git clone https://github.com/openmina/mina.git
 WORKDIR /mina
 RUN git submodule update --init --recursive && \
     git config --local --add submodule.recurse true && \

From cb3593cfd26f8ffb41c025dbfc274d7697549f3d Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 21:23:06 +0200
Subject: [PATCH 12/13] Makefile: exit with error if hadolint is not empty

Updated the lint-dockerfiles target to:
- Capture all hadolint output
- Exit with code 1 if any warnings or errors are found
- Work correctly in both GitHub Actions and local environments
---
 Makefile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 883d4c2cc8..30b23cbb38 100644
--- a/Makefile
+++ b/Makefile
@@ -98,9 +98,17 @@ lint: ## Run linter (clippy)
 .PHONY: lint-dockerfiles
 lint-dockerfiles: ## Check all Dockerfiles using hadolint
 	@if [ "$$GITHUB_ACTIONS" = "true" ]; then \
-		find . -name "Dockerfile*" -type f -exec hadolint {} \;; \
+		OUTPUT=$$(find . -name "Dockerfile*" -type f -exec hadolint {} \;); \
+		if [ -n "$$OUTPUT" ]; then \
+			echo "$$OUTPUT"; \
+			exit 1; \
+		fi; \
 	else \
-		find . -name "Dockerfile*" -type f -exec sh -c 'docker run --rm -i hadolint/hadolint < "$$1"' _ {} \;; \
+		OUTPUT=$$(find . -name "Dockerfile*" -type f -exec sh -c 'docker run --rm -i hadolint/hadolint < "$$1"' _ {} \;); \
+		if [ -n "$$OUTPUT" ]; then \
+			echo "$$OUTPUT"; \
+			exit 1; \
+		fi; \
 	fi
 
 .PHONY: setup-wasm-toolchain

From a0221d1593d10e82e72c48791b5c22905cede39b Mon Sep 17 00:00:00 2001
From: Danny Willems <be.danny.willems@gmail.com>
Date: Wed, 16 Jul 2025 21:32:35 +0200
Subject: [PATCH 13/13] Dockerfiles: wrap at 80 chars

---
 Dockerfile                                 | 24 +++++++++----
 docker/producer-dashboard/Dockerfile       | 41 +++++++++++++++-------
 frontend/Dockerfile                        | 12 ++++---
 node/testing/docker/Dockerfile.debugger    |  4 ++-
 node/testing/docker/Dockerfile.light       | 19 +++++++---
 node/testing/docker/Dockerfile.light.focal | 19 +++++++---
 node/testing/docker/Dockerfile.openmina    | 11 +++---
 node/testing/docker/Dockerfile.test        |  9 +++--
 tools/bootstrap-sandbox/Dockerfile         | 13 +++++--
 tools/fuzzing/Dockerfile                   | 18 ++++++----
 tools/heartbeats-processor/Dockerfile      |  9 +++--
 11 files changed, 126 insertions(+), 53 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 82e17380c3..984165b045 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,8 @@
 FROM rust:bullseye AS build
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends protobuf-compiler && apt-get clean
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends protobuf-compiler && \
+    apt-get clean
 RUN rustup default 1.84 && rustup component add rustfmt
 WORKDIR /openmina
 COPY . .
@@ -12,22 +14,30 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
 
 RUN --mount=type=cache,target=/usr/local/cargo/registry \
     --mount=type=cache,target=/openmina/target,id=rust-target \
-    cargo build --release --features scenario-generators --bin openmina-node-testing && \
+    cargo build --release --features scenario-generators \
+        --bin openmina-node-testing && \
     cp -r /openmina/target/release /openmina/testing-release-bin/
 
 # necessary for proof generation when running a block producer.
-RUN git clone --depth 1 https://github.com/openmina/circuit-blobs.git \
-    && rm -rf circuit-blobs/berkeley_rc1 circuit-blobs/*/tests
+RUN git clone --depth 1 \
+        https://github.com/openmina/circuit-blobs.git && \
+    rm -rf circuit-blobs/berkeley_rc1 circuit-blobs/*/tests
 
 FROM debian:bullseye
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends libjemalloc2 libssl1.1 libpq5 curl jq procps && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        libjemalloc2 libssl1.1 libpq5 curl jq procps && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 COPY --from=build /openmina/release-bin/openmina /usr/local/bin/
-COPY --from=build /openmina/testing-release-bin/openmina-node-testing /usr/local/bin/
+COPY --from=build /openmina/testing-release-bin/openmina-node-testing \
+    /usr/local/bin/
 
 RUN mkdir -p /usr/local/lib/openmina/circuit-blobs
-COPY --from=build /openmina/circuit-blobs/ /usr/local/lib/openmina/circuit-blobs/
+COPY --from=build /openmina/circuit-blobs/ \
+    /usr/local/lib/openmina/circuit-blobs/
 
 EXPOSE 3000
 EXPOSE 8302
diff --git a/docker/producer-dashboard/Dockerfile b/docker/producer-dashboard/Dockerfile
index d2a8a6737e..c7dcbb5329 100644
--- a/docker/producer-dashboard/Dockerfile
+++ b/docker/producer-dashboard/Dockerfile
@@ -10,7 +10,8 @@ RUN SQLX_OFFLINE=true cargo install --path .
 FROM ubuntu:noble AS mina-builder
 
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends openssl ca-certificates
 
 # Build mina from source
 # hadolint ignore=DL3008
@@ -41,7 +42,8 @@ RUN apt-get update && \
     rsync
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
+    sh -s -- -y
 
 WORKDIR /go
 RUN git clone https://github.com/MinaProtocol/mina.git
@@ -49,7 +51,8 @@ RUN git clone https://github.com/MinaProtocol/mina.git
 ENV DUNE_PROFILE=devnet
 
 WORKDIR /go/mina
-COPY ../docker/producer-dashboard/output_binprot_breadcrumbs.patch .
+COPY ../docker/producer-dashboard/output_binprot_breadcrumbs.patch \
+    .
 RUN git checkout 3.0.1 && \
     git submodule update --init --recursive && \
     git config --local --add submodule.recurse true
@@ -58,7 +61,10 @@ RUN git apply ./output_binprot_breadcrumbs.patch
 
 # RUN make libp2p_helper
 
-RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam
+RUN curl -s -L \
+        https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux \
+        -o /usr/local/bin/opam && \
+    chmod +x /usr/local/bin/opam
 
 # hadolint ignore=DL3008
 RUN apt-get -y --no-install-recommends install m4 pkg-config
@@ -69,9 +75,10 @@ RUN opam init --disable-sandboxing && \
     opam switch import -y opam.export && \
     ./scripts/pin-external-packages.sh
 
-RUN curl -L https://go.dev/dl/go1.19.linux-amd64.tar.gz -o go1.19.tar.gz \
-    && tar -C /usr/local -xzf go1.19.tar.gz \
-    && rm go1.19.tar.gz
+RUN curl -L https://go.dev/dl/go1.19.linux-amd64.tar.gz \
+        -o go1.19.tar.gz && \
+    tar -C /usr/local -xzf go1.19.tar.gz && \
+    rm go1.19.tar.gz
 ENV PATH="/usr/local/go/bin:${PATH}"
 RUN make libp2p_helper
 
@@ -79,16 +86,24 @@ ENV PATH="/root/.cargo/bin:${PATH}"
 # hadolint ignore=DL3008
 RUN apt-get -y --no-install-recommends install zlib1g-dev
 RUN eval "$(opam config env)" && make build_all_sigs
-# RUN /bin/bash -c "source ~/.cargo/env && eval $(opam config env) && make build_all_sigs"
+# RUN /bin/bash -c "source ~/.cargo/env && eval $(opam config env) && \
+#     make build_all_sigs"
 
 FROM ubuntu:noble
 
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends libpq5 libjemalloc2 && rm -rf /var/lib/apt/lists/*
-
-COPY --from=app-builder /usr/local/cargo/bin/openmina-producer-dashboard /usr/local/bin/openmina-producer-dashboard
-COPY --from=mina-builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper
-COPY --from=mina-builder /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe /usr/local/bin/mina
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends libpq5 libjemalloc2 && \
+    rm -rf /var/lib/apt/lists/*
+
+COPY --from=app-builder /usr/local/cargo/bin/openmina-producer-dashboard \
+    /usr/local/bin/openmina-producer-dashboard
+COPY --from=mina-builder \
+    /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper \
+    /usr/local/bin/coda-libp2p_helper
+COPY --from=mina-builder \
+    /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe \
+    /usr/local/bin/mina
 
 # TODO: replace
 ENTRYPOINT [ "openmina-producer-dashboard" ]
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
index e369c54b4e..3ac9d182a3 100644
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -1,10 +1,12 @@
 FROM node:18 AS BUILD_IMAGE
-# Doesn't matter what we put here - it get's overwritten by the docker build command
+# Doesn't matter what we put here - it get's overwritten by the docker \
+# build command
 ARG BUILD_CONFIGURATION=production
 WORKDIR /app
 COPY . .
 RUN npm install && \
-    node_modules/.bin/ng build --configuration ${BUILD_CONFIGURATION} && \
+    node_modules/.bin/ng build --configuration \
+        ${BUILD_CONFIGURATION} && \
     npm prune --production && \
     echo "---------- USING APACHE ----------"
 
@@ -16,8 +18,10 @@ RUN apt-get update && \
     apt-get install -y --no-install-recommends curl && \
     rm -rf /var/lib/apt/lists/*
 
-COPY --from=BUILD_IMAGE /app/dist/frontend/browser /usr/local/apache2/htdocs/
-COPY --from=BUILD_IMAGE /app/httpd.conf /usr/local/apache2/conf/httpd.conf
+COPY --from=BUILD_IMAGE /app/dist/frontend/browser \
+    /usr/local/apache2/htdocs/
+COPY --from=BUILD_IMAGE /app/httpd.conf \
+    /usr/local/apache2/conf/httpd.conf
 
 COPY docker/startup.sh /usr/local/bin/startup.sh
 RUN chmod +x /usr/local/bin/startup.sh
diff --git a/node/testing/docker/Dockerfile.debugger b/node/testing/docker/Dockerfile.debugger
index 2e30d0329a..5c9650ac57 100644
--- a/node/testing/docker/Dockerfile.debugger
+++ b/node/testing/docker/Dockerfile.debugger
@@ -6,4 +6,6 @@ FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley
 COPY --from=debugger /usr/bin/bpf-recorder /usr/bin/bpf-recorder
 
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get -y install --no-install-recommends libelf-dev && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get -y install --no-install-recommends libelf-dev && \
+    rm -rf /var/lib/apt/lists/*
diff --git a/node/testing/docker/Dockerfile.light b/node/testing/docker/Dockerfile.light
index 26a34c814a..f4514d7e13 100644
--- a/node/testing/docker/Dockerfile.light
+++ b/node/testing/docker/Dockerfile.light
@@ -37,7 +37,8 @@ RUN apt-get update && \
     liblmdb-dev
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
+    sh -s -- -y
 
 WORKDIR /go
 RUN git clone https://github.com/MinaProtocol/mina.git
@@ -51,7 +52,10 @@ RUN git checkout -b 2.0.0rampup4 2.0.0rampup4 && \
 
 RUN make libp2p_helper
 
-RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam
+RUN curl -s -L \
+        https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux \
+        -o /usr/local/bin/opam && \
+    chmod +x /usr/local/bin/opam
 
 RUN opam init --disable-sandboxing \
   && opam switch create . \
@@ -65,9 +69,14 @@ RUN git apply patch
 
 SHELL ["/bin/bash", "-c"]
 
-RUN source ~/.cargo/env && eval "$(opam config env)" && make build_all_sigs
+RUN source ~/.cargo/env && eval "$(opam config env)" && \
+    make build_all_sigs
 
 FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-buster-berkeley
 
-COPY --from=builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper
-COPY --from=builder /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe /usr/local/bin/mina
+COPY --from=builder \
+    /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper \
+    /usr/local/bin/coda-libp2p_helper
+COPY --from=builder \
+    /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe \
+    /usr/local/bin/mina
diff --git a/node/testing/docker/Dockerfile.light.focal b/node/testing/docker/Dockerfile.light.focal
index 7a1eee835c..8468b8a497 100644
--- a/node/testing/docker/Dockerfile.light.focal
+++ b/node/testing/docker/Dockerfile.light.focal
@@ -37,7 +37,8 @@ RUN apt-get update && \
     liblmdb-dev
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
+    sh -s -- -y
 
 WORKDIR /go
 RUN git clone https://github.com/MinaProtocol/mina.git
@@ -51,7 +52,10 @@ RUN git checkout -b 2.0.0rampup4 2.0.0rampup4 && \
 
 RUN make libp2p_helper
 
-RUN curl -s -L https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam
+RUN curl -s -L \
+        https://github.com/ocaml/opam/releases/download/2.1.2/opam-2.1.2-x86_64-linux \
+        -o /usr/local/bin/opam && \
+    chmod +x /usr/local/bin/opam
 
 RUN opam init --disable-sandboxing \
   && opam switch create . \
@@ -65,9 +69,14 @@ RUN git apply patch
 
 SHELL ["/bin/bash", "-c"]
 
-RUN source ~/.cargo/env && eval "$(opam config env)" && make build_all_sigs
+RUN source ~/.cargo/env && eval "$(opam config env)" && \
+    make build_all_sigs
 
 FROM minaprotocol/mina-daemon:2.0.0rampup4-14047c5-focal-berkeley
 
-COPY --from=builder /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper /usr/local/bin/coda-libp2p_helper
-COPY --from=builder /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe /usr/local/bin/mina
+COPY --from=builder \
+    /go/mina/src/app/libp2p_helper/result/bin/libp2p_helper \
+    /usr/local/bin/coda-libp2p_helper
+COPY --from=builder \
+    /go/mina/_build/default/src/app/cli/src/mina_testnet_signatures.exe \
+    /usr/local/bin/mina
diff --git a/node/testing/docker/Dockerfile.openmina b/node/testing/docker/Dockerfile.openmina
index 7b0c7318f1..83f18210b7 100644
--- a/node/testing/docker/Dockerfile.openmina
+++ b/node/testing/docker/Dockerfile.openmina
@@ -1,14 +1,17 @@
 FROM ubuntu:20.04 AS builder
 
 ENV TZ=UTC
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \
+    echo $TZ > /etc/timezone
 # hadolint ignore=DL3008
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
-  apt-get -y install --no-install-recommends git curl gcc libssl-dev pkg-config && \
-  rm -rf /var/lib/apt/lists/*
+    apt-get -y install --no-install-recommends git curl gcc libssl-dev \
+        pkg-config && \
+    rm -rf /var/lib/apt/lists/*
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
+    sh -s -- -y
 
 RUN source ~/.cargo/env && rustup update 1.84
 
diff --git a/node/testing/docker/Dockerfile.test b/node/testing/docker/Dockerfile.test
index 0ca302c97c..c3aac9a3a3 100644
--- a/node/testing/docker/Dockerfile.test
+++ b/node/testing/docker/Dockerfile.test
@@ -3,11 +3,14 @@ FROM vladsimplestakingcom/mina-openmina-builder:focal AS builder
 
 RUN git fetch && git checkout feat/tests-with-debugger
 
-RUN . ~/.cargo/env && cargo +1.84 build --release -p openmina-node-testing --bin runner --bin openmina-node-testing
+RUN . ~/.cargo/env && cargo +1.84 build --release \
+    -p openmina-node-testing --bin runner --bin openmina-node-testing
 
 FROM vladsimplestakingcom/mina-debugger:2.0.0rampup4-focal
 
-COPY --from=builder /openmina/target/release/runner /usr/local/bin/runner
-COPY --from=builder /openmina/target/release/openmina-node-testing /usr/local/bin/openmina-node-testing
+COPY --from=builder /openmina/target/release/runner \
+    /usr/local/bin/runner
+COPY --from=builder /openmina/target/release/openmina-node-testing \
+    /usr/local/bin/openmina-node-testing
 
 ENV BPF_ALIAS="3c41383994b87449625df91769dff7b507825c064287d30fada9286f3f1cb15e-0.0.0.0"
diff --git a/tools/bootstrap-sandbox/Dockerfile b/tools/bootstrap-sandbox/Dockerfile
index d1ccd3068b..144169e7e6 100644
--- a/tools/bootstrap-sandbox/Dockerfile
+++ b/tools/bootstrap-sandbox/Dockerfile
@@ -1,15 +1,22 @@
 FROM rust:1.84.0-bullseye AS builder
 
-RUN mkdir -p ~/.ssh && chmod 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
+RUN mkdir -p ~/.ssh && \
+    chmod 0700 ~/.ssh && \
+    ssh-keyscan github.com >> ~/.ssh/known_hosts
 
 ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
 
-RUN cargo install --git https://github.com/openmina/openmina.git --branch fix/bootstrap-replay openmina-bootstrap-sandbox --locked
+RUN cargo install \
+    --git https://github.com/openmina/openmina.git \
+    --branch fix/bootstrap-replay \
+    openmina-bootstrap-sandbox --locked
 
 FROM debian:bullseye
 
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends libssl-dev && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends libssl-dev && \
+    rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /usr/local/cargo/bin/openmina-bootstrap-sandbox \
     /usr/local/bin/openmina-bootstrap-sandbox
diff --git a/tools/fuzzing/Dockerfile b/tools/fuzzing/Dockerfile
index 53e828aa18..995c49ac92 100644
--- a/tools/fuzzing/Dockerfile
+++ b/tools/fuzzing/Dockerfile
@@ -39,8 +39,10 @@ RUN apt-get -y update && \
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-RUN yes "" | sh <(curl -fsSL https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh)
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
+    sh -s -- -y
+RUN yes "" | \
+    sh <(curl -fsSL https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh)
 RUN ARCH=$(uname -m) && \
     if [ "$ARCH" = "aarch64" ]; then \
         ARCH="arm64"; \
@@ -50,9 +52,11 @@ RUN ARCH=$(uname -m) && \
         echo "Unsupported architecture: $ARCH" && exit 1; \
     fi && \
     rm -rf /usr/local/go && \
-    curl -sSL https://go.dev/dl/go1.19.5.linux-"$ARCH".tar.gz | tar -C /usr/local -xzf -
+    curl -sSL https://go.dev/dl/go1.19.5.linux-"$ARCH".tar.gz | \
+        tar -C /usr/local -xzf -
 RUN export PATH=$PATH:/usr/local/go/bin
-RUN curl -sSL https://capnproto.org/capnproto-c++-0.10.2.tar.gz | tar -zxf -
+RUN curl -sSL https://capnproto.org/capnproto-c++-0.10.2.tar.gz | \
+    tar -zxf -
 WORKDIR /capnproto-c++-0.10.2
 RUN ./configure && \
     make -j6 check && \
@@ -74,6 +78,8 @@ RUN source ~/.cargo/env && \
     export PATH=$PATH:/usr/local/go/bin && \
     export DUNE_PROFILE=devnet && \
     make libp2p_helper && \
-    dune build src/app/transaction_fuzzer/transaction_fuzzer.exe --profile=devnet
-CMD ["/mina/_build/default/src/app/transaction_fuzzer/transaction_fuzzer.exe", "execute"]
+    dune build src/app/transaction_fuzzer/transaction_fuzzer.exe \
+        --profile=devnet
+CMD ["/mina/_build/default/src/app/transaction_fuzzer/transaction_fuzzer.exe", \
+    "execute"]
 
diff --git a/tools/heartbeats-processor/Dockerfile b/tools/heartbeats-processor/Dockerfile
index 2e08a7a8de..716f0bba03 100644
--- a/tools/heartbeats-processor/Dockerfile
+++ b/tools/heartbeats-processor/Dockerfile
@@ -3,7 +3,9 @@ FROM rust:1.84-slim-bookworm AS builder
 
 WORKDIR /usr/src/app
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends pkg-config libssl-dev && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends pkg-config libssl-dev && \
+    rm -rf /var/lib/apt/lists/*
 
 COPY . .
 RUN ls -la tools/heartbeats-processor && \
@@ -13,7 +15,10 @@ RUN ls -la tools/heartbeats-processor && \
 FROM debian:bookworm-slim
 
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends libsqlite3-0 ca-certificates && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        libsqlite3-0 ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app