chore: Update Alpine base image digest

[gocanto]

Summary

• update the final stage base image to the latest alpine:3.22 digest

Testing

• make format

---

https://chatgpt.com/codex/tasks/task_e_68ee162534f88333acfc9078624bf25f

Summary by CodeRabbit

• Chores
  • Updated container base images to use configurable, verified image digests, improving supply-chain security, build reproducibility, and consistency across environments. This centralizes base-image management to simplify updates and maintenance. No runtime or application behavior changes.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Introduces two new Docker build arguments, GOLANG_ALPINE_DIGEST and ALPINE_DIGEST, and replaces hardcoded base image digests in both the builder and final stages with ${GOLANG_ALPINE_DIGEST} and ${ALPINE_DIGEST} respectively; no other Dockerfile instructions or runtime configuration changed.

Changes

Cohort / File(s)	Summary of Changes
Dockerfile: base image digest parametrization docker/dockerfile-api/Dockerfile	Added build args GOLANG_ALPINE_DIGEST and ALPINE_DIGEST; replaced hardcoded builder-stage base image digest with ${GOLANG_ALPINE_DIGEST} and final-stage base image digest with ${ALPINE_DIGEST}.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant Docker as Docker Build
    participant File as docker/dockerfile-api/Dockerfile

    Dev->>Docker: docker build --build-arg GOLANG_ALPINE_DIGEST=... --build-arg ALPINE_DIGEST=...
    Docker->>File: inject build args
    File->>Docker: use ${GOLANG_ALPINE_DIGEST} in builder stage
    File->>Docker: use ${ALPINE_DIGEST} in final stage
    Docker-->>Dev: produced image with specified digests
    note right of Docker #DDEEFF: Build args replace prior hardcoded digests

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore: Update Docker images to latest releases #140 — Also modifies docker/dockerfile-api base image references; likely related to digest/tag updates.

Poem

I nibble at digests, swap a tiny key,
Builder and final now ask me politely: "Which be?"
Two args in my pocket, tidy and spry,
Layers unchanged — just pointers that fly.
Hop, build, and ship — says the rabbit with glee.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title concisely and accurately describes the primary change of updating the Alpine base image digest in the Dockerfile, matching the PR’s main objective of replacing hardcoded digests with variable references.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch gus/verify-alpine-base-image-digest-and-advisories-2025-10-15

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 95922c4 and 1200312.

📒 Files selected for processing (1)

• docker/dockerfile-api (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docker/dockerfile-api

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: test (1.25.1)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @gocanto, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the security and stability of the application's Docker image by updating the cryptographic digest for the alpine:3.22 base image. This ensures that the build process consistently uses the most recent and secure version of Alpine Linux, incorporating the latest patches and fixes without changing the specified Alpine version.

Highlights

• Dependency Update: The alpine:3.22 base image digest has been updated in the docker/dockerfile-api to its latest available version.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the SHA256 digest for the alpine:3.22 base image in the final stage of the docker/dockerfile-api, which is a good practice for ensuring reproducible and secure builds. For improved consistency, I recommend also reviewing the digests for other alpine:3.22-based images. The golang:1.25.3-alpine3.22 image in the builder stage could be checked for a newer digest, and the postgres:17.6-alpine3.22 image in docker-compose.yml could be pinned to a specific digest to align with the practices in this Dockerfile.