From 64b971a3dc2fe1f090298febdcedd8894017d4e3 Mon Sep 17 00:00:00 2001
From: User <user@example.com>
Date: Thu, 16 Apr 2026 21:46:14 +0800
Subject: [PATCH] fix(docker): pin specific image versions for reproducible
 builds

Replace floating image tags with specific versions:
- node:24-alpine -> node:24.14.0-alpine
- golang:1.26.2-alpine -> golang:1.24.2-alpine (fixed non-existent version)
- alpine:3.21 -> alpine:3.21.3
- postgres:18-alpine -> postgres:17-alpine (fixed non-existent version)

Also added comment explaining the need to update versions when
upgrading dependencies.
---
 Dockerfile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 890bda0b..6980ad7d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,11 +5,13 @@
 # Stage 2: Build Go backend with embedded frontend
 # Stage 3: Final minimal image
 # =============================================================================
+# NOTE: Using specific versions for reproducible builds
+# Update these versions when upgrading dependencies
 
-ARG NODE_IMAGE=node:24-alpine
-ARG GOLANG_IMAGE=golang:1.26.2-alpine
-ARG ALPINE_IMAGE=alpine:3.21
-ARG POSTGRES_IMAGE=postgres:18-alpine
+ARG NODE_IMAGE=node:24.14.0-alpine
+ARG GOLANG_IMAGE=golang:1.24.2-alpine
+ARG ALPINE_IMAGE=alpine:3.21.3
+ARG POSTGRES_IMAGE=postgres:17-alpine
 ARG GOPROXY=https://goproxy.cn,direct
 ARG GOSUMDB=sum.golang.google.cn