chore: pin node 24 base image to sha256 digest

[LautaroPetaccio]

Sets the base image to node:24-alpine@sha256:5fa278c599dbba0c8f873d8717d50ecbb57c5ae6a53b7ab240c25135e0b65995 (was node:10-alpine) and pins it to an immutable sha256 digest for reproducible builds.

[decentraland-bot]

Review — chore: pin node 24 base image to sha256 digest

Findings

[P1] Major Node.js version jump (10 → 24): This PR changes the base image from node:10-alpine to node:24-alpine@sha256:.... While pinning to a digest is good practice, this also upgrades Node.js by 14 major versions. Node 10 reached EOL in April 2021, so the upgrade is overdue — but it introduces significant risk:

• python2 is unavailable on modern Alpine. Line 3 of the Dockerfile runs apk add --no-cache python2 ... — python2 was removed from Alpine repos starting with Alpine 3.17. Node 24 Alpine uses Alpine 3.21+, so this will fail at build time. Should be changed to python3 (and verify that any native module build scripts are compatible).

• No CI checks reported. There are no status checks running on this branch, so there's no automated validation that the build succeeds or the application works with Node 24.

• Potential breaking changes across 14 major Node versions — native module ABI compatibility, API deprecations, and behavioral changes. This should ideally be validated with tests.

Recommendation

Either:

1. Fix the python2 → python3 reference, verify the build succeeds, and add/enable CI checks, or
2. Scope this PR to just the digest pin on the existing node:10-alpine image and do the Node upgrade in a separate, properly tested PR.

CI Status

• ⚠️ No checks reported

---

Reviewed by Jarvis 🤖 · Requested by Lautaro Petaccio via Slack