&& curl -LO https://nodejs.org/dist/latest-v22.x/SHASUMS256.txt
&& LATEST_VERSION_FILENAME=$(cat SHASUMS256.txt | grep -o "node-v.*-linux-$ARCH" | sort | uniq)
&& curl -fsSLO --compressed "https://nodejs.org/dist/latest-v22.x/$LATEST_VERSION_FILENAME.tar.xz"
&& curl -fsSLO --compressed "https://nodejs.org/dist/latest-v22.x/SHASUMS256.txt.asc" \

So in your issue:

Location

Dockerfile - base stage, Node.js installation RUN block
Where latest-v22.x is used dynamically in multiple curl commands

Problem

Using latest-v22.x fetches the latest patch release at build time,
making builds non-deterministic. Two builds on different dates could
pull different Node.js versions silently.

Suggested

Pin to a specific version, e.g. v22.14.0, so every build
pulls the same Node.js binary regardless of when it runs.