diff --git a/.github/workflows/lint-test-build-push.yml b/.github/workflows/lint-test-build-push.yml
index 4a72a65..7bcf885 100644
--- a/.github/workflows/lint-test-build-push.yml
+++ b/.github/workflows/lint-test-build-push.yml
@@ -15,6 +15,8 @@ jobs:
 
       - uses: actions/setup-go@v5
 
+      - uses: hadolint/hadolint-action@v3.1.0
+
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
diff --git a/Dockerfile b/Dockerfile
index 93931fa..f25a017 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,21 +2,34 @@ FROM golang:1.22-bookworm
 
 WORKDIR /app
 
-RUN apt-get update \
-  && apt-get install -y curl git jq sudo ca-certificates \
-  && install -m 0755 -d /etc/apt/keyrings \
-  && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
-  && chmod a+r /etc/apt/keyrings/docker.asc \
-  && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
-  && apt-get update \
-  && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \
-  && apt-get clean \
-  && rm -rf /var/lib/apt/lists/*
+SHELL ["/bin/ash", "-o", "pipefail", "-c"]
+
+# hadolint ignore=SC1091
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+      curl=7.88.1-10+deb12u8 \
+      git=1:2.39.5-0+deb12u1 \
+      jq=1.6-2.1 \
+      sudo=1.9.13p3-1+deb12u1 \
+      ca-certificates=20230311 && \
+    install -m 0755 -d /etc/apt/keyrings && \
+    curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \
+    chmod a+r /etc/apt/keyrings/docker.asc && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+      docker-ce=5:27.4.0-1~debian.12~bookworm \
+      docker-ce-cli=5:27.4.0-1~debian.12~bookworm \
+      containerd.io=1.7.24-1 \
+      docker-buildx-plugin=0.19.2-1~debian.12~bookworm \
+      docker-compose-plugin=2.31.0-1~debian.12~bookworm && \
+   apt-get clean && \
+   rm -rf /var/lib/apt/lists/*
 
 COPY . ./
 
-RUN go mod download \
-  && go build -o /app/rollout \
-  && go clean -cache -modcache
+RUN go mod download && \
+   go build -o /app/rollout && \
+   go clean -cache -modcache
 
 ENTRYPOINT [ "/app/rollout"]