diff --git a/.github/workflows/monorepo-docker.yml b/.github/workflows/monorepo-docker.yml
index e2e8a443ea0..c2ee22a96a3 100644
--- a/.github/workflows/monorepo-docker.yml
+++ b/.github/workflows/monorepo-docker.yml
@@ -13,6 +13,7 @@ on:
       - 'docker-entrypoint.sh'
       - '.dockerignore'
       - '.github/workflows/monorepo-docker.yml'
+      - 'solidity/.foundryrc'
       - 'typescript/ccip-server/**'
       # Dependency changes that could affect the Docker build
       - 'yarn.lock'
@@ -99,6 +100,12 @@ jobs:
           REGISTRY_VERSION=$(cat .registryrc)
           echo "REGISTRY_VERSION=$REGISTRY_VERSION" >> $GITHUB_ENV
 
+      - name: Read Foundry version
+        shell: bash
+        run: |
+          FOUNDRY_VERSION=$(cat solidity/.foundryrc)
+          echo "FOUNDRY_VERSION=$FOUNDRY_VERSION" >> $GITHUB_ENV
+
       - name: Determine platforms
         id: determine-platforms
         run: |
@@ -119,6 +126,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
+            FOUNDRY_VERSION=${{ env.FOUNDRY_VERSION }}
             REGISTRY_COMMIT=${{ env.REGISTRY_VERSION }}
           platforms: ${{ steps.determine-platforms.outputs.platforms }}
 
diff --git a/Dockerfile b/Dockerfile
index f5b7179b029..5a172ffd5fd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,16 @@
-FROM node:20-slim
+FROM node:20-alpine
 
 WORKDIR /hyperlane-monorepo
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    git g++ make python3 python3-pip jq bash curl ca-certificates unzip \
-    && rm -rf /var/lib/apt/lists/* \
-    && yarn set version 4.5.1
+RUN apk add --update --no-cache git g++ make py3-pip jq bash curl && \
+    yarn set version 4.5.1
 
-# Install Foundry for solidity builds (early for layer caching)
-COPY solidity/.foundryrc ./solidity/
-RUN curl -L https://foundry.paradigm.xyz | bash
-RUN /root/.foundry/bin/foundryup --install $(cat solidity/.foundryrc)
-ENV PATH="/root/.foundry/bin:${PATH}"
+# Install Foundry (Alpine binaries) - pinned version for reproducibility
+ARG FOUNDRY_VERSION
+ARG TARGETARCH
+RUN set -o pipefail && \
+    ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64" || echo "amd64") && \
+    curl --fail -L "https://github.com/foundry-rs/foundry/releases/download/${FOUNDRY_VERSION}/foundry_${FOUNDRY_VERSION}_alpine_${ARCH}.tar.gz" | tar -xzC /usr/local/bin forge cast
 
 # Copy package.json and friends
 COPY package.json yarn.lock .yarnrc.yml ./