OPSEXP-1257 make sure alpine base is updated

[gionn]

OPSEXP-1257

image on dockerhub is not updated on regular basis, e.g.:

3.15
Last pushed 3 months ago by [doijanky](https://hub.docker.com/u/doijanky)

[mteodori]

please replace with 3.15.0 without sha256 that seems incorrect, semver is enough, no need to update packages

[gionn]

please replace with 3.15.0 without sha256 that seems incorrect, semver is enough, no need to update packages

hash is correct:

docker pull alpine:3.15
3.15: Pulling from library/alpine
Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300
Status: Image is up to date for alpine:3.15
docker.io/library/alpine:3.15

reason for why digest on dockhub is different than digest pulling images:
docker/hub-feedback#1925 (comment)

the combination of minor version + sha is the best approach to get controlled updates from dependabot:

• dependabot on docker images requires sha because there is not strict semver on docker image tags
• in addition to that, if you set 3.15.0 you are not getting any bugfix update unless manually updating to 3.15.1 when it became available.

[mteodori]

• in addition to that, if you set 3.15.0 you are not getting any bugfix update unless manually updating to 3.15.1 when it became available.

this is fine, dependabot can create the PR when there is semver

[mteodori]

minor change

[mteodori]

we can use the short form apk -U upgrade and add --no-cache to all commands or add rm -vrf /var/cache/apk/* after to save a few MB of package index - see: https://newbedev.com/alpine-dockerfile-advantages-of-no-cache-vs-rm-var-cache-apk

[gionn]

doing that will download index two times (one for the upgrade and again for the apk add), it's better to delete index at the end

[alxgomz]

LGTM