diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
index 9cc02248b..cf618be9a 100644
--- a/.github/workflows/ghcr.yml
+++ b/.github/workflows/ghcr.yml
@@ -28,22 +28,33 @@ on:  # yamllint disable-line rule:truthy
 
 jobs:
   deploy:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     steps:
       - name: checkout
         uses: actions/checkout@v6
         with:
           path: src
           fetch-depth: 0
+
       - name: Set up QEMU
         id: qemu
         # yamllint disable-line rule:line-length
         uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a  # v4.0.0
         with:
-          image: tonistiigi/binfmt:qemu-v7.0.0-28
+          image: tonistiigi/binfmt:qemu-v10.2.1-65
           platforms: all
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Available platforms
         run: echo ${{ steps.qemu.outputs.platforms }}
+
       - name: Login to GitHub Container Registry
         # yamllint disable-line rule:line-length
         uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2  # v4.0.0
@@ -51,6 +62,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and Push Docker Image
         env:
           DOCKER_REPO: ghcr.io/${{ github.repository }}
diff --git a/hooks/build b/hooks/build
index ab8318b8f..8c31c816c 100755
--- a/hooks/build
+++ b/hooks/build
@@ -15,14 +15,14 @@
 # limitations under the License.
 
 if [[ -n "${DOCKER_MULTIARCH}" ]]; then
-
-  docker buildx create --name yetus-multiarch --driver docker-container --use \
+  BUILDER_NAME="yetus-multiarch-$(date +%s)"
+  docker buildx create --name "${BUILDER_NAME}" --driver docker-container --use \
     || docker buildx use yetus-multiarch \
     || exit 1
   docker buildx inspect --bootstrap || exit 1
 
   traphandler() {
-    docker buildx rm yetus-multiarch || true
+    docker buildx rm "${BUILDER_NAME}" || true
   }
 
   trap traphandler HUP INT QUIT TERM
@@ -111,6 +111,7 @@ BUILDERINSTANCE=$(docker buildx inspect --bootstrap | grep Driver)
 PLATARRAY=()
 
 if [[ "${BUILDERINSTANCE}" =~ docker-container ]]; then
+  PLATFORMS=()
   KNOWN_PLATFORMS=$(docker buildx inspect --bootstrap | grep Platforms)
 
   if [[ ${KNOWN_PLATFORMS} =~ linux/amd64 ]]; then
@@ -136,6 +137,7 @@ opencontainerslabels "base"
 
 # Build the -base image
 docker buildx build \
+  --no-cache \
   "${PLATARRAY[@]}" \
   "${LABELS[@]}" \
   --tag "${DOCKER_REPO}-base:${DOCKER_TAG}" \
@@ -146,6 +148,7 @@ opencontainerslabels "full"
 
 # Build the full image using base above
 docker buildx build \
+  --no-cache \
   "${PLATARRAY[@]}" \
   --label "org.opencontainers.image.base.name=${DOCKER_REPO}-base:${DOCKER_TAG}" \
   "${LABELS[@]}" \