diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 003fdc2..0044a4d 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -62,20 +62,31 @@ jobs:
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,enable=true,pattern={{version}}
+            type=semver,enable=true,pattern={{major}}.{{minor}}
+            type=semver,enable=true,pattern={{major}}
+            type=ref,enable=true,event=branch
+            type=ref,enable=false,event=tag
+            type=ref,enable=false,event=pr
 
       # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
+      # https://github.com/docker/bake-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        uses: docker/bake-action@v5 #v5.3.0
         with:
-          context: .
-          # push: ${{ github.event_name != 'pull_request' }}
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          push: ${{ github.event_name != 'pull_request' }}
+          load: true
+          #provenance: true
+          #sbom: true
+          targets: |
+            leaf-bagger
+          files: |
+            ./docker-bake.hcl
+            ${{ steps.meta.outputs.bake-file }}
+          #cache-from: type=gha
+          #cache-to: type=gha,mode=max
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
@@ -94,9 +105,10 @@ jobs:
 
       # https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
       # https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds
-      - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.build-and-push.outputs.digest }}
-          push-to-registry: true
+      #- name: Generate artifact attestation
+      #  uses: actions/attest-build-provenance@v1
+      #  with:
+      #    subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+      #    # docker/bake-action output path differs; update the following
+      #    subject-digest: ${{ steps.build-and-push.outputs.digest }}
+      #    push-to-registry: true
diff --git a/Dockerfile b/Dockerfile
index 5f01652..aba1793 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ ARG BAGGER_TAG
 # ---------------------------
 # Base build layer
 # ---------------------------
-FROM --platform=$BUILDPLATFORM ${BAGGER_REPOSITORY:-ghcr.io/cwrc}/isle-bagger:${BAGGER_TAG:-v0.0.4} as base
+FROM isle_bagger as base
 
 # Install packages and tools that allow for basic python install.
 # python-keystoneclient requirements
@@ -47,7 +47,7 @@ RUN \
 # Production layer
 # ---------------------------
 
-FROM --platform=$BUILDPLATFORM ${BAGGER_REPOSITORY:-ghcr.io/cwrc}/isle-bagger:${BAGGER_TAG:-v0.0.4} as prod
+FROM isle_bagger as prod
 
 # Install packages and tools that allow for basic downloads.
 # cleanup unused base image components
diff --git a/docker-bake.hcl b/docker-bake.hcl
index 1c0dc08..410e400 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,6 +1,41 @@
+variable "ISLE_BAGGER_REGISTRY" {
+    default = "ghcr.io/cwrc"
+    }
+variable "ISLE_BAGGER_VERSION" {
+    default = "v0.0.5@sha256:4e05219adb36595ddfc51fee33a35ead45fced6b01f57e157bcc01d2608a4aae"
+    }
+
+###############################################################################
+# Common target properties.
+###############################################################################
+target "common" {
+  args = {
+    # Required for reproduciable builds.
+    # Requires Buildkit 0.11+
+    # See: https://reproducible-builds.org/docs/source-date-epoch/
+    # SOURCE_DATE_EPOCH = "${SOURCE_DATE_EPOCH}",
+  }
+}
+
+# https://github.com/docker/metadata-action?tab=readme-ov-file#bake-definition
+# bake definition file that can be used with the Docker Bake action. You just
+# have to declare an empty target named docker-metadata-action and inherit from it.
+target "docker-metadata-action" {}
+
+
+###############################################################################
+# Target.
+###############################################################################
+# The digest (sha256 hash) is not platform specific but the digest for the manifest of all platforms.
+# It will be the digest printed when you do: docker pull alpine:3.17.1
+# Not the one displayed on DockerHub.
+
 target "leaf-bagger" {
+  inherits = ["common", "docker-metadata-action"]
   dockerfile = "Dockerfile"
-  args = {
-    BAGGER_TAG = "v0.0.4@sha256:668e47efe49280eeef0b004eb11a2d380804d02e333ad24568061e846fe7fb80"
+  contexts = {
+    isle_bagger = "docker-image://${ISLE_BAGGER_REGISTRY}/isle-bagger:${ISLE_BAGGER_VERSION}"
+    #isle_bagger = "docker-image://ISLE_BAGGER_REGISTRY}/drupal:${ISLE_BAGGER_VERSION}"
+    #BAGGER_TAG = "v0.0.5@sha256:4e05219adb36595ddfc51fee33a35ead45fced6b01f57e157bcc01d2608a4aae"
   } 
 }