diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 29d57c22fc..be08fb03a8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,7 +19,6 @@ permissions:
   issues: write
   pull-requests: write
   actions: write
-  id-token: write
 
 jobs:
   core:
diff --git a/.github/workflows/login-container.yml b/.github/workflows/login-container.yml
index 8ee23425fa..6473207d1b 100644
--- a/.github/workflows/login-container.yml
+++ b/.github/workflows/login-container.yml
@@ -17,7 +17,6 @@ on:
 
 permissions:
   packages: write
-  id-token: write
 
 env:
   default_labels: |
@@ -31,7 +30,6 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
-      id-token: write
     outputs:
       login_build_image: ${{ steps.short-sha.outputs.login_build_image }}
     steps:
@@ -65,19 +63,20 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Depot CLI
-        uses: depot/setup-action@v1
+      - name: Set up Docker Buildx
+        id: setup-buildx
+        uses: docker/setup-buildx-action@v3
       - name: Bake login multi-arch
-        uses: depot/bake-action@v1
+        uses: docker/bake-action@v6
         env:
           NODE_VERSION: ${{ inputs.node_version }}
         with:
-          project: w47wkxzdtw
+          source: .
           push: true
           provenance: true
-          # Only build for multiple platforms if triggered by workflow_dispatch
-          build-platform: ${{ github.event_name == 'workflow_dispatch' && 'linux/amd64,linux/arm64' || '' }}
+          targets: login-standalone
           files: |
             ./apps/login/docker-bake.hcl
+            ./apps/login/docker-bake-release.hcl
             ./docker-bake.hcl
             cwd://${{ steps.login-meta.outputs.bake-file }}
diff --git a/apps/login/docker-bake-release.hcl b/apps/login/docker-bake-release.hcl
new file mode 100644
index 0000000000..51e1c194f6
--- /dev/null
+++ b/apps/login/docker-bake-release.hcl
@@ -0,0 +1,3 @@
+target "release" {
+  platforms = ["linux/amd64", "linux/arm64"]
+}
diff --git a/apps/login/docker-bake.hcl b/apps/login/docker-bake.hcl
index 41eac06388..e09d1176e0 100644
--- a/apps/login/docker-bake.hcl
+++ b/apps/login/docker-bake.hcl
@@ -6,6 +6,11 @@ group "default" {
   targets = ["login-standalone"]
 }
 
+# The release target is overwritten in docker-bake-release.hcl
+# It makes sure the image is built for multiple platforms.
+# By default the platforms property is empty, so images are only built for the current bake runtime platform.
+target "release" {}
+
 target "docker-metadata-action" {
   # In the pipeline, this target is overwritten by the docker metadata action.
   tags = ["${LOGIN_TAG}"]
@@ -15,5 +20,6 @@ target "docker-metadata-action" {
 target "login-standalone" {
   inherits = [
     "docker-metadata-action",
+    "release",
   ]
 }