diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index be08fb03a8..29d57c22fc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,6 +19,7 @@ permissions:
   issues: write
   pull-requests: write
   actions: write
+  id-token: write
 
 jobs:
   core:
diff --git a/.github/workflows/login-container.yml b/.github/workflows/login-container.yml
index 1d9bd429c3..a0fd2ac2b7 100644
--- a/.github/workflows/login-container.yml
+++ b/.github/workflows/login-container.yml
@@ -17,6 +17,7 @@ on:
 
 permissions:
   packages: write
+  id-token: write
 
 env:
   default_labels: |
@@ -27,9 +28,10 @@ env:
 jobs:
   login-container:
     name: Build Login Container
-    runs-on: depot-ubuntu-22.04-8
+    runs-on: ubuntu-latest
     permissions:
       packages: write
+      id-token: write
     outputs:
       login_build_image: ${{ steps.short-sha.outputs.login_build_image }}
     steps:
@@ -63,21 +65,19 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        id: setup-buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
       - name: Bake login multi-arch
-        uses: docker/bake-action@v6
+        uses: depot/bake-action@v1
         env:
           NODE_VERSION: ${{ inputs.node_version }}
         with:
-          source: .
+          project: w47wkxzdtw
           push: true
           provenance: true
-          sbom: true
-          targets: login-standalone
+          # Only build for multiple platforms if triggered by workflow_dispatch
+          platforms: ${{ github.event_name == 'workflow_dispatch' && 'linux/amd64,linux/arm64' || '' }}
           files: |
             ./apps/login/docker-bake.hcl
-            ${{ github.event_name == 'workflow_dispatch' && './apps/login/docker-bake-release.hcl' || '' }}
             ./docker-bake.hcl
             cwd://${{ steps.login-meta.outputs.bake-file }}
diff --git a/apps/login/docker-bake-release.hcl b/apps/login/docker-bake-release.hcl
deleted file mode 100644
index 51e1c194f6..0000000000
--- a/apps/login/docker-bake-release.hcl
+++ /dev/null
@@ -1,3 +0,0 @@
-target "release" {
-  platforms = ["linux/amd64", "linux/arm64"]
-}
diff --git a/apps/login/docker-bake.hcl b/apps/login/docker-bake.hcl
index e09d1176e0..41eac06388 100644
--- a/apps/login/docker-bake.hcl
+++ b/apps/login/docker-bake.hcl
@@ -6,11 +6,6 @@ group "default" {
   targets = ["login-standalone"]
 }
 
-# The release target is overwritten in docker-bake-release.hcl
-# It makes sure the image is built for multiple platforms.
-# By default the platforms property is empty, so images are only built for the current bake runtime platform.
-target "release" {}
-
 target "docker-metadata-action" {
   # In the pipeline, this target is overwritten by the docker metadata action.
   tags = ["${LOGIN_TAG}"]
@@ -20,6 +15,5 @@ target "docker-metadata-action" {
 target "login-standalone" {
   inherits = [
     "docker-metadata-action",
-    "release",
   ]
 }
diff --git a/docker-bake.hcl b/docker-bake.hcl
index d51e6315eb..56f65b7f46 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -1,8 +1,6 @@
 # login-standalone should be extended by the login-standalone target in apps/login/docker-bake.hcl
 target "login-standalone" {
   dockerfile = "build/login/Dockerfile"
-  cache-from = ["type=gha,scope=login-build-{{.Platform}}"]
-  cache-to   = ["type=gha,mode=max,scope=login-build-{{.Platform}}"]
 }
 
 target "login-standalone-out" {