diff --git a/.github/scripts/docker_build_and_push.sh b/.github/scripts/docker_build_and_push.sh
index b530271d..0989a397 100644
--- a/.github/scripts/docker_build_and_push.sh
+++ b/.github/scripts/docker_build_and_push.sh
@@ -8,11 +8,19 @@ BUILDER=docker-container-driver-builder
 docker buildx create --name "$BUILDER" --driver=docker-container || true
 
 # use the registry cache for prior images of the same tag, or the 'latest' tag
+# time docker buildx build --push -t "$IMAGE:$TAG" \
+# 	--builder "$BUILDER" \
+# 	--build-arg "GIT_COMMIT_SHA=$GIT_COMMIT_SHA" \
+# 	--build-arg "GIT_BRANCH_NAME=$GIT_BRANCH_NAME" \
+# 	--cache-from "type=registry,ref=$IMAGE:$TAG-cache" \
+# 	--cache-from "type=registry,ref=$IMAGE:latest-cache" \
+# 	--cache-to "type=registry,ref=$IMAGE:$TAG-cache,mode=max" \
+# 	-f Containerfile .
+
+# attempt without registry cache - we care less about speed
+# and more about deterministic rebuilds
 time docker buildx build --push -t "$IMAGE:$TAG" \
 	--builder "$BUILDER" \
 	--build-arg "GIT_COMMIT_SHA=$GIT_COMMIT_SHA" \
 	--build-arg "GIT_BRANCH_NAME=$GIT_BRANCH_NAME" \
-	--cache-from "type=registry,ref=$IMAGE:$TAG-cache" \
-	--cache-from "type=registry,ref=$IMAGE:latest-cache" \
-	--cache-to "type=registry,ref=$IMAGE:$TAG-cache,mode=max" \
 	-f Containerfile .
diff --git a/.github/workflows/containers.yaml b/.github/workflows/containers.yaml
index 6e156ce6..e6112fb0 100644
--- a/.github/workflows/containers.yaml
+++ b/.github/workflows/containers.yaml
@@ -14,6 +14,7 @@ env:
   IMAGE_NAME: pyrenew-hew
 
 jobs:
+    # This can be used as a template, later: https://github.com/CDCgov/cfa-epinow2-pipeline/blob/main/.github/workflows/containers-and-az-pool.yaml
     build-pipeline-image:
       runs-on: ubuntu-latest
       name: Build image
@@ -46,10 +47,22 @@ jobs:
             username: ${{ github.actor }}
             password: ${{ secrets.GITHUB_TOKEN }}
 
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v3
+
         - name: Docker build and push
-          run: |
-            bash $GITHUB_WORKSPACE/.github/scripts/docker_build_and_push.sh \
-              ${{ env.IMAGE_NAME }} \
-              ${{ steps.image-tag.outputs.tag }} \
-              ${{ github.event.pull_request.head.sha || github.sha }} \
-              ${{ steps.branch-name.outputs.branch }} \
+          uses: docker/build-push-action@v5
+          with:
+            context: .
+            file: Containerfile
+            push: true
+            builder: ${{ steps.buildx.outputs.name }}
+            tags: |
+              ghcr.io/cdcgov/${{ env.IMAGE_NAME }}:${{ steps.image-tag.outputs.tag }}
+            build-args: |
+              GIT_COMMIT_SHA=${{ github.event.pull_request.head.sha || github.sha }}
+              GIT_BRANCH_NAME=${{ steps.branch-name.outputs.branch }}
+            # cache-from: |
+            #   type=registry,ref=ghcr.io/cdcgov/${{ env.IMAGE_NAME }}:${{ steps.image-tag.outputs.tag }}-cache
+            #   type=registry,ref=ghcr.io/cdcgov/${{ env.IMAGE_NAME }}:latest-cache
+            # cache-to: type=registry,ref=ghcr.io/cdcgov/${{ env.IMAGE_NAME }}:${{ steps.image-tag.outputs.tag }}-cache,mode=max
diff --git a/.gitignore b/.gitignore
index 70118978..56cb74ec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -405,3 +405,4 @@ nwss-vintages
 # Azure configuration files
 azureconfig.env
 azureconfig.sh
+config.yaml