diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index 4592204..e370f37 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -9,8 +9,8 @@ on:
 
 jobs:
   build:
-    uses: dreaded_x/workflows/.gitea/workflows/rust-kubernetes.yaml@66ab50c3ac239dbdd1e42e6276ec2e65b6a79379
+    uses: infra/workflows/.gitea/workflows/docker.yaml@956337b9bd5e72a93d3a57513cd421e7554dd61d
+
     secrets: inherit
     with:
-      generate_crds: true
       webhook_url: ${{ secrets.WEBHOOK_URL }}
diff --git a/Dockerfile b/Dockerfile
index 2298986..c5432be 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,9 +15,11 @@ RUN cargo chef cook --release --recipe-path recipe.json
 COPY . .
 ARG RELEASE_VERSION
 ENV RELEASE_VERSION=${RELEASE_VERSION}
-RUN cargo auditable build --release
+RUN cargo auditable build --release && /app/target/release/crdgen > /crds.yaml
+
+FROM scratch AS manifests
+COPY --from=builder /crds.yaml /
 
 FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
 COPY --from=builder /app/target/release/lldap-controller /lldap-controller
-COPY --from=builder /app/target/release/crdgen /crdgen
 CMD ["/lldap-controller"]
diff --git a/docker-bake.hcl b/docker-bake.hcl
new file mode 100644
index 0000000..eb12894
--- /dev/null
+++ b/docker-bake.hcl
@@ -0,0 +1,23 @@
+variable "TAG_BASE" {}
+variable "RELEASE_VERSION" {}
+
+group "default" {
+  targets = ["lldap-controller", "manifests"]
+}
+
+target "docker-metadata-action" {}
+
+target "lldap-controller" {
+  inherits = ["docker-metadata-action"]
+  context = "./"
+  dockerfile = "Dockerfile"
+  tags = [for tag in target.docker-metadata-action.tags : "${TAG_BASE}:${tag}"]
+  target = "runtime"
+}
+
+target "manifests" {
+  context = "./"
+  dockerfile = "Dockerfile"
+  target = "manifests"
+  output = [{ type = "cacheonly" }, "manifests"]
+}
diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml
index f71eff7..603d1ca 100644
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -21,7 +21,7 @@ spec:
       securityContext: {}
       containers:
         - name: lldap-controller
-          image: git.huizinga.dev/dreaded_x/lldap-controller@${DIGEST}
+          image: '{{ index .images "lldap-controller" }}'
           imagePullPolicy: IfNotPresent
           securityContext: {}
           resources: