diff --git a/.gitea/workflows/build-and-push.yml b/.gitea/workflows/build-and-push.yml
index 4488e5b..bab715c 100644
--- a/.gitea/workflows/build-and-push.yml
+++ b/.gitea/workflows/build-and-push.yml
@@ -9,56 +9,139 @@ on:
       - v*
   workflow_dispatch:
 
-env:
-  REGISTRY: gitea.wayfinderak.com
-  IMAGE_NAME: wayfinderak/goff
-
 jobs:
-  docker:
+  build-and-push:
     runs-on: ubuntu-latest
+    env:
+      REGISTRY: gitea.wayfinderak.com
+      IMAGE_NAME: gitea.wayfinderak.com/wayfinderak/goff
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to Gitea registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
-
-      - name: Prepare image tags
-        id: prep
+      - name: Install Go and Docker CLI if needed
         shell: bash
         run: |
-          short_sha="${GITHUB_SHA::7}"
-          tags="${REGISTRY}/${IMAGE_NAME}:sha-${short_sha}"
+          set -euo pipefail
 
-          if [[ "${GITHUB_REF_TYPE}" == "branch" && ("${GITHUB_REF_NAME}" == "master" || "${GITHUB_REF_NAME}" == "main") ]]; then
-            tags+=$'\n'"${REGISTRY}/${IMAGE_NAME}:latest"
+          need_apt=0
+          need_apk=0
+          if ! command -v go >/dev/null 2>&1 || ! command -v docker >/dev/null 2>&1; then
+            if command -v apt-get >/dev/null 2>&1; then
+              need_apt=1
+            elif command -v apk >/dev/null 2>&1; then
+              need_apk=1
+            else
+              echo "No supported package manager found" >&2
+              exit 1
+            fi
           fi
 
-          if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
-            version="${GITHUB_REF_NAME#v}"
-            tags+=$'\n'"${REGISTRY}/${IMAGE_NAME}:${version}"
+          if [ "$need_apt" -eq 1 ]; then
+            apt-get update
+            if ! command -v go >/dev/null 2>&1; then
+              apt-get install -y golang-go
+            fi
+            if ! command -v docker >/dev/null 2>&1; then
+              apt-get install -y docker.io curl dnsutils iputils-ping
+            fi
           fi
 
-          {
-            echo 'tags<<EOF'
-            echo "$tags"
-            echo 'EOF'
-          } >> "$GITHUB_OUTPUT"
+          if [ "$need_apk" -eq 1 ]; then
+            if ! command -v go >/dev/null 2>&1; then
+              apk add --no-cache go
+            fi
+            if ! command -v docker >/dev/null 2>&1; then
+              apk add --no-cache docker-cli curl bind-tools iputils
+            fi
+          fi
 
-      - name: Build and push image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ steps.prep.outputs.tags }}
+          go version
+          docker version
+
+      - name: Registry connectivity diagnostics
+        shell: bash
+        run: |
+          set -x
+          uname -a || true
+          cat /etc/os-release || true
+          env | sort || true
+          getent hosts "$REGISTRY" || true
+          nslookup "$REGISTRY" || true
+          ping -c 1 "$REGISTRY" || true
+          curl -I --max-time 20 "https://$REGISTRY/v2/" || true
+          curl -v --max-time 20 "https://$REGISTRY/v2/" -o /dev/null || true
+          docker info || true
+
+      - name: Run tests
+        run: go test ./...
+
+      - name: Log in to Gitea Container Registry
+        shell: bash
+        run: |
+          set -euo pipefail
+          for attempt in 1 2 3; do
+            echo "docker login attempt $attempt"
+            if echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login "$REGISTRY" -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin; then
+              exit 0
+            fi
+            sleep 5
+          done
+          echo "docker login failed after 3 attempts" >&2
+          exit 1
+
+      - name: Determine image tags
+        id: meta
+        shell: bash
+        env:
+          REF: ${{ gitea.ref }}
+          REF_NAME: ${{ gitea.ref_name }}
+          SHA: ${{ gitea.sha }}
+        run: |
+          set -euo pipefail
+          tags=()
+
+          if [[ "$REF" == refs/tags/* ]]; then
+            version="$REF_NAME"
+            tags+=("$IMAGE_NAME:$version")
+            tags+=("$IMAGE_NAME:latest")
+          else
+            branch="$REF_NAME"
+            branch_safe="$(echo "$branch" | tr '/_' '--')"
+            sha_short="$(echo "$SHA" | cut -c1-7)"
+            tags+=("$IMAGE_NAME:$branch_safe")
+            tags+=("$IMAGE_NAME:$branch_safe-$sha_short")
+            if [[ "$branch" == "main" ]]; then
+              tags+=("$IMAGE_NAME:latest")
+            fi
+          fi
+
+          printf 'tags<<EOF\n' >> "$GITHUB_OUTPUT"
+          printf '%s\n' "${tags[@]}" >> "$GITHUB_OUTPUT"
+          printf 'EOF\n' >> "$GITHUB_OUTPUT"
+
+      - name: Build image
+        shell: bash
+        run: |
+          set -euo pipefail
+          mapfile -t tags <<'EOF'
+          ${{ steps.meta.outputs.tags }}
+          EOF
+
+          build_args=()
+          for tag in "${tags[@]}"; do
+            build_args+=(--tag "$tag")
+          done
+
+          docker build "${build_args[@]}" .
+
+      - name: Push image
+        shell: bash
+        run: |
+          set -euo pipefail
+          while IFS= read -r tag; do
+            [ -n "$tag" ] || continue
+            docker push "$tag"
+          done <<'EOF'
+          ${{ steps.meta.outputs.tags }}
+          EOF
\ No newline at end of file