diff --git a/.github/workflows/docker-publish-arm.yaml b/.github/workflows/docker-publish-arm.yaml
index 9e43e473..d3acf2c0 100644
--- a/.github/workflows/docker-publish-arm.yaml
+++ b/.github/workflows/docker-publish-arm.yaml
@@ -30,7 +30,6 @@ env:
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
-
 jobs:
   build:
 
@@ -51,13 +50,16 @@ jobs:
       # multi-platform images and export cache
       # https://github.com/docker/setup-buildx-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.0.0 # v3.0.0
+        uses: docker/setup-buildx-action@v3.0.0
+        with:
+          driver: remote  # Use remote driver for parallel builds and improved performance
+          buildkitd-flags: --allow-insecure-entitlements security  # Enable required security entitlements for remote driver
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3.0.0 # v3.0.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -67,36 +69,33 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5.0.0 # v5.0.0
+        uses: docker/metadata-action@v5.0.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=schedule,pattern=nightly
-          flavor: |
-            suffix=-arm,onlatest=true
+            type=semver,pattern={{version}}  # Tag based on version
+            type=semver,pattern={{major}}.{{minor}}  # Tag based on major and minor versions
+            type=schedule,pattern=nightly  # Add nightly builds for scheduled builds
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@v5.0.0 # v5.0.0
+        uses: docker/build-push-action@v5.0.0
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/arm64,linux/arm/v7
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          platforms: linux/arm64,linux/arm/v7  # Build for both ARM64 and ARMv7 architectures
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache  # Use registry-based caching for better cross-platform support
+          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache  # Store the cache in the registry for faster builds
           build-args: |
-            VERSION=${{ github.ref_name }}
-            COMMIT=${{ github.sha	}}
+            VERSION=${{ github.ref_name }}  # Pass version as a build argument
+            COMMIT=${{ github.sha }}  # Pass commit SHA as a build argument
         
+      # Attest the built image to prove build provenance
+      # https://github.com/actions/attest-build-provenance
       - name: Attest
         uses: actions/attest-build-provenance@v1
         id: attest
@@ -104,4 +103,4 @@ jobs:
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build-and-push.outputs.digest }}
-          push-to-registry: true
+          push-to-registry: true  # Push the attestation to the registry