diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index defd28e..a1476bf 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -1,44 +1,65 @@
-name: ci
+name: CI
 
 on:
   push:
     branches:
       - main
+  pull_request:
+
+env:
+  REGISTRY: git.danhenry.dev
+  IMAGE_NAME: git.danhenry.dev/thelab/work-queue-api
 
 jobs:
-  build-test-push:
-    runs-on: ubuntu-latest
-    env:
-      IMAGE: git.danhenry.dev/thelab/work-queue-api
-      DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
-      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+  test:
+    runs-on: gitea
     steps:
-      - name: Install system dependencies
-        run: |
-          apt-get update
-          apt-get install -y --no-install-recommends curl ca-certificates git docker.io qemu-user-static
-      - name: Install uv and run tests
-        run: |
-          curl -LsSf https://astral.sh/uv/install.sh | sh
-          export PATH="$HOME/.local/bin:$PATH"
-          uv sync --frozen --dev
-          uv run pytest
-      - name: Configure binfmt for cross-builds
-        run: docker run --privileged --rm tonistiigi/binfmt --install amd64,arm64
-      - name: Create buildx builder
-        run: |
-          docker buildx rm multiarch-builder || true
-          docker buildx create --name multiarch-builder --use
-          docker buildx inspect --bootstrap
-      - name: Log in to registry
-        run: echo "$DOCKER_PASSWORD" | docker login "$DOCKER_REGISTRY" -u "$DOCKER_USERNAME" --password-stdin
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Sync dependencies
+        run: uv sync --frozen --dev
+
+      - name: Run tests
+        run: uv run pytest
+
+  docker-push:
+    runs-on: gitea
+    needs: test
+    if: gitea.event_name == 'push'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Gitea container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
       - name: Build and push multi-arch image
-        run: |
-          SHORT_SHA=$(git rev-parse --short HEAD)
-          docker buildx build \
-            --platform linux/amd64,linux/arm64 \
-            --push \
-            -t ${IMAGE}:latest \
-            -t ${IMAGE}:${SHORT_SHA} \
-            .
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.IMAGE_NAME }}:${{ gitea.sha }}
+            ${{ env.IMAGE_NAME }}:latest
+          cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:latest
+          cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:latest,mode=max