diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index f212857..15488d3 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -9,68 +9,52 @@ on:
   workflow_dispatch:
 
 jobs:
-  #build and publish image
-  Build-Image:
-    name: Build image
+  build-and-push:
+    name: Build and push image
     runs-on: ubuntu-latest
+
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
-            submodules: true
-      - uses: docker/setup-qemu-action@v2      
-      - uses: docker/setup-buildx-action@v2
+          submodules: recursive
 
-      - name: Build image with buildx
-        uses: docker/build-push-action@v3
-        with:
-          file: UsfmScannerNet/Dockerfile
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
 
-  Push-Image:
-    name: Push images if this is a branch
-    runs-on: ubuntu-latest
-    needs: [Build-Image]
-    if: ${{ contains(fromJson('["push"]'), github.event_name) }}
-    steps:
-      - uses: actions/checkout@v3
+      - name: Load Docker Hub secrets from 1Password
+        if: ${{ github.event_name == 'push' }}
+        uses: 1password/load-secrets-action@v4
         with:
-            submodules: true
-      - uses: FranzDiebold/github-env-vars-action@v2.7.0
-      - uses: docker/setup-qemu-action@v2      
-      - uses: docker/setup-buildx-action@v2
-      - name: Load secret
-        uses: 1password/load-secrets-action@v1
-        with:
-          # Export loaded secrets as environment variables
           export-env: true
         env:
           OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-          DOCKER_HUB_USER: "op://DevOps/dockerhub-adminwa-token/username"
-          DOCKER_HUB_TOKEN: "op://DevOps/dockerhub-adminwa-token/credential"
+          DOCKER_HUB_USER: op://DevOps/dockerhub-adminwa-token/username
+          DOCKER_HUB_TOKEN: op://DevOps/dockerhub-adminwa-token/credential
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: wycliffeassociates/usfm-scanner-net
+          tags: |
+            type=ref,event=branch
+            type=raw,value=${{ github.sha }}
+            type=raw,value=latest,enable=${{ github.ref_name == 'master' }}
+
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        if: ${{ github.event_name == 'push' }}
+        uses: docker/login-action@v3
         with:
           username: ${{ env.DOCKER_HUB_USER }}
           password: ${{ env.DOCKER_HUB_TOKEN }}
-      - name: Set docker tags
-        run: |
-          echo "TAG_SHA=wycliffeassociates/usfm-scanner-net:$GITHUB_SHA" >> $GITHUB_ENV && \
-          echo "TAG_BRANCH=wycliffeassociates/usfm-scanner-net:$CI_REF_NAME_SLUG" >> $GITHUB_ENV
-          if [ "$CI_REF_NAME_SLUG" == "master" ]; then
-            echo "TAG_LATEST=wycliffeassociates/usfm-scanner-net:latest" >> $GITHUB_ENV
-          else
-            echo "TAG_LATEST=" >> $GITHUB_ENV
-          fi
 
-      - name: Build and conditional push API image
-        uses: docker/build-push-action@v3
+      - name: Build image
+        uses: docker/build-push-action@v6
         with:
+          context: .
           file: UsfmScannerNet/Dockerfile
-          push: true
-          tags: |
-            ${{ env.TAG_SHA }}
-            ${{ env.TAG_BRANCH }}
-            ${{ env.TAG_LATEST }}
+          push: ${{ github.event_name == 'push' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max