diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..120c689
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5f9250f..6ee8348 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -51,12 +51,12 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Extract metadata
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.registry }}/${{ github.repository }}
       - name: Build and push docker image
         id: push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: ${{ github.ref == 'refs/heads/main' }}
@@ -68,7 +68,7 @@ jobs:
             PORT=${{ matrix.runmode == 'author' && '4502' || '4503' }}
       - name: Generate artifact attestation
         if: github.ref == 'refs/heads/main'
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-name: ${{ env.registry }}/${{ github.repository }}
           subject-digest: ${{ steps.push.outputs.digest }}
@@ -82,7 +82,7 @@ jobs:
       id-token: write
     strategy:
       matrix:
-        arch: [ arm64, amd64 ]
+        runmode: [ author, publish ]
     runs-on: ubuntu-latest
     needs: build-images
     steps: