diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
index 584a3fd..8fa73da 100644
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@@ -15,19 +15,23 @@ jobs:
       fail-fast: false
       matrix:
         image: [asahi-cosmic]
-        version: [43] #Build current stable,next stable/rawhide (if not branched)
+        version: [43]
+
     container:
       image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
       options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"
-    steps:
 
+    steps:
       - name: Install latest rpm-ostree package from testing repos
         run: |
           dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
-          dnf install -y nodejs
+          dnf install -y nodejs buildah tar
           mkdir -p ~/.docker
 
-        
+      - name: Fixup containers/storage.conf
+        run: |
+          sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf
+
       - name: Checkout
         uses: actions/checkout@v4
 
@@ -43,23 +47,48 @@ jobs:
         run: |
           sudo ./builder.sh asahi-cosmic 43
 
-      - name: Build container
-        id: build
-        uses: job79/buildah-build@65b3793a1370c1ccd74a5c0d090d70eb9637a4ef
-        with:
-          image: misthios/${{ matrix.image }}
-          tags: ${{ matrix.version }}
-          containerfiles: ./Containerfile
-          build-args: IMAGE=${{ matrix.image }}
+      - name: Build container (SUID‑preserving Buildah flow)
+        run: |
+          set -xeuo pipefail
+
+          IMAGE_NAME="misthios/${{ matrix.image }}"
+          IMAGE_TAG="${{ matrix.version }}"
+          ARCHIVE="images/${{ matrix.image }}/manifest.ociarchive"
+
+          # Create container from scratch
+          ctr=$(buildah from scratch)
+
+          # Mount rootfs
+          mnt=$(buildah mount "$ctr")
+
+          # Extract OCI archive directly into rootfs (preserves SUID/SGID)
+          tar --numeric-owner -xpf "$ARCHIVE" -C "$mnt"
+
+          # Add metadata
+          buildah config \
+            --label containers.bootc=1 \
+            --label org.opencontainers.image.title="${{ matrix.image }}" \
+            --label org.opencontainers.image.version="${{ matrix.version }}" \
+            --label org.opencontainers.image.revision="${{ github.sha }}" \
+            --label io.bootc.image.version="${{ matrix.version }}" \
+            --label io.bootc.image.revision="${{ github.sha }}" \
+            --env container=oci \
+            --stop-signal SIGRTMIN+3 \
+            --cmd "/sbin/init" \
+            "$ctr"
+
+          # Commit final image
+          buildah commit "$ctr" "${IMAGE_NAME}:${IMAGE_TAG}"
+
+          # Cleanup
+          buildah unmount "$ctr"
+          buildah rm "$ctr"
 
       - name: Push
-        uses: redhat-actions/push-to-registry@v2
-        with:
-          image: ${{ steps.build.outputs.image }}
-          tags: ${{ steps.build.outputs.tags }}
-          registry: git.plabble.org
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-          extra-args: |
-            --compression-format=zstd
+        run: |
+          buildah push \
+            misthios/${{ matrix.image }}:${{ matrix.version }} \
+            docker://git.plabble.org/misthios/${{ matrix.image }}:${{ matrix.version }} \
+            --creds "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_TOKEN }}" \
+            --compression-format=zstd \
             --compression-level=12