diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml
index 3129b36..184ef69 100644
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -9,6 +9,27 @@ env:
   DOCKER_REGISTRY: gitea.t000-n.de
 
 jobs:
+  check-changes:
+    name: Check changes
+    runs-on: ubuntu-latest
+    outputs:
+      code: ${{ steps.filter.outputs.code }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Get changes
+        id: filter
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            code:
+              - 'go.mod'
+              - 'go.sum'
+              - '**/*.go'
+              - 'config.example.yaml'
+              - 'Dockerfile'
+              - 'Makefile'
+
   test:
     name: test
     runs-on: ubuntu-latest
@@ -44,25 +65,52 @@ jobs:
 
   build_and_push:
     name: Build and push
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
     needs:
       - test
-    runs-on: ubuntu-latest
+      - check-changes
+    if: ${{ needs.check-changes.outputs.code == 'true' }}
+    runs-on:
+      - ubuntu-latest
+      - linux_${{ matrix.arch }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
+        uses: docker/setup-buildx-action@v3
       - name: Login to Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.DOCKER_REGISTRY }}
           username: ${{ secrets.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
+      - name: Get Metadata
+        id: meta
+        run: |
+          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
+          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/${{ matrix.arch }}
+          push: true
+          provenance: false
+          build-args: GOARCH=${{ matrix.arch }}
+          tags: |
+            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-${{ matrix.arch }}
+
+  create_manifest:
+    name: Create manifest
+    needs:
+      - build_and_push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
 
       - name: Get Metadata
         id: meta
@@ -70,15 +118,17 @@ jobs:
           echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
           echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
 
-      - name: Build and push
-        uses: docker/build-push-action@v4
+      - name: Login to Registry
+        uses: docker/login-action@v3
         with:
-          context: .
-          file: ./Dockerfile
-          platforms: |
-            linux/amd64
-            linux/arm64
-          push: true
-          tags: |
-            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
-            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:latest
+          registry: ${{ env.DOCKER_REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Create manifest
+        run: |
+          docker manifest create ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:latest \
+            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-amd64 \
+            ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}-arm64
+
+          docker manifest push ${{ env.DOCKER_REGISTRY }}/t.behrendt/${{ steps.meta.outputs.REPO_NAME }}:latest
diff --git a/Dockerfile b/Dockerfile
index 9ca09e2..5a52906 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,14 @@
-FROM golang:1.23-alpine
+FROM golang:1.24-alpine as build
+
+ARG GOARCH=amd64
 
 WORKDIR /app
-
 COPY go.mod go.sum ./
-
 RUN go mod download
-
 COPY . .
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${GOARCH} \
+    go build -trimpath -ldflags="-s -w" -o main .
 
-RUN go build -o main .
-
-CMD ["./main"]
+FROM gcr.io/distroless/static-debian12
+COPY --from=build /app/main /
+CMD ["/main"]
diff --git a/README.md b/README.md
index 1d0dd04..d6c8b72 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ domains:
       - www
 check_interval: 0 0 0/6 * * * *
 mode: Scheduled
+log_level: info
 ```
 
 The config file is expected to be in the same directory as the binary and called `config.yaml`. For the OCR image, the root directory is `/app`.
diff --git a/config.example.yaml b/config.example.yaml
index b8fa980..71ce76e 100644
--- a/config.example.yaml
+++ b/config.example.yaml
@@ -21,3 +21,4 @@ domains:
       - www
 check_interval: 0 0 0/6 * * * *
 mode: Scheduled
+log_level: info
diff --git a/go.mod b/go.mod
index cdafe16..bbda7ab 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module realdnydns
 
-go 1.23
+go 1.24.0
 
 require (
 	github.com/go-co-op/gocron v1.37.0
@@ -13,6 +13,6 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/redis/go-redis/v9 v9.7.0 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
-	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/stretchr/testify v1.10.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 48000f8..912b825 100644
--- a/go.sum
+++ b/go.sum
@@ -36,8 +36,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..3608d4c
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,12 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "matchPackageNames": [
+        "golang",
+        "go"
+      ],
+      "groupName": "go version"
+    }
+  ]
+}
\ No newline at end of file