diff --git a/.github/linters/.hadolint.yaml b/.github/linters/.hadolint.yaml
index f9295c4..3304399 100644
--- a/.github/linters/.hadolint.yaml
+++ b/.github/linters/.hadolint.yaml
@@ -1,5 +1,43 @@
+# README: https://github.com/hadolint/hadolint
+
+# Often it's a good idea to do inline disables rather that repo-wide in this file.
+# Example of inline Dockerfile rules:
+# hadolint ignore=DL3018
+#RUN apk add --no-cache git
+
+# or just ignore rules repo-wide
 ignored:
+  - DL3003 #ignore that we use cd sometimes
   - DL3006 #image pin versions
+  - DL3007 #latest is fine in this case
   - DL3008 #apt pin versions
   - DL3018 #apk add pin versions
-  - DL3028 #gem install pin versions
\ No newline at end of file
+  - DL3022 #bad rule for COPY --from
+  - DL3028 #gem install pin versions
+  - DL3059 #multiple consecutive runs
+  - DL4006 #we don't need pipefail in this
+  - SC2016 #we want single quotes sometimes
+
+
+# FULL TEMPLATE
+# failure-threshold: string               # name of threshold level (error | warning | info | style | ignore | none)
+# format: string                          # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
+# ignored: [string]                       # list of rules
+# label-schema:                           # See Linting Labels below for specific label-schema details
+#   author: string                        # Your name
+#   contact: string                       # email address
+#   created: timestamp                    # rfc3339 datetime
+#   version: string                       # semver
+#   documentation: string                 # url
+#   git-revision: string                  # hash
+#   license: string                       # spdx
+# no-color: boolean                       # true | false
+# no-fail: boolean                        # true | false
+# override:
+#   error: [string]                       # list of rules
+#   warning: [string]                     # list of rules
+#   info: [string]                        # list of rules
+#   style: [string]                       # list of rules
+# strict-labels: boolean                  # true | false
+# disable-ignore-pragma: boolean          # true | false
+# trustedRegistries: string | [string]    # registry or list of registries
\ No newline at end of file
diff --git a/.github/workflows/call-docker-build.yaml b/.github/workflows/call-docker-build.yaml
new file mode 100644
index 0000000..8dd5bcf
--- /dev/null
+++ b/.github/workflows/call-docker-build.yaml
@@ -0,0 +1,80 @@
+---
+name: Docker Build
+
+on:
+  push:
+    branches:
+      - 'main'
+    paths:
+      - 'Dockerfile'
+      - '.github/workflows/call-docker-build.yaml'
+      - 'docker-entrypoint.sh'
+  pull_request:
+    paths:
+      - 'Dockerfile'
+      - '.github/workflows/call-docker-build.yaml'
+      - 'docker-entrypoint.sh'
+
+  schedule:
+    # re-run montly to keep image fresh with upstream base images
+    - cron: '0 12 15 * *'
+
+jobs:
+
+  build-jekyll-image:
+
+    # use Reusable Workflows
+    # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
+    name: Call Docker Build Jekyll
+
+    uses: bretfisher/docker-build-workflow/.github/workflows/reusable-docker-build.yaml@main
+
+    permissions:
+      contents: read
+      packages: write # needed to push docker image to ghcr.io
+      pull-requests: write # needed to create and update comments in PRs
+    
+    secrets:
+
+      dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    with:
+      dockerhub-enable: true
+      ghcr-enable: true
+      image-names: |
+        bretfisher/jekyll
+        ghcr.io/bretfisher/jekyll
+      platforms: linux/amd64,linux/arm64,linux/arm/v7
+      target: jekyll
+
+  build-jekyll-serve-image:
+
+    # use Reusable Workflows
+    # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
+    name: Call Docker Build Jekyll-Serve
+
+    uses: bretfisher/docker-build-workflow/.github/workflows/reusable-docker-build.yaml@main
+
+    needs: build-jekyll-image
+
+    if: github.event == 'push'
+
+    permissions:
+      contents: read
+      packages: write # needed to push docker image to ghcr.io
+      pull-requests: write # needed to create and update comments in PRs
+    
+    secrets:
+
+      dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    with:
+      dockerhub-enable: true
+      ghcr-enable: true
+      image-names: |
+        bretfisher/jekyll-serve 
+        ghcr.io/bretfisher/jekyll-serve
+      platforms: linux/amd64,linux/arm64,linux/arm/v7
+      target: jekyll-serve
diff --git a/.github/workflows/call-super-linter.yaml b/.github/workflows/call-super-linter.yaml
new file mode 100644
index 0000000..48ce14e
--- /dev/null
+++ b/.github/workflows/call-super-linter.yaml
@@ -0,0 +1,36 @@
+---
+# template source: https://github.com/bretfisher/super-linter-workflow/blob/main/templates/call-super-linter.yaml
+name: Lint Code Base
+
+on:
+  
+  push:
+    branches: [main]
+  
+  pull_request:
+
+jobs:
+  call-super-linter:
+
+    name: Call Super-Linter
+    
+    permissions:
+      contents: read # clone the repo to lint
+      statuses: write #read/write to repo custom statuses
+
+    ### use Reusable Workflows to call my workflow remotely
+    ### https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
+    ### you can also call workflows from inside the same repo via file path
+
+    uses: bretfisher/super-linter-workflow/.github/workflows/reusable-super-linter.yaml@main
+    
+    ### Optional settings examples
+    
+    # with:
+      ### For a DevOps-focused repository. Prevents some code-language linters from running
+      ### defaults to false
+      # devops-only: false
+      
+      ### A regex to exclude files from linting
+      ### defaults to empty
+      # filter-regex-exclude: html/.*
diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml
deleted file mode 100644
index 954ed20..0000000
--- a/.github/workflows/docker-build-and-push.yml
+++ /dev/null
@@ -1,51 +0,0 @@
----
-name: Build and Push Images
-
-on:
-  # we want pull requests so we can build(test) but not push to image registry
-  pull_request:
-    branches:
-      - 'main'
-    # only build when important files change
-    paths:
-      - 'Dockerfile'
-      - '.github/workflows/docker-build-and-push.yml'
-      - 'docker-entrypoint.sh'
-  push:
-    branches:
-      - 'main'
-    # only build when important files change
-    paths:
-      - 'Dockerfile'
-      - '.github/workflows/docker-build-and-push.yml'
-      - 'docker-entrypoint.sh'
-  schedule:
-    # re-run montly to keep image fesh with upstream base images
-    - cron: '0 12 15 * *'
-  workflow_dispatch:
-    # run whenever we want!
-
-jobs:
-  build-jekyll-image:
-    # use Reusable Workflows
-    # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
-    uses: bretfisher/github-actions-templates/.github/workflows/docker-build-and-push.yaml@main
-    with:
-      image-names: |
-          bretfisher/jekyll
-          ghcr.io/bretfisher/jekyll
-      target: jekyll
-    secrets:
-      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
-
-  build-jekyll-serve-image:
-    # use Reusable Workflows
-    # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
-    uses: bretfisher/github-actions-templates/.github/workflows/docker-build-and-push.yaml@main
-    with:
-      image-names: |
-          bretfisher/jekyll-serve 
-          ghcr.io/bretfisher/jekyll-serve
-      target: jekyll-serve
-    secrets:
-      dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
deleted file mode 100644
index 7f35e80..0000000
--- a/.github/workflows/linter.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-name: Lint Code Base
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-jobs:
-  call-super-linter:
-    # use Reusable Workflows to call my linter config remotely
-    # https://docs.github.com/en/actions/learn-github-actions/reusing-workflows
-    uses: bretfisher/super-linter-workflow/.github/workflows/super-linter.yaml@main
-    # with:
-      # disable common code linters
-      # devops-only: true
-      # prevent scanning a comma separated regex list
-      #filter-regex-exclude: .*compose-sample-3/html/.*
diff --git a/Dockerfile b/Dockerfile
index 37474bb..a2e3c93 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,9 @@ FROM ruby:2-alpine as jekyll
 
 RUN apk add --no-cache build-base gcc bash cmake git gcompat
 
+# used in the jekyll-server image, which is FROM this image
+COPY docker-entrypoint.sh /usr/local/bin/
+
 # install both bundler 1.x and 2.x incase you're running
 # old gem files
 # https://bundler.io/guides/bundler_2_upgrade.html#faq
@@ -15,10 +18,8 @@ ENTRYPOINT [ "jekyll" ]
 
 CMD [ "--help" ]
 
-
-FROM jekyll as jekyll-serve
-
-COPY docker-entrypoint.sh /usr/local/bin/
+# build from the image we just built with different metadata
+FROM ghcr.io/bretfisher/jekyll:latest as jekyll-serve
 
 # on every container start, check if Gemfile exists and warn if it's missing
 ENTRYPOINT [ "docker-entrypoint.sh" ]
diff --git a/docker-compose.yml b/docker-compose.yml
index 57c7df8..f508386 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '2.4'
+# no version needed since 2020
 
 services:
   jekyll: