Refactor CI workflow (#439)

The goal of this change is twofold:
- Improve CI runtimes (currently the overall workflow takes ~1h40min!)
- Reduce complexity
I ended up reverting things back to where they were roughly around PR #372,
while (hopefully) keeping the current modularity. See more details in #439 
The workflow now takes ~20 minutes. 

Major changes:
- Don't upload images as artifacts, upload to ghcr.io straightaway.
  (this however does not support PRs from forks)
- The arm64 image is build on Ubuntu GHA runner with the help of QEMU virtualization. 
- Build and test on amd64 first to catch issues within first 6 minutes
- Only test full-stack for arm64

.github/dependabot.yml

@@ -5,7 +5,7 @@ updates:
     - package-ecosystem: github-actions
       directory: /
       schedule:
-          interval: daily
+          interval: monthly
       groups:
           gha-dependencies:
               patterns:

.github/workflows/build.yml

@@ -0,0 +1,77 @@
+---
+name: Build images and upload them to ghcr.io
+
+env:
+    BUILDKIT_PROGRESS: plain
+
+on:
+    workflow_call:
+        inputs:
+            runsOn:
+                description: GitHub Actions Runner image
+                required: true
+                type: string
+            platforms:
+                description: Target platforms for the build (linux/amd64 and/or linux/arm64)
+                required: true
+                type: string
+        outputs:
+            images:
+                description: Images identified by digests
+                value: ${{ jobs.build.outputs.images }}
+
+jobs:
+    build:
+        name: ${{ inputs.platforms }}
+        runs-on: ${{ inputs.runsOn }}
+        timeout-minutes: 120
+
+        outputs:
+            images: ${{ steps.bake_metadata.outputs.images }}
+
+        # Make sure we fail if any command in a piped command sequence fails
+        defaults:
+            run:
+                shell: bash -e -o pipefail {0}
+
+        steps:
+
+            - name: Checkout Repo ⚡️
+              uses: actions/checkout@v4
+
+            - name: Set up QEMU
+              if: ${{ inputs.platforms != 'linux/amd64' }}
+              uses: docker/setup-qemu-action@v3
+
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+
+            - name: Login to GitHub Container Registry 🔑
+              uses: docker/login-action@v3
+              with:
+                  registry: ghcr.io
+                  username: ${{ github.actor }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Build and upload to ghcr.io 📤
+              id: build-upload
+              uses: docker/bake-action@v4
+              with:
+                  push: true
+                  # Using provenance to disable default attestation so it will build only desired images:
+                  # https://github.com/orgs/community/discussions/45969
+                  provenance: false
+                  set: |
+                      *.platform=${{ inputs.platforms }}
+                      *.output=type=registry,push-by-digest=true,name-canonical=true
+                  files: |
+                      docker-bake.hcl
+                      build.json
+                      .github/workflows/env.hcl
+
+            - name: Set output variables
+              id: bake_metadata
+              run: |
+                  .github/workflows/extract-image-names.sh | tee -a "${GITHUB_OUTPUT}"
+              env:
+                  BAKE_METADATA: ${{ steps.build-upload.outputs.metadata }}