From 80639a6ca81aa530a3f351905fe21a0b4ef75f89 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Wed, 18 Feb 2026 00:27:04 +0000
Subject: [PATCH] [ci] Use ipxe-builder-utils container for combined BIOS/UEFI
 images

We currently use the ipxe-signer container for the step that combines
the BIOS and UEFI build artifacts to produce the multi-architecture
ISO and USB images.

Switch to using the generic architecture-independent utility toolchain
container, thereby allowing the ipxe-signer container to minimise its
attack surface by removing tools that are not required for the signing
operation.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 41ed48365..87c5d8358 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -340,7 +340,7 @@ jobs:
       - bios
       - uefi
     container:
-      image: ghcr.io/ipxe/ipxe-signer
+      image: ghcr.io/ipxe/ipxe-builder-utils
     env:
       binaries: >-
         bin-x86_64-pcbios/${DRIVERS}.lkrn