diff --git a/.github/actions/check-upstream/action.yaml b/.github/actions/check-upstream/action.yaml
new file mode 100644
index 0000000000..1da1c0e5f8
--- /dev/null
+++ b/.github/actions/check-upstream/action.yaml
@@ -0,0 +1,27 @@
+name: Check Upstream
+inputs:
+  token:
+    description: GitHub token to query the API
+    required: true
+outputs:
+  is_upstream:
+    description: true if repository is upstream, false otherwise
+runs:
+  using: composite
+  steps:
+    - name: Check if repository is upstream
+      shell: bash
+      run: |
+        # Query the GitHub API for repository data and extract the 'fork' field
+        is_fork=$(
+          curl -sL -H 'Authorization: Bearer ${{ inputs.token }}' \
+          https://api.github.com/repos/${{ github.repository }} | jq -r .fork
+        )
+        echo "repo is a fork: ${is_fork}"
+        if [ "${is_fork}" = true ]; then
+          echo "Repository is a fork. Not upstream."
+          echo "is_upstream=false" >> $GITHUB_OUTPUT
+        else
+          echo "Repository is upstream."
+          echo "is_upstream=true" >> $GITHUB_OUTPUT
+        fi
diff --git a/.github/workflows/update-dockerfile.yaml b/.github/workflows/update-dockerfile.yaml
index 7765ff1c4b..b08457892a 100644
--- a/.github/workflows/update-dockerfile.yaml
+++ b/.github/workflows/update-dockerfile.yaml
@@ -25,6 +25,12 @@ jobs:
       - name: Setup Git Identity
         uses: ./.github/actions/setup-git-identity
 
+      - name: Check if repo is upstream
+        id: check_upstream
+        uses: ./.github/actions/check-upstream
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Get latest Docker version
         id: get_docker_version
         run: |
@@ -66,7 +72,7 @@ jobs:
             echo "changes_detected=true" >> $GITHUB_OUTPUT
           fi
       - name: Commit and Push Changes
-        if: steps.check_changes.outputs.changes_detected == 'true'
+        if: steps.check_changes.outputs.changes_detected == 'true' && steps.check_changes.outputs.changes_detected == 'true'
         run: |
           git add Dockerfile.job-image-base
           git commit -m "Update Dockerfile to use Docker \
@@ -76,7 +82,7 @@ jobs:
           git push origin $BRANCH --force
 
       - name: Create or Update Pull Request
-        if: steps.check_changes.outputs.changes_detected == 'true'
+        if: steps.check_changes.outputs.changes_detected == 'true' && steps.check_changes.outputs.changes_detected == 'true'
         run: |
           # Check if a pull request for the branch already exists
           pr_number=$(gh pr list --head $BRANCH --state open --json number --jq '.[].number')
diff --git a/Dockerfile.job-image-base b/Dockerfile.job-image-base
index 27e72ce894..b625231816 100644
--- a/Dockerfile.job-image-base
+++ b/Dockerfile.job-image-base
@@ -17,11 +17,11 @@ FROM alpine:3
 
 
 ARG DOCKER_CHANNEL=stable
-ARG DOCKER_VERSION=27.5.1
+ARG DOCKER_VERSION=28.0.0
 ENV PATH=$PATH:/opt/docker
 ARG TARGETARCH
 
-ARG DOCKER_BUILDX_VERSION=v0.20.1
+ARG DOCKER_BUILDX_VERSION=v0.21.0
 
 COPY apk-packages.blacklist .
 COPY --from=builder /pkgs/usr /usr