diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..7c649ee
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,42 @@
+name: release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - id: meta
+        name: Docker meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            quay.io/3scale/aws-cvpn-pki-manager
+          tags: |
+            type=semver,pattern={{raw}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Quay.io
+        uses: docker/login-action@v3
+        with:
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+          registry: quay.io
+          username: ${{ secrets.REGISTRY_USER }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          file: Dockerfile
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          provenance: false
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
new file mode 100644
index 0000000..1a9d282
--- /dev/null
+++ b/.github/workflows/test.yaml
@@ -0,0 +1,24 @@
+name: test
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build
+        uses: docker/build-push-action@v6
+        with:
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: false
+          tags: quay.io/3scale/aws-cvpn-pki-manager:test
diff --git a/Dockerfile b/Dockerfile
index c116d4e..88e5857 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,21 @@
-FROM debian:buster-slim
-ARG release
+FROM golang:1.23 as builder
 
-RUN apt update && apt -y install ca-certificates
-COPY build/aws-cvpn-pki-manager_amd64_${release} /aws-cvpn-pki-manager
+WORKDIR /app/
+ADD . .
+RUN CGO_ENABLED=0 GOOS=linux \
+  go build -ldflags '-extldflags "-static"' \
+  -o aws-cvpn-pki-manager cmd/main.go
+
+# FROM debian:bullseye-slim
+# RUN apt update && apt -y install ca-certificates
+
+FROM alpine:3.20
+
+RUN apk --no-cache add ca-certificates && update-ca-certificates
+
+WORKDIR /app/
+
+COPY --from=builder /app/aws-cvpn-pki-manager /app/aws-cvpn-pki-manager
 
 EXPOSE 8080
-ENTRYPOINT [ "/aws-cvpn-pki-manager", "server" ]
\ No newline at end of file
+ENTRYPOINT [ "/app/aws-cvpn-pki-manager", "server" ]
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 110d491..79c15fa 100644
--- a/Makefile
+++ b/Makefile
@@ -1,19 +1,40 @@
-RELEASE=$(shell cat RELEASE)
 
-build: build/aws-cvpn-pki-manager_amd64_$(RELEASE)
+.PHONY: help
 
-build/aws-cvpn-pki-manager_amd64_$(RELEASE):
-	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a -ldflags '-extldflags "-static"' -o build/aws-cvpn-pki-manager_amd64_$(RELEASE) cmd/main.go
+TAG	?= local
+IMAGE	?= quay.io/3scale/aws-cvpn-pki-manager
+CONTAINER_TOOL ?= podman
 
-docker-build: build/aws-cvpn-pki-manager_amd64_$(RELEASE)
-	docker build . -t quay.io/3scale/aws-cvpn-pki-manager:v$(RELEASE) --build-arg release=$(RELEASE)
+help:
+	@$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null \
+		| awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' \
+		| egrep -v -e '^[^[:alnum:]]' -e '^$@$$' | sort
 
-docker-tag-latest: docker-build
-	docker tag quay.io/3scale/aws-cvpn-pki-manager:v$(RELEASE) quay.io/3scale/aws-cvpn-pki-manager:latest
+get-new-release:
+	@hack/new-release.sh v$(TAG)
 
-release: docker-tag-latest
-	docker push quay.io/3scale/aws-cvpn-pki-manager:v$(RELEASE)
-	docker push quay.io/3scale/aws-cvpn-pki-manager:latest
+build-all-release: build
 
-clean:
-	rm -rf build/*
+push-all-release: push
+
+build-all-latest: build-latest
+
+push-all-latest: push-latest
+
+build-all: build
+
+build:
+	${CONTAINER_TOOL} manifest rm $(IMAGE):$(TAG) || echo "No manifest found"
+	${CONTAINER_TOOL} manifest create $(IMAGE):$(TAG)
+	${CONTAINER_TOOL} build \
+		--platform linux/amd64,linux/arm64 \
+		--manifest $(IMAGE):$(TAG) . -f Dockerfile
+
+push:
+	${CONTAINER_TOOL} manifest push $(IMAGE):$(TAG)
+
+build-latest: build
+	${CONTAINER_TOOL} tag $(IMAGE):$(TAG) $(IMAGE):latest
+
+push-latest: build-latest
+	${CONTAINER_TOOL} push $(IMAGE):latest
\ No newline at end of file