diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 7700837..8983e93 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -1,42 +1,69 @@
-name: Docker Build and Publish
+name: Build and Publish Docker image in GitHub Container Registry
 
 on:
-  workflow_dispatch:
-    inputs:
-      tagName:
-        description: "Tag name"
-        required: true
-        default: 'v2'
+  push:
+    branches:
+      - 'main'
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - 'main'
 
 jobs:
-  push_to_registry:
+  docker:
     runs-on: ubuntu-latest
 
-    name: Build docker image and push to dockerhub
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
 
     steps:
-      - name: Check out the repo
+      - name: Checkout repository
         uses: actions/checkout@v4
-
+        
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-
+      
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Login to DockerHub
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=develop
+            type=raw,value=beta
+            type=ref,event=pr
+            type=semver,pattern={{major}}.{{minor}}.{{patch}}
+            type=semver,pattern=v{{major}}
+            type=sha
+
+      - name: Log in to the GitHub Container Registry
         uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build container image
+      - name: Build and push Docker image
+        id: push
         uses: docker/build-push-action@v5
         with:
-          push: true
+          context: .
           platforms: linux/amd64,linux/arm64
-          context: './'
-          no-cache: true
-          file: 'Dockerfile'
-          tags: marcoambrosini/aio-stalwart:${{ github.event.inputs.tagName }}
-          provenance: false
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # - name: Generate artifact attestation
+      #   uses: actions/attest-build-provenance@v1
+      #   with:
+      #     subject-name: ghcr.io/${{ github.repository }}
+      #     subject-digest: ${{ steps.push.outputs.digest }}
+      #     push-to-registry: ${{ github.event_name != 'pull_request' }}