diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..f4b1198
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,2 @@
+.git
+.github
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..cfcefd6
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,35 @@
+name: Build and publish docker image
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+
+concurrency: publish
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+      - uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: |
+            linux/arm64
+            linux/amd64
+          tags: |
+            ghcr.io/artyom/update-cloudformation-stack:latest
+          outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=6,force-compression=true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..020259d
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,13 @@
+FROM --platform=$BUILDPLATFORM public.ecr.aws/docker/library/golang:alpine AS builder
+WORKDIR /app
+ENV CGO_ENABLED=0 GOTOOLCHAIN=auto
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+ARG TARGETOS TARGETARCH
+RUN GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o main
+
+FROM scratch
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /app/main /
+ENTRYPOINT ["/main"]
diff --git a/action.yml b/action.yml
index 6233f49..df8a477 100644
--- a/action.yml
+++ b/action.yml
@@ -14,12 +14,9 @@ inputs:
     required: true
 
 runs:
-  using: composite
-  steps:
-    - uses: actions/setup-go@v5
-      with:
-        go-version: 'stable'
-        cache-dependency-path: ${{ github.action_path }}/go.sum
-    - shell: bash
-      run: |
-        go run -C ${{ github.action_path }} . -stack=${{ inputs.stack }} -key=${{ inputs.key }} -value=${{ inputs.value }}
+  using: docker
+  image: docker://ghcr.io/artyom/update-cloudformation-stack:latest
+  args:
+    - '-stack=${{ inputs.stack }}'
+    - '-key=${{ inputs.key }}'
+    - '-value=${{ inputs.value }}'