diff --git a/.gitea/workflows/build_and_publish.yaml b/.gitea/workflows/build_and_publish.yaml
new file mode 100644
index 0000000..05148eb
--- /dev/null
+++ b/.gitea/workflows/build_and_publish.yaml
@@ -0,0 +1,81 @@
+---
+name: Container Publish
+
+env:
+  REGISTRY: docker.asperti.com
+  REPOSITORY: paspo/mariadb-backup-slave
+
+on:
+  push:
+    tags:
+      - '*'
+  schedule:
+    - cron: "0 12 3 * *"
+  workflow_dispatch:
+  workflow_call:
+  workflow_run:
+    workflows: [vulnscan.yaml]
+    types: [completed]
+
+jobs:
+  on-success-skip:
+    runs-on:
+      labels: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - run: exit_with_success
+
+  build-image:
+    runs-on:
+      labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
+    container:
+      image: catthehacker/ubuntu:act-latest
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+        version: ["10.6", "10.11", "11.4", "11.8"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Build and publish
+        run: |
+          echo building TAG: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ matrix.version }}-${{ matrix.arch }}
+          docker build \
+            --tag "${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ matrix.version }}-${{ matrix.arch }}" \
+            --build-arg "MARIA_VERSION=${{ matrix.version }}" \
+            --platform linux/${{ matrix.arch }} -f Dockerfile .
+          docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ matrix.version }}-${{ matrix.arch }}
+
+  manifest:
+    name: update docker manifest
+    needs: build-image
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
+    strategy:
+      matrix:
+        version: ["10.6", "10.11", "11.4", "11.8"]
+
+    steps:
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Create and publish manifest
+        run: |
+          docker manifest create \
+            ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ matrix.version }} \
+            --amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ matrix.version }}-amd64 \
+            --amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ matrix.version }}-arm64
+          docker manifest push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:${{ matrix.version }}