diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b9866cf..5a5da59 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -6,6 +6,10 @@ name: CI
 # events
 on: [push, pull_request]
 
+permissions:
+  contents: read
+  packages: write
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   run-tox:
@@ -71,13 +75,30 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under , so your job can access it
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/eiffel-community/etos-api
 
       - name: Build API image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile
+          push: true
+          images: ${{ steps.meta.outputs.images }}
+          tags: debug
+
       - name: Build SSE image
         uses: docker/build-push-action@v2
         with: