diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index f840dac..19e37b3 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -10,72 +10,66 @@ concurrency:
   group: docker-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
 jobs:
   build:
     runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: docker/setup-buildx-action@v1
-      - uses: actions/cache@v3
-        with:
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: ${{ runner.os }}-buildx-
-          path: /tmp/.buildx-cache
-      - uses: docker/build-push-action@v2
-        with:
-          context: .
-          tags: ${{ env.IMAGE_NAME }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-          load: true
-      - run: docker run ${{ env.IMAGE_NAME }} --version
-      - run: |
-          # this is a workaround, check the following issues:
-          # - https://github.com/docker/build-push-action/issues/252
-          # - https://github.com/moby/buildkit/issues/1896
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
-  publish:
-    if: contains(github.ref, 'refs/tags/v')
-    runs-on: ubuntu-latest
-    needs: [build]
+    env:
+      REGISTRY: ghcr.io
+
     permissions:
-      contents: read
+      contents: write
       packages: write
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: docker/setup-buildx-action@v1
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Docker
+        uses: docker/setup-buildx-action@v1
       - uses: actions/cache@v3
         with:
           key: ${{ runner.os }}-buildx-${{ github.sha }}
           restore-keys: ${{ runner.os }}-buildx-
           path: /tmp/.buildx-cache
-      - uses: docker/login-action@v1 
+      - name: Login to GH container registry
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: docker/login-action@v1
         with:
+          registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ${{ env.REGISTRY }}
-      - uses: docker/metadata-action@v3
+      - name: Generate metadata for Docker image
+        uses: docker/metadata-action@v3
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
         id: meta
-      - uses: docker/build-push-action@v2
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
         with:
           context: .
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-          push: true
-      - run: |
-          # this is a workaround, check the following issues:
-          # - https://github.com/docker/build-push-action/issues/252
-          # - https://github.com/moby/buildkit/issues/1896
+          push: ${{ startsWith(github.ref, 'refs/tags/') }}
+          load: true
+      - name: Smoke test
+        run: docker run ${{ steps.meta.outputs.tags }} --version
+      - name: Copy static binary from Docker to the host
+        if: startsWith(github.ref, 'refs/tags/')
+        run: docker run -v $PWD/bin:/root/bin --entrypoint cp ${{ steps.meta.outputs.tags }} /usr/local/bin/hap /root/bin/hap-${{ github.ref_name }}-linux-x86_64-bin
+      - name: Create GH release
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            bin/hap-*
+            LICENSE
+          draft: true
+      # Temp fix:
+      # - https://github.com/docker/build-push-action/issues/252
+      # - https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
diff --git a/Dockerfile b/Dockerfile
index 882a3c5..b2dd57e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,11 @@
-FROM alpine:3.15 AS build
-RUN apk update && \
-    apk add \
-      alpine-sdk \
-      bash \
-      ca-certificates \
-      cabal \
-      ghc \
-      ghc-dev \
-      git \
-      gmp-dev \
-      gnupg \
-      libffi-dev \
-      linux-headers \
-      zlib-dev
+FROM utdemir/ghc-musl:v24-ghc902 AS build
 WORKDIR /usr/src/app
 COPY hapistrano.cabal .
 RUN cabal update && \
-    cabal configure -f static && \
-    cabal build --only-dependencies
+    cabal build --only-dependencies --enable-static
 COPY . .
-RUN cabal install
+RUN cabal build --enable-executable-static && \
+    cp $(cabal exec which hap) hap
 
 FROM alpine:3.15
 MAINTAINER Nicolas Vivar <nvivar@stackbuilders.com>
@@ -29,5 +15,6 @@ RUN apk update && \
       git \
       openssh-client
 RUN mkdir ~/.ssh
-COPY --from=build /root/.cabal/bin/hap /usr/local/bin/hap
+COPY --from=build /usr/src/app/hap /usr/local/bin/hap
 ENTRYPOINT ["/usr/local/bin/hap"]
+CMD ["--help"]