diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
new file mode 100644
index 0000000..a32aef2
--- /dev/null
+++ b/.github/workflows/docker-build.yml
@@ -0,0 +1,79 @@
+# On every commit, build and push a Docker image to the GitHub Container
+# registry and to DockerHub.
+#
+# The resulting Docker images are tagged with the full commit hash, the git
+# branch name, the git tag, and the 'latest' tag for the latest commit to
+# master.
+#
+# https://github.com/danbooru/autotagger/pkgs/container/autotagger
+# https://hub.docker.com/r/evazion/autotagger
+#
+# https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
+# https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions
+# https://docs.github.com/en/actions/guides/publishing-docker-images
+
+name: Docker Build
+
+# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+on: [push, create, workflow_dispatch]
+
+# https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
+# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idpermissions
+permissions:
+  packages: write
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+
+    steps:
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      # https://github.com/docker/login-action
+      # https://github.com/docker/build-push-action/blob/master/docs/advanced/push-multi-registries.md
+      - name: Login to Github Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ github.token }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # Generate Docker tags from Git tags.
+      # https://github.com/docker/metadata-action
+      - name: Generate Docker tags
+        uses: docker/metadata-action@v3
+        id: metadata
+        with:
+          images: |
+            docker.io/evazion/autotagger
+            ghcr.io/danbooru/autotagger
+          tags: |
+            type=sha,format=long,prefix=
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+          # Tag `latest` on every commit pushed to master
+          # https://github.com/docker/metadata-action/issues/112
+          flavor: |
+            latest=${{ github.ref == 'refs/heads/master' }}
+
+      # https://github.com/docker/build-push-action
+      - name: Build image
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+
+          # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#registry-cache
+          # https://dev.to/pst418/speed-up-multi-stage-docker-builds-in-ci-cd-with-buildkit-s-registry-cache-11gi
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache
+          cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache,mode=max