diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/check-pr.yml
similarity index 71%
rename from .github/workflows/build-and-test.yml
rename to .github/workflows/check-pr.yml
index 2d8496c..1ba1857 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/check-pr.yml
@@ -1,4 +1,4 @@
-name: Build and test
+name: Check PR
 
 on:
   pull_request:
@@ -6,21 +6,19 @@ on:
       - master
 
 env:
-  REGISTRY: docker.io
   IMAGE_NAME: cdalvaro/saltstack-master
   IMAGE_TAG: ci
-  GITHUB_REF_NAME: ${{ github.event.release.tag_name }}
 
 jobs:
   build:
-    name: Build Docker image
+    name: Build image
     runs-on: ubuntu-latest
     timeout-minutes: 45
     steps:
       - name: Set env variables
         run: |
-          echo ::set-env name=CACHE_FROM::"${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
-          echo ::set-env name=DOCKER_IMAGE::"${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
+          echo ::set-env name=CACHE_FROM::"${{ env.IMAGE_NAME }}:latest"
+          echo ::set-env name=DOCKER_IMAGE::"${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
 
       - name: Checkout repository
         uses: actions/checkout@v2
@@ -31,15 +29,15 @@ jobs:
       - name: Build Docker image
         run: |
           docker build \
-            --build-arg VCS_REF=${GITHUB_REF_NAME:-${GITHUB_SHA}} \
+            --build-arg VCS_REF="${GITHUB_SHA::7}" \
             --build-arg BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" \
             --cache-from ${CACHE_FROM} \
-            --tag ${DOCKER_IMAGE} .
+            --tag "${DOCKER_IMAGE}" .
 
       - name: Save docker image
         run: |
           mkdir -p docker/
-          docker save -o docker/docker-image.tar ${DOCKER_IMAGE}
+          docker save -o docker/docker-image.tar "${DOCKER_IMAGE}"
 
       - name: Upload image for test job
         uses: actions/upload-artifact@v2
@@ -48,7 +46,7 @@ jobs:
           path: docker/docker-image.tar
 
   test:
-    name: Test Docker image
+    name: Test image
     needs: build
     runs-on: ubuntu-latest
     env:
@@ -64,7 +62,7 @@ jobs:
         run: docker load -i docker/docker-image.tar
 
       - name: Launch docker container
-        run: docker run --rm -d --name "${CONTAINER_NAME}" "${IMAGE_NAME}:${IMAGE_TAG}"
+        run: docker run --rm -d --name "${CONTAINER_NAME}" "${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
 
       - name: Show container info
         run: docker container ls
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..4873e5e
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,90 @@
+name: Publish
+
+on:
+  push:
+    branches:
+      - master
+  release:
+    types:
+      - created
+
+env:
+  GITHUB_REF_NAME: ${{ github.event.release.tag_name }}
+  IMAGE_NAME: cdalvaro/saltstack-master
+  PLATFORMS: linux/amd64 linux/arm64 linux/arm/v7
+  DOCKER_CLI_EXPERIMENTAL: enabled
+
+jobs:
+  build-and-publish:
+    name: Build and publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Enable Docker experimental
+        run: |
+          # Enable docker daemon experimental support.
+          echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json
+          sudo systemctl restart docker
+          # Install QEMU multi-architecture support for docker buildx.
+          docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+
+      - name: Instantiate docker buildx builder
+        run: |
+          docker buildx create --use
+          docker buildx inspect --bootstrap
+
+      - name: Cache latest images
+        run: |
+          for PLATFORM in ${PLATFORMS}; do
+            docker pull --platform "${PLATFORM}" "${IMAGE_NAME}:latest"
+          done
+
+      - name: Log in to Docker Hub
+        run: |
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u="${{ secrets.DOCKER_USERNAME }}" --password-stdin
+
+      - name: Build and push Docker image
+        run: |
+          docker buildx build \
+            --platform "${PLATFORMS// /,}" \
+            --cache-from "${IMAGE_NAME}:latest" \
+            --push --progress plain \
+            --build-arg=VCS_REF="${GITHUB_SHA::7}" \
+            --build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" \
+            --tag="${IMAGE_NAME}:${GITHUB_REF_NAME:-latest}" .
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    needs: build-and-publish
+    steps:
+      - name: Enable Docker experimental
+        run: |
+          # Enable docker daemon experimental support.
+          echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json
+          sudo systemctl restart docker
+          # Install QEMU multi-architecture support for docker buildx.
+          docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+
+      - name: Test images
+        env:
+          CONTAINER_NAME: salt_master_test
+        run: |
+          IMAGE_TAG="${GITHUB_REF_NAME:-latest}"
+          DOCKER_IMAGE="${IMAGE_NAME}:${IMAGE_TAG}"
+          for PLATFORM in ${PLATFORMS}; do
+            echo "Testing docker image ${DOCKER_IMAGE} on platform ${PLATFORM} ..."
+            # test
+            docker pull -q --platform "${PLATFORM}" "${DOCKER_IMAGE}"
+            docker run --rm -d --name "${CONTAINER_NAME}" "${DOCKER_IMAGE}"
+            docker container ls
+            sleep 20
+            docker exec "${CONTAINER_NAME}" salt --versions
+            echo "healthcheck"
+            docker exec "${CONTAINER_NAME}" /usr/local/sbin/healthcheck
+            # cleanup
+            docker stop ${CONTAINER_NAME}
+            docker image rm "${DOCKER_IMAGE}"
+          done
diff --git a/README.md b/README.md
index 3ed882e..76dae94 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 [![SaltStack][saltstack_badge]][saltstack_release_notes]
 [![Ubuntu Image][ubuntu_badge]][ubuntu_hub_docker]
-[![Docker Build Status][docker_build_badge]][docker_hub_builds]
+[![Publish Workflow][github_publish_badge]][github_publish_workflow]
 [![Docker Image Size][docker_size_badge]][docker_hub_tags]
 [![CodeFactor][codefactor_badge]][codefactor_score]
 
@@ -502,8 +502,8 @@ Where `salt-service` is one of: `salt-master` os `salt-api` (if `SALT_API_SERVIC
 [ubuntu_badge]: https://img.shields.io/badge/ubuntu-bionic--20200403-E95420.svg?style=flat&logo=Ubuntu
 [ubuntu_hub_docker]: https://hub.docker.com/_/ubuntu/ "Ubuntu Image"
 
-[docker_build_badge]: https://img.shields.io/docker/build/cdalvaro/saltstack-master?logo=docker&style=flat
-[docker_hub_builds]: https://hub.docker.com/r/cdalvaro/saltstack-master/builds
+[github_publish_badge]: https://github.com/cdalvaro/saltstack-master/workflows/Publish/badge.svg
+[github_publish_workflow]: https://github.com/cdalvaro/saltstack-master/actions?query=workflow%3A%22Publish%22
 
 [docker_size_badge]: https://img.shields.io/docker/image-size/cdalvaro/saltstack-master/latest?logo=docker&color=2496ED
 [docker_hub_tags]: https://hub.docker.com/repository/docker/cdalvaro/saltstack-master/tags
diff --git a/hooks/build b/hooks/build
deleted file mode 100644
index 2e6b61d..0000000
--- a/hooks/build
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Docker Daemon Build Hook
-# $IMAGE_NAME var is injected into the build so the tag is correct.
-
-docker pull "${DOCKER_REPO}:latest"
-
-docker build \
-        --cache-from="${DOCKER_REPO}:latest" \
-        --build-arg=BUILD_DATE="$(date +"%Y-%m-%d %H:%M:%S%:z")" \
-		--build-arg=VCS_REF="$(git rev-parse --short HEAD)" \
-		-t "${IMAGE_NAME}" .