diff --git a/.gitea/workflows/build-image.yml b/.gitea/workflows/build-image.yml
new file mode 100644
index 0000000..2f9be8e
--- /dev/null
+++ b/.gitea/workflows/build-image.yml
@@ -0,0 +1,84 @@
+name: Image Build
+on:
+  # Manueel starte
+  workflow_dispatch:
+    inputs:
+      force_build:
+        description: Force new build?
+        required: false
+        default: "false"
+        type: string
+  schedule: # run daily
+    - cron: '0 0 * * *'
+
+jobs:
+  init:
+    runs-on: ubuntu-latest
+     # Map a step output to a job output
+    outputs:
+      iventoy: ${{ steps.iventoy.outputs.version }}
+      buildOrNot: ${{ steps.buildOrNot.outputs.buildOrNot }}
+    steps:
+      - 
+        name: get latest versions
+        id: iventoy
+        run: |
+          version=$(curl -s https://api.github.com/repos/ventoy/PXE/releases/latest | grep "tag_name" | cut -d'"' -f4)
+          echo "version=${version#'v'}" >> $GITHUB_OUTPUT
+      - # Check labels of the latest image on docker hub
+        name: 
+        id: buildOrNOt
+        env: # if [ -z $FORCE_BUILD ]; then echo "false"; else echo $FORCE_BUILD; fi -> ternary -> ${FORCE_BUILD:-false}
+          FORCE_BUILD: ${{ github.event.inputs.force_build }}
+        run: |
+          repo=${1:-${{ github.repository }}}
+          tag=${2:-latest}
+          token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" | jq -r '.token')
+          digest=$(curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" -s "https://registry-1.docker.io/v2/${repo}/manifests/${tag}" | jq -r .config.digest)
+          latest=$(curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" -s -L "https://registry-1.docker.io/v2/${repo}/blobs/${digest}" | jq . | grep -Ew "IVENTOY" | cut -d'"' -f4)
+          echo "buildOrNot=$([ $latest != '${{ steps.iventoy.outputs.version }}' ] && echo "true" || echo "${FORCE_BUILD:-false}")" >> $GITHUB_OUTPUT
+      - 
+        name: print
+        run: | 
+          echo ${{ steps.iventoy.outputs.version }}
+          echo ${{ steps.buildOrNot.outputs.buildOrNot }}
+
+  docker:
+    name: iventoy image
+    runs-on: ubuntu-latest
+    needs: 
+      - init
+    if: |
+      needs.init.outputs.buildOrNot == 'true'
+    steps:
+      -
+        name: init vars
+        run: |
+          echo "iventoy: ${{ needs.init.outputs.iventoy }}"
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          provenance: false # Breaking change introduced with 3.3.0 https://github.com/docker/build-push-action/releases/tag/v3.3.0, when an image is pushed since that version I can't retrieve the blob with labels anymore based on the digest via registry api, night have to look into an alternative way to do this 
+          context: .
+          file: ./Dockerfile
+          labels: |
+            IVENTOY=${{ needs.init.outputs.iventoy }}
+          build-args: |
+            IVENTOY=${{ needs.init.outputs.iventoy }}
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:${{ needs.init.outputs.iventoy }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}:latest