diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 071f1d61..6dc12b3d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -15,11 +15,12 @@ permissions:
   contents: read
   deployments: none
   issues: none
-  packages: none
   pull-requests: none
   repository-projects: none
   security-events: none
   statuses: none
+  # Necessary to push docker images to ghcr.io.
+  packages: write
 
 # Cancel in-progress runs for pull requests when developers push
 # additional changes
@@ -67,3 +68,49 @@ jobs:
 
       - name: Check format
         run: ./scripts/check_fmt.sh
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Needed to get older tags
+          fetch-depth: 0
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "~1.22"
+
+      - name: Login to GitHub Container Registry
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # do not push images for pull requests
+      - name: Build
+        if: github.event_name == 'pull_request'
+        run: |
+          VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD)
+          BASE=ghcr.io/coder/envbuilder-preview
+
+          ./scripts/build.sh \
+            --arch=amd64 \
+            --base=$BASE \
+            --tag=$VERSION
+
+      - name: Build and Push
+        if: github.ref == 'refs/heads/main'
+        run: |
+          VERSION=$(./scripts/version.sh)-dev-$(git rev-parse --short HEAD)
+          BASE=ghcr.io/coder/envbuilder-preview
+
+          ./scripts/build.sh \
+            --arch=amd64 \
+            --arch=arm64 \
+            --arch=arm \
+            --base=$BASE \
+            --tag=$VERSION \
+            --push
diff --git a/scripts/build.sh b/scripts/build.sh
index 4f0b17f9..2fac5e04 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -41,7 +41,6 @@ if [ -z "$BUILDER_EXISTS" ]; then
   docker buildx create --use --platform=linux/arm64,linux/amd64,linux/arm/v7 --name $BUILDER_NAME
 else
   echo "Builder $BUILDER_NAME already exists. Using it."
-  docker buildx use $BUILDER_NAME
 fi
 
 # Ensure the builder is bootstrapped and ready to use
@@ -63,7 +62,7 @@ else
   args+=( --load )
 fi
 
-docker buildx build "${args[@]}" -t $base:$tag -t $base:latest -f Dockerfile .
+docker buildx build --builder $BUILDER_NAME "${args[@]}" -t $base:$tag -t $base:latest -f Dockerfile .
 
 # Check if archs contains the current. If so, then output a message!
 if [[ -z "${CI:-}" ]] && [[ " ${archs[@]} " =~ " ${current} " ]]; then