diff --git a/.github/workflows/cd_pipeline.yml b/.github/workflows/cd_pipeline.yml
index d7bde3ed..1312b113 100644
--- a/.github/workflows/cd_pipeline.yml
+++ b/.github/workflows/cd_pipeline.yml
@@ -1,30 +1,72 @@
 ---
-name: CD pipeline
+name: Release pipeline
 
 on:
+    workflow_dispatch:
+        inputs:
+            prerelease:
+                default: false
+                description: The release will be labeled as non-production ready.
+                required: false
+                type: boolean
+            version_bump_type:
+                description: The version bump type to perform.
+                required: true
+                type: choice
+                options:
+                    - major
+                    - minor
+                    - patch
     push:
         branches:
-            - main
+            - docker-to-ghcr
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
 
 jobs:
-    cd_pipeline:
+    build-and-push-image:
         name: Build Docker image
         runs-on: ubuntu-latest
         permissions:
+            attestations: write
+            contents: read
+            id-token: write
             packages: write
         steps:
             - uses: actions/checkout@v4
 
-            - name: Docker meta
+            - name: Setup Python
+              id: setup-python
+              uses: actions/setup-python@v5
+
+            - name: Install Poetry
+              uses: snok/install-poetry@v1
+              with:
+                    installer-parallel: true
+                    version: 1.7.1
+                    virtualenvs-create: true
+                    virtualenvs-in-project: true
+
+            - name: Install version bump Poetry plugin
+              run: poetry self add poetry-bumpversion
+
+            - name: Bump version
+              run: poetry version ${{ inputs.version_bump_type }}
+
+            - name: Save version to env var
+              id: version
+              run: echo "version=$(poetry version --short)" >> $GITHUB_OUTPUT
+
+            - name: Extract metadata (tags, labels) for Docker
               id: meta
               uses: docker/metadata-action@v5
               with:
-                  images: |
-                      dbt-bouncer
-                  tags: |
-                      type=ref,event=branch
-                      type=raw,value=${{ github.sha }}
-                      type=raw,value=test
+                images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+                tags: |
+                    type=raw,value=${{ github.sha }}
+                    type=raw,value=${{ steps.version.outputs.version }}
 
             - name: Set up Docker Buildx
               uses: docker/setup-buildx-action@v3
@@ -32,9 +74,9 @@ jobs:
             - name: Log in to the Container registry
               uses: docker/login-action@v3
               with:
-                registry: https://ghcr.io
-                username: ${{ github.actor }}
                 password: ${{ secrets.GITHUB_TOKEN }}
+                registry: ${{ env.REGISTRY }}
+                username: ${{ github.actor }}
 
             - name: Determine python version
               id: python-version
@@ -43,7 +85,8 @@ jobs:
                   echo "PYTHON_VERSION: $PYTHON_VERSION"
                   echo "PYTHON_VERSION=$PYTHON_VERSION" >> $GITHUB_OUTPUT
 
-            - name: Build image
+            - name: Build and push image
+              id: push
               uses: docker/build-push-action@v5
               with:
                   build-args: PYTHON_VERSION=${{ steps.python-version.outputs.PYTHON_VERSION }}
@@ -51,5 +94,5 @@ jobs:
                   cache-to: type=gha,mode=max
                   context: .
                   load: false
-                  push: false
+                  push: true
                   tags: ${{ steps.meta.outputs.tags }}