diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index e90d810..4089d8a 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -9,12 +9,16 @@ on:
 
 env:
   IMAGE_NAME: debian-torproxy
+  DOCKER_REPOSITORY: j3lte/debian-torproxy
 
 jobs:
   build:
     name: Build
     if: github.repository == 'j3lte/debian-torproxy'
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
     env:
       # Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
       # For a new commit on default branch (master), use the literal tag 'latest' on Docker image.
@@ -31,41 +35,43 @@ jobs:
         latest=false
 
     steps:
-      # https://github.com/actions/checkout
       - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v2.1.0
         with:
           platforms: linux/amd64,linux/arm64,linux/arm/v7
 
-      # https://github.com/docker/setup-buildx-action
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v2.2.1
 
-      - name: Login to image-repository , build and push
+      - name: Login to Docker Hub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2.1.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      ###############################################
-      # Build/Push image
-      ###############################################
-      # https://github.com/docker/metadata-action
-      # Get Metadata for docker_build step below
+      - name: Login to Container registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Sync metadata (tags, labels) from GitHub to Docker for 'debian-torproxy' image
         id: meta_build
         uses: docker/metadata-action@v3
         with:
-          images: j3lte/debian-torproxy
+          images: |
+            ${{ env.DOCKER_REPOSITORY }}
+            ghcr.io/${{ github.repository }}
           tags: ${{ env.IMAGE_TAGS }}
           flavor: ${{ env.TAGS_FLAVOR }}
 
-      # https://github.com/docker/build-push-action
       - name: Build and push 'debian-torproxy' image
         id: docker_build
         uses: docker/build-push-action@v2
@@ -73,12 +79,11 @@ jobs:
           context: .
           file: ./Dockerfile
           platforms: linux/amd64,linux/arm64,linux/arm/v7
-          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
-          # but we ONLY do an image push to DockerHub if it's NOT a PR
           push: ${{ github.event_name != 'pull_request' }}
-          # Use tags / labels provided by 'docker/metadata-action' above
           tags: ${{ steps.meta_build.outputs.tags }}
           labels: ${{ steps.meta_build.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
 
       - name: Docker Hub Description
         if: github.event_name != 'pull_request'
@@ -87,4 +92,4 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
           short-description: ${{ github.event.repository.description }}
-          repository: j3lte/debian-torproxy
+          repository: ${{ env.DOCKER_REPOSITORY }}