diff --git a/.github/workflows/github-build.yml b/.github/workflows/github-build.yml
index 12f8557..79d80dd 100755
--- a/.github/workflows/github-build.yml
+++ b/.github/workflows/github-build.yml
@@ -12,6 +12,9 @@ on:
 jobs:
   multi:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       -
         name: Checkout
@@ -29,14 +32,25 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
+      -
+        name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - if: github.ref == 'refs/heads/main'
         name: Conditional(Set tag as `latest`)
-        run: echo "tag=willfarrell/autoheal:latest" >> $GITHUB_ENV
+        run: |
+          echo "tag=willfarrell/autoheal:latest" >> $GITHUB_ENV
+          echo "ghcr_tag=ghcr.io/${{ github.repository }}:latest" >> $GITHUB_ENV
 
       - if: startsWith(github.ref, 'refs/tags/')
         name: Conditional(Set tag as `{version}`)
-        run: echo "tag=willfarrell/autoheal:${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+        run: |
+          echo "tag=willfarrell/autoheal:${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+          echo "ghcr_tag=ghcr.io/${{ github.repository }}:${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
       -
         name: Build and push
@@ -46,5 +60,10 @@ jobs:
           file: ./Dockerfile
           push: true
           platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le
-          tags: |
-            ${{ env.tag }}
+          tags: ${{ env.tag }}
+
+      - if: env.ghcr_tag != ''
+        name: Mirror to GitHub Container Registry (best-effort)
+        continue-on-error: true
+        run: |
+          docker buildx imagetools create --tag ${{ env.ghcr_tag }} ${{ env.tag }}