diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c87a4c485f3..07480bc7c91 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -51,6 +51,10 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v4
+        with:
+          # the "dev" image (master) needs the git tags
+          # for the crowdsec version number
+          fetch-depth: 0
       -
         name: Docker meta
         id: meta
@@ -63,21 +67,39 @@ jobs:
       -
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          config: .github/buildkit.toml
       -
         name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
       -
         name: Build and push by digest
         id: build
         uses: docker/build-push-action@v5
         with:
           context: .
+          file: ./Dockerfile{{ inputs.debian && '.debian' || '' }}
           platforms: ${{ matrix.platform }}
-          labels: ${{ steps.meta.outputs.labels }}
+          # tags:
           outputs: type=image,name=${{ env.DOCKERHUB_IMAGE }},push-by-digest=true,name-canonical=true,push=true
+          labels: ${{ steps.meta.outputs.labels }} |
+            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+            org.opencontainers.image.created=${{ steps.slim.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+          build-args: |
+            BUILD_VERSION=${{ inputs.crowdsec_version }}
       -
         name: Export digest
         run: |