diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index 04918b2..331bcfb 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -41,8 +41,10 @@ jobs:
         with:
           go-version-file: "go.mod"
 
-      - name: Build
-        run: go build
-
-      - name: Docker Build
-        run: docker build .
+      - name: Build Releases
+        uses: goreleaser/goreleaser-action@v6.0.0
+        with:
+          version: "~> v2"
+          args: release --clean --snapshot
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
index 4c49bd7..5bfcd1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .env
+dist
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 3445c2f..41fd9a0 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -18,6 +18,7 @@ builds:
 dockers:
   - goos: linux
     goarch: amd64
+    dockerfile: Dockerfile.release
     image_templates:
       - "systemli/userli-postfix-adapter:{{ .Tag }}"
       - "systemli/userli-postfix-adapter:{{ .Major }}"
@@ -26,6 +27,6 @@ dockers:
 checksum:
   name_template: "checksums.txt"
 snapshot:
-  name_template: "{{ .Tag }}-next"
+  version_template: "{{ .Tag }}-next"
 changelog:
   disable: true
diff --git a/Dockerfile.release b/Dockerfile.release
new file mode 100644
index 0000000..0dd96ea
--- /dev/null
+++ b/Dockerfile.release
@@ -0,0 +1,25 @@
+FROM alpine:3.19 AS build
+
+ENV USER=appuser
+ENV UID=10001
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+FROM scratch AS runtime
+
+COPY userli-postfix-adapter /userli-postfix-adapter
+
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+USER appuser:appuser
+
+ENTRYPOINT ["/userli-postfix-adapter"]