diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
deleted file mode 100644
index 88811d6..0000000
--- a/.github/workflows/ci.yml
+++ /dev/null
@@ -1,56 +0,0 @@
-name: ci
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'main'
-    tags:
-      - 'v*'
-  pull_request:
-    branches:
-      - 'main'
-
-jobs:
-  build-image:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: read
-      packages: write
-      id-token: write # needed for signing the images with GitHub OIDC Token
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: sigstore/cosign-installer@v3
-
-      - uses: docker/metadata-action@v5
-        id: docker_meta
-        with:
-          images: ghcr.io/${{ github.repository }}
-
-      - uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}        
-
-      - uses: docker/build-push-action@v5
-        id: build_and_push
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.docker_meta.outputs.tags }}
-          labels: ${{ steps.docker_meta.outputs.labels }}
-
-      - name: Sign the images with GitHub OIDC Token
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          DIGEST: ${{ steps.build_and_push.outputs.digest }}
-          TAGS: ${{ steps.docker_meta.outputs.tags }}
-        run: |
-          images=""
-          for tag in ${TAGS}; do
-            images+="${tag}@${DIGEST} "
-          done
-          cosign sign --yes ${images}
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 9ee0c25..bedb461 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -45,3 +45,30 @@ jobs:
     - uses: shogo82148/actions-goveralls@v1
       with:
         path-to-profile: profile.cov
+
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write # needed for signing the images with GitHub OIDC Token
+    steps:
+    - uses: actions/checkout@v4
+    - uses: docker/metadata-action@v5
+      id: docker_meta
+      with:
+        images: ghcr.io/${{ github.repository }}
+        tags: |
+          type=ref,event=tag
+    - uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}        
+    - uses: docker/build-push-action@v5
+      id: build_and_push
+      with:
+        context: .
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.docker_meta.outputs.tags }}
+        labels: ${{ steps.docker_meta.outputs.labels }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..4917dc1
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,47 @@
+name: release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write # needed for signing the images with GitHub OIDC Token
+    steps:
+    - uses: actions/checkout@v4
+    - uses: docker/metadata-action@v5
+      id: docker_meta
+      with:
+        images: ghcr.io/${{ github.repository }}
+      tags: |
+        type=ref,event=tag
+    - uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}        
+    - uses: docker/build-push-action@v5
+      id: build_and_push
+      with:
+        context: .
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.docker_meta.outputs.tags }}
+        labels: ${{ steps.docker_meta.outputs.labels }}
+
+    - uses: sigstore/cosign-installer@v3
+    - name: Sign the images with GitHub OIDC Token
+      if: ${{ github.event_name != 'pull_request' }}
+      env:
+        DIGEST: ${{ steps.build_and_push.outputs.digest }}
+        TAGS: ${{ steps.docker_meta.outputs.tags }}
+      run: |
+        images=""
+        for tag in ${TAGS}; do
+          images+="${tag}@${DIGEST} "
+        done
+        cosign sign --yes ${images}
diff --git a/README.md b/README.md
index 784bd32..2e657a2 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # myip
 "What's my IP" application
 
-[![ci](https://github.com/kuoss/myip/actions/workflows/ci.yml/badge.svg)](https://github.com/kuoss/myip/actions)
-[![pull-request](https://github.com/kuoss/myip/actions/workflows/pull-request.yml/badge.svg)](https://github.com/kuoss/myip/actions)
+[![release](https://github.com/kuoss/myip/actions/workflows/release.yml/badge.svg)](hhttps://github.com/kuoss/myip/actions/workflows/release.yml)
+[![pull-request](https://github.com/kuoss/myip/actions/workflows/pull-request.yml/badge.svg)](https://github.com/kuoss/myip/actions/workflows/pull-request.yml)
 [![Coverage Status](https://coveralls.io/repos/github/kuoss/myip/badge.svg?branch=main)](https://coveralls.io/github/kuoss/myip?branch=main)
 [![GitHub license](https://img.shields.io/github/license/kuoss/myip.svg)](https://github.com/kuoss/myip/blob/main/LICENSE)
 [![Go Report Card](https://goreportcard.com/badge/github.com/kuoss/myip)](https://goreportcard.com/report/github.com/kuoss/myip)