diff --git a/.github/workflows/publish-on-tag.yml b/.github/workflows/publish-on-tag.yml
index a2849f1..9fc7d70 100644
--- a/.github/workflows/publish-on-tag.yml
+++ b/.github/workflows/publish-on-tag.yml
@@ -7,24 +7,25 @@ on:
 
 jobs:
   build:
+    permissions:
+      contents: read
+      packages: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
+    - uses: docker/setup-buildx-action@v2
+    - uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
-        password: ${{ secrets.GHCR_TOKEN }}
-
-    - name: Set env
-      run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-
-    - name: Publish Docker image
-      run: |
-        cd kratos-admin-ui
-        docker build . --tag ghcr.io/dfoxg/kratos-admin-ui:$RELEASE_VERSION
-        docker tag ghcr.io/dfoxg/kratos-admin-ui:$RELEASE_VERSION ghcr.io/dfoxg/kratos-admin-ui:latest
-        docker push ghcr.io/dfoxg/kratos-admin-ui:$RELEASE_VERSION
-        docker push ghcr.io/dfoxg/kratos-admin-ui:latest
\ No newline at end of file
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - id: meta
+      uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+      with:
+        images: ghcr.io/${{ github.repository }}
+    - uses: docker/build-push-action@v4
+      with:
+        context: ./kratos-admin-ui
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 349fcc0..0c8a91b 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -6,19 +6,25 @@ on:
 
 jobs:
   build:
+    permissions:
+      contents: read
+      packages: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
+    - uses: docker/setup-buildx-action@v2
+    - uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
-        password: ${{ secrets.GHCR_TOKEN }}
-
-    - name: Publish Docker image
-      run: |
-        cd kratos-admin-ui
-        docker build . --tag ghcr.io/dfoxg/kratos-admin-ui:$GITHUB_SHA
-        docker push ghcr.io/dfoxg/kratos-admin-ui:$GITHUB_SHA
\ No newline at end of file
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - id: meta
+      uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+      with:
+        images: ghcr.io/${{ github.repository }}
+    - uses: docker/build-push-action@v4
+      with:
+        context: ./kratos-admin-ui
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}