diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml
index 29db1f2..1fab2d8 100644
--- a/.github/workflows/docker-images.yml
+++ b/.github/workflows/docker-images.yml
@@ -20,16 +20,24 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.8.1
 
       - name: Log in to GitHub Container Registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+        uses: docker/login-action@v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Get version from version.py
         id: get_version
@@ -41,17 +49,32 @@ jobs:
       - name: Convert repository owner to lowercase
         run: echo "REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
-      - name: Build Docker image
-        run: |
-          docker build -t ghcr.io/${{ env.REPO_OWNER }}/pyproxy:${{ env.VERSION }} -t ghcr.io/${{ env.REPO_OWNER }}/pyproxy:latest .
-  
-      - name: Build Docker slim image
-        run: |
-          docker build -f Dockerfile.slim -t ghcr.io/${{ env.REPO_OWNER }}/pyproxy:${{ env.VERSION }}-slim -t ghcr.io/${{ env.REPO_OWNER }}/pyproxy:latest-slim .
+      - id: docker_meta
+        uses: docker/metadata-action@v5.6.1
+        with:
+          images: |
+            ghcr.io/${{ env.REPO_OWNER }}/pyproxy:${{ env.VERSION }}-slim
+            ghcr.io/${{ env.REPO_OWNER }}/pyproxy:latest-slim
+            ghcr.io/${{ env.REPO_OWNER }}/pyproxy:${{ env.VERSION }}
+            ghcr.io/${{ env.REPO_OWNER }}/pyproxy:latest
+          tags: type=raw
+
+      - name: Build and Push Docker images
+        uses: docker/build-push-action@v6.14.0
+        id: build-and-push
+        with:
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          push: true
+          tags: ${{ steps.docker_meta.outputs.tags }}
 
-      - name: Push Docker image
+      - name: Sign the publisehd Docker image
         run: |
-          docker push ghcr.io/${{ env.REPO_OWNER }}/pyproxy:${{ env.VERSION }}-slim
-          docker push ghcr.io/${{ env.REPO_OWNER }}/pyproxy:latest-slim
-          docker push ghcr.io/${{ env.REPO_OWNER }}/pyproxy:${{ env.VERSION }}
-          docker push ghcr.io/${{ env.REPO_OWNER }}/pyproxy:latest
\ No newline at end of file
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}"
+          done
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
+        env:
+          TAGS: ${{ steps.docker_meta.outputs.tags }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
\ No newline at end of file
diff --git a/cosign.pub b/cosign.pub
new file mode 100644
index 0000000..7d1f415
--- /dev/null
+++ b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEUeaD2IefyJvBbZvUxygbBaM1/TA
+2dgFXxehw6kRMvNFByRGVvIwx7ovWCYWHX4wPuOT7TKphYF0afKiB1ym9Q==
+-----END PUBLIC KEY-----