diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..078e0ea
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,90 @@
+name: Deploy to Docker Hub
+
+on:
+
+  # Build and deploy the image on pushes to master branch
+  push:
+    branches: 
+      - master
+      - main
+
+  # Build and deploy the image nightly (to ensure we pick up any security updates)
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  deploy_dockerhub_single_arch:
+    name: Deploy to DockerHub
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        docker-platform:
+          - linux/amd64
+
+    # Set job-wide environment variables
+    #  - REPO: repo name on dockerhub
+    #  - IMAGE: image name on dockerhub
+    env:
+      REPO: mikenye
+      IMAGE: picard
+    steps:
+
+      # Check out our code
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+
+      # Hit an issue where arm builds would fail with cURL errors regarding intermediary certificates when downloading from github (ie: deploy-s6-overlay).
+      # After many hours of troubleshooting, the workaround is to pre-load the image's rootfs with the CA certificates from the runner.
+      # This problem may go away in future.
+      - 
+        name: Copy CA Certificates from GitHub Runner to Image rootfs
+        run: |
+          ls -la /etc/ssl/certs/
+          mkdir -p ./rootfs/etc/ssl/certs
+          mkdir -p ./rootfs/usr/share/ca-certificates/mozilla
+          cp --no-dereference /etc/ssl/certs/*.crt ./rootfs/etc/ssl/certs
+          cp --no-dereference /etc/ssl/certs/*.pem ./rootfs/etc/ssl/certs
+          cp --no-dereference /usr/share/ca-certificates/mozilla/*.crt ./rootfs/usr/share/ca-certificates/mozilla
+      
+      # # Set up QEMU for multi-arch builds
+      # -
+      #   name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v1
+
+      # Log into docker hub (so we can push images)
+      -
+        name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # Set up buildx
+      -
+        name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      # Build "latest"
+      - 
+        name: Build & Push - latest
+        run: docker buildx build --no-cache --push --progress plain -t "${{ env.REPO }}/${{ env.IMAGE }}:latest" --compress --platform "${{ matrix.docker-platform }}" .
+
+      # Get version from "latest"
+      -
+        name: Get latest image version
+        run: |
+          docker pull "${{ env.REPO }}/${{ env.IMAGE }}:latest"
+          echo "VERSION_TAG=$(docker run --rm --entrypoint cat "${{ env.REPO }}/${{ env.IMAGE }}:latest" /CONTAINER_VERSION)" >> $GITHUB_ENV
+
+      # Show version from "latest"
+      -
+        name: Show latest image version
+        run: |
+          echo "${{ env.REPO }}/${{ env.IMAGE }}:latest contains version: ${{ env.VERSION_TAG }}"
+
+      # Build version specific
+      - 
+        name: Build & Push - version specific
+        run: docker buildx build --push --progress plain -t "${{ env.REPO }}/${{ env.IMAGE }}:${{ env.VERSION_TAG }}" --compress --platform "${{ matrix.docker-platform }}" .
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
deleted file mode 100644
index 0c5ece6..0000000
--- a/.github/workflows/docker.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Docker
-
-on:
-  push:
-  pull_request:
-    branches:
-      - master
-
-jobs:
-
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: Build the Docker image
-      run: docker build --no-cache . --file Dockerfile --tag mikenye/picard:testing
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 95d3ae6..c9e4265 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -1,10 +1,10 @@
 name: Linting
 
 on:
-  push:
   pull_request:
     branches: 
       - master
+      - main
 
 jobs:
 
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
new file mode 100644
index 0000000..22ada61
--- /dev/null
+++ b/.github/workflows/tests.yml
@@ -0,0 +1,75 @@
+name: Tests
+
+on:
+  pull_request:
+    branches:
+      - master
+      - main
+
+jobs:
+  buildx:
+    name: Test image build
+    runs-on: ubuntu-latest
+
+    # Set job-wide environment variables
+    #  - REPO: repo name on dockerhub
+    #  - IMAGE: image name on dockerhub
+    env:
+      REPO: mikenye
+      IMAGE: picard
+
+    strategy:
+      matrix:
+        docker-platform:
+          - linux/amd64
+         # - linux/arm64
+         # - linux/arm/v6
+         # - linux/arm/v7
+         # - linux/i386
+    steps:
+
+      # Check out our code
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+
+      # Hit an issue where arm builds would fail with cURL errors regarding intermediary certificates when downloading from github (ie: deploy-s6-overlay).
+      # After many hours of troubleshooting, the workaround is to pre-load the image's rootfs with the CA certificates from the runner.
+      # This problem may go away in future.
+      - 
+        name: Copy CA Certificates from GitHub Runner to Image rootfs
+        run: |
+          ls -la /etc/ssl/certs/
+          mkdir -p ./rootfs/etc/ssl/certs
+          mkdir -p ./rootfs/usr/share/ca-certificates/mozilla
+          cp --no-dereference /etc/ssl/certs/*.crt ./rootfs/etc/ssl/certs
+          cp --no-dereference /etc/ssl/certs/*.pem ./rootfs/etc/ssl/certs
+          cp --no-dereference /usr/share/ca-certificates/mozilla/*.crt ./rootfs/usr/share/ca-certificates/mozilla
+
+      # Set up QEMU for multi-arch builds
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      # Set up buildx for multi platform builds
+      -
+        name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      # Get archictecture suffix
+      -
+        name: Get image architecture suffix
+        run: |
+          echo "ARCH_TAG=$(echo '${{ matrix.docker-platform }}' | cut -d '/' -f2- | tr -s '/' '_')" >> $GITHUB_ENV
+      
+      # Show archictecture suffix
+      -
+        name: Show image architecture suffix
+        run: |
+          echo "Architecture suffix: ${{ env.ARCH_TAG }}"
+
+      # Test container build for all supported platforms (defined above)
+      - 
+        name: Build ${{ matrix.docker-platform }}
+        run: docker buildx build --no-cache --progress plain -t "${{ env.REPO }}/${{ env.IMAGE }}:testing_${{ env.ARCH_TAG }}" --platform "${{ matrix.docker-platform }}" .
diff --git a/Dockerfile b/Dockerfile
index 2fb2bd1..0843aad 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,6 +6,8 @@ ENV URL_PICARD_REPO="https://github.com/metabrainz/picard.git" \
     
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+COPY rootfs/ /
+
 RUN set -x && \
     # Define package arrays
     # TEMP_PACKAGES are packages that will only be present in the image during container build
@@ -145,9 +147,9 @@ RUN set -x && \
     # Clean-up
     apt-get remove -y ${TEMP_PACKAGES[@]} && \
     apt-get autoremove -y && \
-    rm -rf /src/* /tmp/* /var/lib/apt/lists/*
-
-COPY rootfs/ /
+    rm -rf /src/* /tmp/* /var/lib/apt/lists/* && \
+    # Capture picard version
+    picard -V | grep Picard | cut -d ',' -f 1 | cut -d ' ' -f 2 | tr -d ' ' > /CONTAINER_VERSION
 
 ENV APP_NAME="MusicBrainz Picard" \
     LC_ALL="en_US.UTF-8" \