diff --git a/.ci/gsc.jenkinsfile b/.ci/gsc.jenkinsfile
index ffe3e01068..d3a2ba939a 100644
--- a/.ci/gsc.jenkinsfile
+++ b/.ci/gsc.jenkinsfile
@@ -17,6 +17,19 @@ pipeline {
                 '''
             }
         }
+        stage('Test_CD') {
+            steps {
+                sh '''
+                    # Test the build of Graphene base images which are automatically
+                    # pushed to Docker Hub after a merge. This does not test the actual
+                    # continuous deployment Github action, instead only tests the
+                    # underlying script.
+                    cd Tools/gsc
+                    make build-images
+                    make distclean
+                '''
+            }
+        }
         stage('Test') {
             steps {
                 sh '''
diff --git a/.github/workflows/graphene-base-image.yaml b/.github/workflows/graphene-base-image.yaml
new file mode 100644
index 0000000000..eeab1708d5
--- /dev/null
+++ b/.github/workflows/graphene-base-image.yaml
@@ -0,0 +1,29 @@
+name: Graphene Docker Image CD
+
+on:
+  push:
+    branches: [ master ]
+
+jobs:
+
+  build:
+    if: ${{ github.repository == 'oscarlab/graphene' }}
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+    - name: Install Python dependencies
+      run: |
+        pip install jinja2 pyyaml docker
+    - name: Build the Graphene Docker image
+      env: # Set Docker Hub account information to environment variables
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+        cd Tools/gsc
+        make build-images
+        make push-images
diff --git a/Tools/gsc/Makefile b/Tools/gsc/Makefile
index 6f822298e0..69cd23a8a3 100644
--- a/Tools/gsc/Makefile
+++ b/Tools/gsc/Makefile
@@ -5,10 +5,13 @@
 # templates/Dockerfile.*.compile.template changes), these automatically generated files need to be
 # updated. Generally, changes to Graphene do not require rebuilding these Docker files.
 
-IMAGES=graphene_aks
+IMAGES=aks
 VERSIONS=latest
+# Official Docker Hub organization name. In case of a name change in Docker Hub, this name must be
+# changed.
+DOCKERHUB_ORGANIZATION=graphenelibos
 
-all: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, ${IMAGES}), .${VERSIONS}))
+all: generate-dockerfiles build-images
 
 config.aks.%.yaml:
 	printf \
@@ -20,10 +23,30 @@ config.aks.%.yaml:
 	    Repository: \"https://github.com/intel/SGXDataCenterAttestationPrimitives.git\"\n\
 	    Branch: \"DCAP_1.7 && cp -r driver/linux/* .\"\n" > $@
 
-images/graphene_aks.latest.dockerfile: config.aks.master.yaml
+images:
+	mkdir -p images
+
+images/graphene_aks.latest.dockerfile: config.aks.master.yaml images
 	./gsc build-graphene -f -c $< graphene-aks
 	mv build/gsc-graphene-aks/Dockerfile.compile $@
 
+.PHONY: generate-dockerfiles
+generate-dockerfiles: $(addsuffix .dockerfile, $(addprefix $(addprefix images/, graphene_${IMAGES}), .${VERSIONS}))
+
+.PHONY: build-images
+build-images: $(addprefix $(addprefix build-, $(IMAGES))-, $(VERSIONS))
+
+.PHONY: build-aks-%
+build-aks-%: images/graphene_aks.%.dockerfile
+	docker build --rm --no-cache -t $(DOCKERHUB_ORGANIZATION)/aks:$* -f images/graphene_aks.$*.dockerfile images/
+
+.PHONY: push-images
+push-images: $(addprefix $(addprefix push-, $(IMAGES))-, $(VERSIONS))
+
+.PHONY: push-aks-%
+push-aks-%:
+	docker push $(DOCKERHUB_ORGANIZATION)/aks:$*
+
 .PHONY: distclean
 distclean: clean
 	$(RM) images/*
@@ -32,3 +55,7 @@ distclean: clean
 .PHONY: clean
 clean:
 	$(RM) config.aks.*.yaml
+
+.PHONY: clean-images
+clean-images:
+	docker rmi -f $(addprefix $(addprefix $(DOCKERHUB_ORGANIZATION)/, $(IMAGES)):, $(VERSIONS))
diff --git a/Tools/gsc/images/graphene_aks.latest.dockerfile b/Tools/gsc/images/graphene_aks.latest.dockerfile
deleted file mode 100644
index 8b02c27b25..0000000000
--- a/Tools/gsc/images/graphene_aks.latest.dockerfile
+++ /dev/null
@@ -1,36 +0,0 @@
-FROM ubuntu:18.04 AS graphene
-
-RUN env DEBIAN_FRONTEND=noninteractive apt-get update \
-    && env DEBIAN_FRONTEND=noninteractive apt-get install -y \
-        autoconf \
-        bison \
-        build-essential \
-        coreutils \
-        gawk \
-        git \
-        libcurl4-openssl-dev \
-        libprotobuf-c-dev \
-        protobuf-c-compiler \
-        python3-protobuf \
-        wget \
-    && python3 -B -m pip install toml>=0.10
-
-RUN git clone https://github.com/oscarlab/graphene.git /graphene
-
-RUN cd /graphene \
-    && git fetch origin master \
-    && git checkout master
-
-RUN cd /graphene/Pal/src/host/Linux-SGX \
-    && git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git linux-sgx-driver \
-    && cd linux-sgx-driver \
-    && git checkout DCAP_1.7 && cp -r driver/linux/* .
-
-RUN cd /graphene \
-    && ISGX_DRIVER_PATH=/graphene/Pal/src/host/Linux-SGX/linux-sgx-driver \
-    make -s -j WERROR=1 SGX=1
-
-
-
-# Translate runtime symlinks to files
-RUN for f in $(find /graphene/Runtime -type l); do cp --remove-destination $(realpath $f) $f; done