diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..7d49859
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,52 @@
+name: publish
+on:
+  push:
+    branches:
+      - 'main'
+
+jobs:
+  bullseye:
+    name: Build bullseye image
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # needed to interact with GitHub's OIDC Token endpoint.
+      contents: read
+    env:
+      REPOSITORY: jupyter
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      #- name: Set up QEMU
+      #  uses: docker/setup-qemu-action@v3
+
+      #- name: Set up Docker Buildx
+      #  uses: docker/setup-buildx-action@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::767397804933:role/github-actions-image-publishing-role-dpzyqzl6r1zt
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      #- name: Docker meta
+      #  id: meta
+      #  uses: docker/metadata-action@v5
+      #  with:
+      #    images: ${{ steps.login-ecr.outputs.registry }}/${{ env.REPOSITORY }}
+      #    tags: |
+      #      type=ref,event=branch
+      #      type=ref,event=pr
+      #      type=semver,pattern={{version}}
+      #      type=semver,pattern={{major}}.{{minor}}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: 3.11/bullseye
+          push: true
+          tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.REPOSITORY }}:3.11-bullseye