diff --git a/.forgejo/workflows/build-image.yaml b/.forgejo/workflows/build-image.yaml
index 349dcec..0b7dd3d 100644
--- a/.forgejo/workflows/build-image.yaml
+++ b/.forgejo/workflows/build-image.yaml
@@ -38,3 +38,46 @@ jobs:
           image: 'ver4a/oci-builder'
           tags: 'ci-dev'
           registry: 'registry.uncontrol.me'
+
+  test-oci-builder:
+    name: 'Test oci-builder'
+    runs-on: 'oci-builder-ci-dev'
+    needs: 'build-oci-builder'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: 'Build image'
+        uses: 'https://git.uncontrol.me/ver4a-actions/buildah-build@v2-compat'
+        with:
+          image: 'registry.uncontrol.me/ver4a/oci-builder'
+          tags: 'throwaway'
+          containerfiles: 'Dockerfile'
+          oci: true
+          extra-args: |
+            --userns=container
+            --security-opt=no-new-privileges
+            --annotation=quay.expires-after=
+          build-args: |
+            REGISTRY_DOMAIN=${{ vars.REGISTRY_DOMAIN }}
+            NAMESPACE=${{ vars.NAMESPACE }}
+
+  release-oci-builder:
+    name: 'Release oci-builder'
+    runs-on: 'oci-builder-ci-dev'
+    needs: 'test-oci-builder'
+
+    steps:
+      - name: 'Log in to registry'
+        uses: 'actions/podman-login@v1'
+        with:
+          registry: ${{ vars.REGISTRY_DOMAIN }}
+          username: ${{ vars.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+          auth_file_path: '$HOME/.config/containers/auth.json'
+
+      - name: 'Move :ci-dev to :stable'
+        run: skopeo copy docker://registry.uncontrol.me/ver4a/oci-builder:ci-dev docker://registry.uncontrol.me/ver4a/oci-builder:stable
+
+      - name: 'Delete development image from registry'
+        run: skopeo delete docker://registry.uncontrol.me/ver4a/oci-builder:ci-dev