diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 5502460..b949630 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -1,40 +1,51 @@
-name: Build and push
+name: Build and push image
 
 on:
   push:
     branches:
-      - 'master'
-  pull_request:
-    branches:
-      - 'master'
+      - master
+
+permissions:
+  contents: read
+  id-token: write
+  packages: write
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.vars.outputs.image-tag }}
+      application: ${{ steps.vars.outputs.application }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Set variables
+        id: vars
+        env:
+          EVENT_NAME: ${{ github.event_name }}
+          REF_TYPE: ${{ github.ref_type }}
+          REF_NAME: ${{ github.ref_name }}
+          GIT_SHA: ${{ github.sha }}
+        run: |
+          date="$(date -u +%Y%m%d)"
+          short_rev="$(git rev-parse --short "$GIT_SHA")"
+          echo "image-tag=${REF_NAME}" >> $GITHUB_OUTPUT
+          echo "application=bacchus-snu/snucse-api" >> $GITHUB_OUTPUT
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      - name: Login to GitHub container registry
-        uses: docker/login-action@v2
+      - name: Configure registry credentials
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Get metadata
-        id: metadata
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ghcr.io/snucse/snucse-api
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
       - name: Build and push
         uses: docker/build-push-action@v4
         with:
           context: .
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.metadata.outputs.tags }}
-          labels: ${{ steps.metadata.outputs.labels }}
+          tags: ghcr.io/bacchus-snu/${{ vars.IMAGE_NAME }}:${{ steps.vars.outputs.image-tag }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
index dc4b49f..c4ebc2b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,5 +3,9 @@ WORKDIR /app
 COPY Gemfile .
 COPY Gemfile.lock .
 RUN bundle install
+RUN apt update && apt install imagemagick -y && rm -rf /var/lib/apt/lists/*
 COPY . .
+RUN useradd -ms /bin/bash snucse
+RUN chown -R snucse: /app
+USER snucse
 CMD ["passenger", "start"]