diff --git a/.github/workflows/build-publish-mcr.yaml b/.github/workflows/build-publish-mcr.yaml
new file mode 100644
index 00000000..1a875e8d
--- /dev/null
+++ b/.github/workflows/build-publish-mcr.yaml
@@ -0,0 +1,61 @@
+# This Github Action will build and publish images to Azure Container Registry(ACR), from where the published images will be
+# automatically pushed to the trusted registry, Microsoft Container Registry(MCR).
+name: Building and Pushing to MCR
+on:
+  workflow_dispatch:
+    inputs:
+      releaseTag:
+        description: 'Release tag to publish images, defaults to the latest one'
+        type: string
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read  # This is required for actions/checkout
+
+env:
+  REGISTRY_REPO: unlisted/aks/eno
+
+jobs:
+  prepare-variables:
+    runs-on: ubuntu-latest
+    outputs:
+      release_tag: ${{ steps.vars.outputs.release_tag }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: 'Set output variables'
+        id: vars
+        run: |
+          # set the image version
+          RELEASE_TAG=${{ inputs.releaseTag }}
+          if [ -z "$RELEASE_TAG" ]; then
+            RELEASE_TAG=`git describe --tags $(git rev-list --tags --max-count=1)`
+            echo "The user input release tag is empty, will use the latest tag $RELEASE_TAG."
+          fi
+          echo "release_tag=$RELEASE_TAG" >> $GITHUB_OUTPUT
+
+          # NOTE: As exporting a variable from a secret is not possible, the shared variable registry obtained
+          # from AZURE_REGISTRY secret is not exported from here.
+
+  publish-images:
+    runs-on: ubuntu-latest
+    needs: prepare-variables
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.prepare-variables.outputs.release_tag }}
+      - name: 'OIDC Login to Azure Public Cloud'
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      - name: 'Login the ACR'
+        run: az acr login -n ${{ secrets.AZURE_REGISTRY }}
+      - name: Build and publish eno-manager
+        run: |
+          make docker-build-eno-manager
+        env:
+          ENO_MANAGER_IMAGE_VERSION: ${{ needs.prepare-variables.outputs.release_tag }}
+          REGISTRY: ${{ secrets.AZURE_REGISTRY }}/${{ env.REGISTRY_REPO}}
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 00000000..a7bef9f7
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,17 @@
+ifndef TAG
+	TAG ?= $(shell git rev-parse --short=7 HEAD)
+endif
+ENO_MANAGER_IMAGE_VERSION ?= $(TAG)
+ENO_MANAGER_IMAGE_NAME ?= eno-manager
+
+# Images
+OUTPUT_TYPE ?= type=registry
+
+.PHONY: docker-build-eno-manager
+docker-build-hub-agent: docker-buildx-builder
+	docker buildx build \
+		--file docker/$(ENO_MANAGER_IMAGE_NAME)/Dockerfile \
+		--output=$(OUTPUT_TYPE) \
+		--platform="linux/amd64" \
+		--pull \
+		--tag $(REGISTRY)/$(ENO_MANAGER_IMAGE_NAME):$(ENO_MANAGER_IMAGE_VERSION) .
diff --git a/docker/eno-manager/Dockerfile b/docker/eno-manager/Dockerfile
new file mode 100644
index 00000000..8ad0b076
--- /dev/null
+++ b/docker/eno-manager/Dockerfile
@@ -0,0 +1,8 @@
+FROM golang:1.21 AS builder
+WORKDIR /app
+COPY . .
+RUN CGO_ENABLED=0 go build -o eno-manager ./internal/manager/manager.go
+
+FROM scratch
+COPY --from=builder /app/eno-manager /eno-manager
+ENTRYPOINT []
\ No newline at end of file