diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 095ebf284..f1e907dad 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,12 +2,6 @@ name: Build
 
 on:
   workflow_dispatch:
-    inputs:
-      useCache:
-        description: Use GHA cache
-        type: boolean
-        required: false
-        default: true
   push:
     branches:
       - main
@@ -67,7 +61,8 @@ jobs:
     needs: build_matrix
     runs-on: ${{ matrix.runner }}
     permissions:
-      actions: write # this permission is needed to delete cache
+      packages: write
+      contents: read
     strategy:
       fail-fast: false
       matrix:
@@ -90,31 +85,17 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Restore cache
-        if: github.event_name != 'workflow_dispatch' || fromJSON(github.event.inputs.useCache)
-        uses: actions/cache/restore@v4
+      - name: Login to GitHub Container Registry
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'pypa/manylinux'
+        uses: docker/login-action@v3
         with:
-          path: .buildx-cache-${{ matrix.policy }}_${{ matrix.platform }}/*
-          key: buildx-cache-${{ matrix.policy }}-${{ matrix.platform }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build
         run: ./build.sh
 
-      - name: Delete cache
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        run: |
-          KEY="buildx-cache-${{ matrix.policy }}-${{ matrix.platform }}"
-          gh cache delete ${KEY} || true
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Save cache
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        uses: actions/cache/save@v4
-        with:
-          path: .buildx-cache-${{ matrix.policy }}_${{ matrix.platform }}/*
-          key: buildx-cache-${{ matrix.policy }}-${{ matrix.platform }}
-
       - name: Deploy
         if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'pypa/manylinux'
         run: ./deploy.sh
diff --git a/build.sh b/build.sh
index c24f5ed02..ce6be0c13 100755
--- a/build.sh
+++ b/build.sh
@@ -95,11 +95,17 @@ elif [ "${MANYLINUX_BUILD_FRONTEND}" == "podman" ]; then
 	TEST_COMMAND="podman"
 	podman build "${BUILD_ARGS_COMMON[@]}"
 elif [ "${MANYLINUX_BUILD_FRONTEND}" == "docker-buildx" ]; then
-	USE_LOCAL_CACHE=1
+	if [ "${GITHUB_REPOSITORY:-}_${GITHUB_EVENT_NAME:-}_${GITHUB_REF:-}" == "pypa/manylinux_push_refs/heads/main" ]; then
+		CACHE_STORE="--cache-to=type=registry,ref=ghcr.io/pypa/manylinux-cache:${POLICY}_${PLATFORM}_main,mode=max,compression=zstd,compression-level=22,force-compression=true"
+	else
+		USE_LOCAL_CACHE=1
+		CACHE_STORE="--cache-to=type=local,dest=$(pwd)/.buildx-cache-staging-${POLICY}_${PLATFORM},mode=max,compression=zstd,compression-level=22,force-compression=true"
+	fi
 	docker buildx build \
 		--load \
+		"--cache-from=type=registry,ref=ghcr.io/pypa/manylinux-cache:${POLICY}_${PLATFORM}_main" \
 		"--cache-from=type=local,src=$(pwd)/.buildx-cache-${POLICY}_${PLATFORM}" \
-		"--cache-to=type=local,dest=$(pwd)/.buildx-cache-staging-${POLICY}_${PLATFORM},mode=max,compression=zstd,compression-level=22,force-compression=true" \
+		"${CACHE_STORE}" \
 		"${BUILD_ARGS_COMMON[@]}"
 else
 	echo "Unsupported build frontend: '${MANYLINUX_BUILD_FRONTEND}'"