diff --git a/.github/workflows/stackhpc-publish-artifacts.yml b/.github/workflows/stackhpc-publish-artifacts.yml
new file mode 100644
index 00000000..0d23bfdb
--- /dev/null
+++ b/.github/workflows/stackhpc-publish-artifacts.yml
@@ -0,0 +1,34 @@
+name: Publish artifacts
+
+on:
+  # Publish artifacts on every push to master, every tag and open pull request
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - ready_for_review
+      - reopened
+    branches:
+      - main
+
+# Use the head ref for workflow concurrency, with cancellation.
+# This should mean that any previous workflows for a PR get
+# cancelled when a new commit is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref }}
+  cancel-in-progress: true
+
+jobs:
+  publish_images:
+    uses: ./.github/workflows/stackhpc-publish-images.yml
+    secrets: inherit
+
+  publish_charts:
+    needs: [publish_images]
+    uses: ./.github/workflows/stackhpc-publish-charts.yml
+    secrets: inherit
diff --git a/.github/workflows/stackhpc-publish-charts.yml b/.github/workflows/stackhpc-publish-charts.yml
new file mode 100644
index 00000000..89121f26
--- /dev/null
+++ b/.github/workflows/stackhpc-publish-charts.yml
@@ -0,0 +1,27 @@
+name: Publish Helm charts
+
+on:
+  workflow_call:
+
+jobs:
+  build_push_charts:
+    name: Build and push Helm charts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+        with:
+          # This is important for the semver action to work correctly
+          # when determining the number of commits since the last tag
+          fetch-depth: 0
+
+      - name: Get SemVer version for current commit
+        id: semver
+        uses: azimuth-cloud/github-actions/semver@master
+
+      - name: Publish Helm charts
+        uses: azimuth-cloud/github-actions/helm-publish@master
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          version: ${{ steps.semver.outputs.version }}
+          app-version: ${{ steps.semver.outputs.short-sha }}
diff --git a/.github/workflows/stackhpc-publish-images.yml b/.github/workflows/stackhpc-publish-images.yml
new file mode 100644
index 00000000..cf3feb4a
--- /dev/null
+++ b/.github/workflows/stackhpc-publish-images.yml
@@ -0,0 +1,48 @@
+name: Publish container images
+
+on:
+  workflow_call:
+
+jobs:
+  build_push_images:
+    name: Build and push images
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write         # needed for signing the images with GitHub OIDC Token
+      packages: write         # required for pushing container images
+      security-events: write  # required for pushing SARIF files
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get SemVer version for current commit
+        id: semver
+        uses: azimuth-cloud/github-actions/semver@master
+
+      - name: Calculate metadata for image
+        id: image-meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/stackhpc/slurm-operator
+          # Produce the branch name or tag and the SHA as tags
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=raw,value=${{ steps.semver.outputs.short-sha }}
+
+      - name: Build and push image
+        uses: azimuth-cloud/github-actions/docker-multiarch-build-push@master
+        with:
+          cache-key: slurm-operator
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.image-meta.outputs.tags }}
+          labels: ${{ steps.image-meta.outputs.labels }}