diff --git a/.dockerignore b/.dockerignore
index 81679f46..be0f067b 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -6,7 +6,6 @@ test
 
 .git
 .gitignore
-Dockerfile
 LICENSE
 *.md
 *.png
\ No newline at end of file
diff --git a/.github/workflows/publish-dev.yaml b/.github/workflows/publish-dev.yaml
index 12cfa3c5..4ae8a5c9 100644
--- a/.github/workflows/publish-dev.yaml
+++ b/.github/workflows/publish-dev.yaml
@@ -24,13 +24,13 @@ jobs:
         id: check
         with:
           script: |
-            const PUBLISH_DEV_LABEL = 'publish/image/dev';
-            const PUBLISH_AMD64_LABEL = 'publish/image/dev/amd64';
+            const PUBLISH_FULL_LABEL = 'dev-image/publish/amd64-only';
+            const PUBLISH_AMD64_LABEL = 'dev-image/publish/multiarch';
             const labelName = context.payload.label.name;
 
             let runPublish = false;
             let buildMultiArch = false;
-            if (labelName === PUBLISH_DEV_LABEL) {
+            if (labelName === PUBLISH_FULL_LABEL) {
               runPublish = true;
               buildMultiArch = true;
             }
@@ -77,14 +77,17 @@ jobs:
           : Image name and version for dev image
           # Example: dev-feat_branch-371e2d3b-2020.02.06_18:37:42
           APP_VERSION=dev-${GITHUB_REF#refs/heads/}-${GITHUB_SHA::8}-$(date +'%Y.%m.%d_%H:%M:%S')
-          GHCR_IO_IMAGE_NAME="${GHCR_IO_REPO}:pr${{ github.event.pull_request.number }}"
+          IMAGE_TAG="pr${{ github.event.pull_request.number }}"
+          GHCR_IO_IMAGE_NAME="${GHCR_IO_REPO}:${IMAGE_TAG}"
 
           echo "APP_VERSION=${APP_VERSION}" >> ${GITHUB_ENV}
+          echo "IMAGE_TAG=${IMAGE_TAG}" >> ${GITHUB_ENV}
           echo "GHCR_IO_IMAGE_NAME=${GHCR_IO_IMAGE_NAME}" >> ${GITHUB_ENV}
 
           echo "========================================="
-          echo "APP_VERSION             = $APP_VERSION"
-          echo "GHCR_IO_IMAGE_NAME      = $GHCR_IO_IMAGE_NAME"
+          echo "APP_VERSION          = $APP_VERSION"
+          echo "IMAGE_TAG            = $IMAGE_TAG"
+          echo "GHCR_IO_IMAGE_NAME   = $GHCR_IO_IMAGE_NAME"
           echo "========================================="
 
           if [[ ${BUILD_MULTI_ARCH} == "false" ]] ; then
@@ -94,17 +97,14 @@ jobs:
           echo "BUILDX_PLATFORMS   = ${BUILDX_PLATFORMS}"
           echo "========================================="
 
-      - name: Set up QEMU
+      - name: Setup qemu
         if: needs.check.outputs.build_multi_arch == 'true'
         uses: docker/setup-qemu-action@v2.1.0
         with:
           platforms: "${{ env.QEMU_PLATFORMS }}"
 
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          version: latest
+      - name: Setup werf
+        uses: werf/actions/install@v1.2
 
       - name: Login to Github Container Registry
         uses: docker/login-action@v2.1.0
@@ -113,14 +113,21 @@ jobs:
           username: ${{ secrets.GHCR_IO_USER }}
           password: ${{ secrets.GHCR_IO_PASS }}
 
-      - name: Build and push using buildx
+      - name: Build and push
         run: |
-          echo "Build ${GHCR_IO_IMAGE_NAME} with version '${APP_VERSION}'"
-          docker buildx build \
-              --platform $BUILDX_PLATFORMS \
-              --build-arg appVersion=$APP_VERSION \
-              --tag $GHCR_IO_IMAGE_NAME \
-              --push .
+          echo "Build ${GHCR_IO_IMAGE_NAME} with version '${APP_VERSION}' and tag '${IMAGE_TAG}'"
+          
+          source "$(werf ci-env github --as-file)"
+
+          export WERF_BUILDAH_MODE=auto
+
+          werf build --repo ${GHCR_IO_REPO} --add-custom-tag ${IMAGE_TAG}
+          
+#          docker buildx build \
+#              --platform $BUILDX_PLATFORMS \
+#              --build-arg appVersion=$APP_VERSION \
+#              --tag $GHCR_IO_IMAGE_NAME \
+#              --push .
 
       - name: Inspect binaries
         if: needs.check.outputs.build_multi_arch == 'true'
diff --git a/Dockerfile b/Dockerfile
index d6e2b48b..54a53760 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,37 +1,42 @@
 # Prebuilt libjq.
-FROM --platform=${TARGETPLATFORM:-linux/amd64} flant/jq:b6be13d5-musl as libjq
+FROM flant/jq:b6be13d5-musl as libjq
+LABEL workaround="support single FROM"
 
 # Go builder.
-FROM --platform=${TARGETPLATFORM:-linux/amd64} golang:1.20-alpine3.16 AS builder
+FROM golang:1.20-alpine3.18 AS builder
 
 ARG appVersion=latest
-RUN apk --no-cache add git ca-certificates gcc musl-dev libc-dev
+RUN echo appversion=$appVersion
+#RUN apk --no-cache add git ca-certificates gcc musl-dev libc-dev
 
 # Cache-friendly download of go dependencies.
 ADD go.mod go.sum /app/
 WORKDIR /app
-RUN go mod download
+#RUN go mod download
 
 COPY --from=libjq /libjq /libjq
 ADD . /app
 
-RUN CGO_ENABLED=1 \
-    CGO_CFLAGS="-I/libjq/include" \
-    CGO_LDFLAGS="-L/libjq/lib" \
-    GOOS=linux \
-    go build -ldflags="-linkmode external -extldflags '-static' -s -w -X 'github.com/flant/shell-operator/pkg/app.Version=$appVersion'" \
-             -tags use_libjq \
-             -o shell-operator \
-             ./cmd/shell-operator
+RUN touch shell-operator
+
+#RUN CGO_ENABLED=1 \
+#    CGO_CFLAGS="-I/libjq/include" \
+#    CGO_LDFLAGS="-L/libjq/lib" \
+#    GOOS=linux \
+#    go build -ldflags="-linkmode external -extldflags '-static' -s -w -X 'github.com/flant/shell-operator/pkg/app.Version=$appVersion'" \
+#             -tags use_libjq \
+#             -o shell-operator \
+#             ./cmd/shell-operator
 
 # Final image
-FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.18
+FROM alpine:3.18
 ARG TARGETPLATFORM
 RUN apk --no-cache add ca-certificates bash sed tini && \
-    kubectlArch=$(echo ${TARGETPLATFORM:-linux/amd64} | sed 's/\/v7//') && \
-    echo "Download kubectl for ${kubectlArch}" && \
-    wget https://storage.googleapis.com/kubernetes-release/release/v1.21.10/bin/${kubectlArch}/kubectl -O /bin/kubectl && \
-    chmod +x /bin/kubectl && \
+    echo "TARGETPLATFORM=${TARGETPLATFORM}" && \
+#    kubectlArch=$(echo ${TARGETPLATFORM:-linux/amd64} | sed 's/\/v7//') && \
+#    echo "Download kubectl for ${kubectlArch}" && \
+#    wget https://storage.googleapis.com/kubernetes-release/release/v1.21.10/bin/${kubectlArch}/kubectl -O /bin/kubectl && \
+#    chmod +x /bin/kubectl && \
     mkdir /hooks
 ADD frameworks/shell /frameworks/shell
 ADD shell_lib.sh /
diff --git a/werf-giterminism.yaml b/werf-giterminism.yaml
new file mode 100644
index 00000000..f7cd1ad4
--- /dev/null
+++ b/werf-giterminism.yaml
@@ -0,0 +1,10 @@
+giterminismConfigVersion: 1
+config:
+  goTemplateRendering:	# The rules for the Go-template functions
+    allowEnvVariables: [ /APP_VERSION/ ]
+    #allowUncommittedFiles: [ "tools/build_includes/*" ]
+#  stapel:
+#    mount:
+#      allowBuildDir: true
+#      allowFromPaths:
+#        - ~/go-pkg-cache
diff --git a/werf.yaml b/werf.yaml
new file mode 100644
index 00000000..5f4dfbf0
--- /dev/null
+++ b/werf.yaml
@@ -0,0 +1,12 @@
+project: shell-operator
+configVersion: 1
+build:
+  platform:
+    - linux/amd64
+    - linux/arm64
+---
+image: main
+dockerfile: Dockerfile
+staged: true
+args:
+  appVersion: {{ env "APP_VERSION" }}