diff --git a/.github/workflows/release-reproducible-smart-contract.yaml b/.github/workflows/release-reproducible-smart-contract.yaml
new file mode 100644
index 0000000..bb569b0
--- /dev/null
+++ b/.github/workflows/release-reproducible-smart-contract.yaml
@@ -0,0 +1,51 @@
+name: Create and publish a Docker image for verifiable-sc.
+
+on:
+  workflow_dispatch: # allows manual trigger
+
+  push:
+    tags:
+      - 'verifiable-sc/*.*.*'
+
+env:
+  REGISTRY: docker.io
+  SERVICE_NAME: 'verifiable-sc'
+  SOURCE_IMAGE_TAG: 'rust:1.75.0'
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    environment: testnet-deployments
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      # Uses the `docker/login-action` action to log in to the Container registry.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Extract version from git tag
+        id: meta
+        env:
+            TAG: ${{ github.ref_name }}
+        run: |
+            SERVICE_TAG=${TAG##${{ env.SERVICE_NAME }}/}
+            if [ $SERVICE_TAG != ${{ env.SOURCE_IMAGE_TAG }} ]; then
+                echo "Tag version does not match the source image version."
+                exit 1
+            fi
+            echo "tag=${{ env.REGISTRY }}concordium/${{ env.SERVICE_NAME }}-${SERVICE_TAG}" >> $GITHUB_OUTPUT
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          file: ./reproducible/build.Dockerfile
+          push: true
+          platforms: linux/amd64
+          tags: ${{ steps.meta.outputs.tag }}
+          build-args: |
+            source_image=${{ env.SOURCE_IMAGE_TAG }}