diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml
new file mode 100644
index 0000000..b79bf46
--- /dev/null
+++ b/.github/workflows/build-artifacts.yml
@@ -0,0 +1,118 @@
+name: Build artifacts
+on:
+  push:
+    tags:
+      - v*
+  pull_request: {}
+
+jobs:
+  preflight:
+    timeout-minutes: 5
+    runs-on: ubuntu-22.04
+    outputs:
+      doit: ${{ steps.git-diff.outputs.diff != '' || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) }}
+      really: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}
+    steps:
+      - uses: actions/checkout@v3
+        if: ${{ github.event_name != 'push' && !startsWith(github.ref, 'refs/tags/v') }}
+
+      - uses: technote-space/get-diff-action@v5
+        if: ${{ github.event_name != 'push' && !startsWith(github.ref, 'refs/tags/v') }}
+        id: git-diff
+        with:
+          PATTERNS: |
+            .github/workflows/build-artifacts.yml
+
+      - run: |
+          echo "${{ steps.git-diff.outputs.diff }}"
+          echo "${{ steps.git-diff.outputs.diff == '' }}"
+          echo "${{ github.event_name == 'push' }}"
+          echo "${{ startsWith(github.ref, 'refs/tags/v') }}"
+          echo "${{ github.ref }}"
+          echo "${{ github.event_name }}"
+          echo "${{ steps.git-diff.outputs.diff != '' || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) }}"
+
+
+  agent:
+    timeout-minutes: 20
+    needs:
+      - preflight
+    runs-on: ubuntu-22.04
+    defaults:
+      run:
+        working-directory: ./
+    steps:
+
+###########
+########### PREREQUISITES
+###########
+
+      - uses: actions/checkout@v3
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        with:
+          fetch-depth: 0
+          lfs: true
+
+      - name: Install Go
+        uses: actions/setup-go@v3
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        with:
+          go-version: '1.20'
+
+      - id: go-cache-paths
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        run: |
+          echo "::set-output name=go-build::$(go env GOCACHE)"
+          echo "::set-output name=go-mod::$(go env GOMODCACHE)"
+
+      # shared with unit-tests-agent
+      - uses: actions/cache@v3
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        with:
+          path: |
+            ${{ steps.go-cache-paths.outputs.go-build }}
+            ${{ steps.go-cache-paths.outputs.go-mod }}
+          key: ${{ runner.os }}-agent-${{ hashFiles('agent/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-agent-
+
+###########
+########### BUILD
+###########
+
+      - name: Setup action variables
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        id: locals
+        run: |
+          echo "::set-output name=release_id::$(git describe --tags)"
+
+      - name: Build for Linux
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        env:
+          LDFLAGS_EXTRA: -s
+        run: |
+          make Linux
+
+      - name: Build Debian and RPM installer packages
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        env:
+          RELEASE_ID: ${{ steps.locals.outputs.release_id }}
+        run: |
+          cp ./guard-linux ./_packaging/nfpm/
+          cd ./_packaging/nfpm
+          make
+
+      - name: Setup artifact dir
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        run: |
+          mkdir ./agent-binaries
+          cp ./guard-linux ./agent-binaries/guard-linux-${{ steps.locals.outputs.release_id }}
+          cp ./_packaging/nfpm/guard-1*.rpm ./agent-binaries
+          cp ./_packaging/nfpm/guard_1*.deb ./agent-binaries
+
+      - name: Upload artifacts
+        if: ${{ needs.preflight.outputs.doit == 'true' }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: release
+          path: ./agent-binaries