diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 5a7815f..a35b635 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -8,6 +8,10 @@ on:
   pull_request:
   workflow_dispatch:
 
+defaults:
+  run:
+    shell: bash -leoux pipefail {0}
+
 jobs:
   docker:
     runs-on: ubuntu-latest
@@ -26,12 +30,41 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64
+          load: true
+          tags: ghcr.io/${{ github.repository }}:test
+      - name: Check if changed
+        id: checkchanged
+        run: |
+          mkdir tmp
+          cd tmp
+
+          docker pull --platform linux/amd64 ghcr.io/${{ github.repository }}:latest || exit 0
+          img=$(docker create --platform linux/amd64 ghcr.io/${{ github.repository }}:latest)
+          docker export $img -o latest.tar
+          docker rm $img
+
+          img=$(docker create --platform linux/amd64 ghcr.io/${{ github.repository }}:test)
+          docker export $img -o test.tar
+          docker rm $img
+
+          mkdir test
+          mkdir latest
+          tar xf test.tar -C test
+          tar xf latest.tar -C latest
+          rm -rf {test,latest}/var/{log,cache}
+          if diff -q -r --no-dereference test latest; then
+            echo "CHECKEQUALS=true" >> "$GITHUB_OUTPUT"
+          fi
       - name: Build and push
         uses: docker/build-push-action@v5
+        if: github.event_name != 'pull_request' && steps.checkchanged.outputs.CHECKEQUALS != 'true'
         with:
           context: .
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ghcr.io/${{ github.repository }}:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max