diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..91e2a8e82
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,30 @@
+# .gitignore
+*.exe
+*.swp
+.DS_Store
+.coverage/
+.idea/
+.vimrc
+.vscode/
+_dist/
+bin/
+vendor/
+# Ignores charts pulled for dependency build tests
+cmd/helm/testdata/testcharts/issue-7233/charts/*
+
+# .dockerignore
+.git/
+.circleci/
+.github/
+scripts/
+testdata/
+dist/
+.dockerignore
+.gitignore
+.goreleaser.yaml
+*.md
+KEYS
+LICENSE
+OWNERS
+Dockerfile
+Makefile
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0a32365db..95c8d1397 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -51,6 +51,17 @@ jobs:
           connection_string: ${{ secrets.AZURE_STORAGE_CONNECTION_STRING }}
           extra_args: '--pattern helm-*'
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # pin@3.0.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build Docker images
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # pin@5.0.0
+        with:
+          args: release --clean
+
   canary-release:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
diff --git a/.gitignore b/.gitignore
index d1af995a3..65d7b4b6d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
 .vimrc
 .vscode/
 _dist/
+dist/
 bin/
 vendor/
 # Ignores charts pulled for dependency build tests
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
new file mode 100644
index 000000000..a559e1433
--- /dev/null
+++ b/.goreleaser.yaml
@@ -0,0 +1,79 @@
+archives:   # goreleaser should only build Docker images
+  - format: binary # https://goreleaser.com/customization/archive/#disable-archiving
+builds:
+  - env:
+      - CGO_ENABLED=0
+      - GOFLAGS=-trimpath
+      - GO111MODULE=on
+    binary: helm
+    main: ./cmd/helm
+    ldflags:
+      - -s -w -X main.build={{.Version}} -extldflags "-static"
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm64
+dockers:
+  - image_templates:
+      - "helm/helm:{{ .Version }}-amd64"
+      - "helm/helm:{{ .Major }}.{{ .Minor }}-amd64"
+      - "helm/helm:{{ .Major }}-amd64"
+      - "helm/helm:latest-amd64"
+    use: buildx
+    skip_push: false
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.description=The Kubernetes Package Manager"
+      - "--label=org.opencontainers.image.licenses=Apache-2.0"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--build-arg=BUILDKIT_MULTI_PLATFORM=1"
+  - image_templates:
+      - "helm/helm:{{ .Version }}-arm64"
+      - "helm/helm:{{ .Major }}.{{ .Minor }}-arm64"
+      - "helm/helm:{{ .Major }}-arm64"
+      - "helm/helm:latest-arm64"
+    use: buildx
+    skip_push: false
+    goarch: arm64
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.description=The Kubernetes Package Manager"
+      - "--label=org.opencontainers.image.licenses=Apache-2.0"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--build-arg=BUILDKIT_MULTI_PLATFORM=1"
+docker_manifests:
+  - id: patch
+    name_template: "helm/helm:{{ .Version }}"
+    image_templates:
+      - "helm/helm:{{ .Version }}-amd64"
+      - "helm/helm:{{ .Version }}-arm64"
+    skip_push: false
+    use: docker
+  - id: minor
+    name_template: "helm/helm:{{ .Major }}.{{ .Minor }}"
+    image_templates:
+      - "helm/helm:{{ .Version }}-amd64"
+      - "helm/helm:{{ .Version }}-arm64"
+    skip_push: false
+    use: docker
+  - id: major
+    name_template: "helm/helm:{{ .Major }}"
+    image_templates:
+      - "helm/helm:{{ .Version }}-amd64"
+      - "helm/helm:{{ .Version }}-arm64"
+    skip_push: false
+    use: docker
+  - id: latest
+    name_template: "helm/helm:latest"
+    image_templates:
+      - "helm/helm:{{ .Version }}-amd64"
+      - "helm/helm:{{ .Version }}-arm64"
+    skip_push: false
+    use: docker
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..d7c887fd1
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+FROM alpine:3.18.4 AS base
+
+RUN addgroup -g 1000 -S helm && adduser -u 1000 -S helm -G helm
+
+#NOSONAR docker:S6596 Sonar bug: virtual scratch image doesn't have any tags, not even :latest
+# And Sonar doesn't process "trailing" comments in multi-stage Dockerfiles or parser directives like "# syntax=docker/dockerfile:1":
+# https://docs.sonarsource.com/sonarcloud/advanced-setup/languages/docker/#no-nosonar-support
+FROM scratch
+
+COPY --chmod=0444 --from=base /etc/passwd /etc/group /etc/
+COPY --chmod=0555 --chown=1000:1000 helm /bin/helm
+
+USER helm
+WORKDIR /in
+WORKDIR /out
+
+ENTRYPOINT ["/bin/helm"]
diff --git a/Makefile b/Makefile
index d61ac1507..938f40ca1 100644
--- a/Makefile
+++ b/Makefile
@@ -26,6 +26,8 @@ LDFLAGS     := -w -s
 GOFLAGS     :=
 CGO_ENABLED ?= 0
 
+GORELEASER_FLAGS ?= --clean
+
 # Rebuild the binary if any of these files change
 SRC := $(shell find . -type f -name '*.go' -print) go.mod go.sum
 
@@ -178,6 +180,10 @@ dist:
 		$(DIST_DIRS) zip -r helm-${VERSION}-{}.zip {} \; \
 	)
 
+.PHONY: goreleaser
+goreleaser:
+	goreleaser release $(GORELEASER_FLAGS)
+
 .PHONY: fetch-dist
 fetch-dist:
 	mkdir -p _dist
diff --git a/README.md b/README.md
index b279d6af8..9f01717f7 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,20 @@ To rapidly get Helm up and running, start with the [Quick Start Guide](https://h
 See the [installation guide](https://helm.sh/docs/intro/install/) for more options,
 including installing pre-releases.
 
+## Docker
+Package subdirectory mychart:
+```shell
+docker run --rm -v $PWD:/out helm/helm package mychart
+```
+Package /tmp/mychart (outside of working directory):
+```shell
+docker run --rm -v /tmp:/in -v $PWD:/out helm/helm package /in/mychart
+```
+Integrate helm binary into own Dockerfile for CI workflow:
+```dockerfile
+COPY --from=helm/helm --chown=1000:1000 --chmod=0555 /bin/helm /usr/local/bin/
+```
+
 ## Docs
 
 Get started with the [Quick Start guide](https://helm.sh/docs/intro/quickstart/) or plunge into the [complete documentation](https://helm.sh/docs)