diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ada1b5d..928e48c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,22 @@ on:
   push:
     tags:
       - 'v*.*.*'
+  pull_request:
+    paths:
+      - '.goreleaser.yml'
+      - 'Dockerfile*'
+      - '.github/workflows/release.yml'
+      - 'go.mod'
+      - 'go.sum'
+      - 'cmd/**'
+      - 'internal/**'
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Run in dry-run mode (no publish)'
+        required: false
+        default: true
+        type: boolean
 
 permissions:
   contents: write
@@ -32,13 +48,15 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Run GoReleaser
+      - name: Run GoReleaser (Release)
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
         uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser
@@ -46,3 +64,13 @@ jobs:
           args: release --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run GoReleaser (Dry Run)
+        if: github.event_name == 'pull_request' || (github.event_name == 'workflow_dispatch' && inputs.dry_run)
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --snapshot --skip=publish --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 7390603..c26fd35 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -30,10 +30,12 @@ builds:
 archives:
   - id: default
     name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
-    format: tar.gz
+    formats:
+      - tar.gz
     format_overrides:
       - goos: windows
-        format: zip
+        formats:
+          - zip
     files:
       - LICENSE
       - README.md
@@ -42,7 +44,7 @@ checksum:
   name_template: 'checksums.txt'
 
 snapshot:
-  name_template: '{{ incpatch .Version }}-next'
+  version_template: '{{ incpatch .Version }}-next'
 
 changelog:
   sort: desc
@@ -86,42 +88,19 @@ release:
     go install github.com/l2D/azswitch/cmd/azswitch@{{ .Tag }}
     ```
 
-dockers:
-  - image_templates:
-      - 'ghcr.io/l2d/azswitch:{{ .Tag }}-amd64'
-    dockerfile: Dockerfile
-    use: buildx
-    build_flag_templates:
-      - '--pull'
-      - '--platform=linux/amd64'
-      - '--label=org.opencontainers.image.created={{.Date}}'
-      - '--label=org.opencontainers.image.title={{.ProjectName}}'
-      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
-      - '--label=org.opencontainers.image.version={{.Version}}'
-      - '--label=org.opencontainers.image.source={{.GitURL}}'
-    goarch: amd64
-
-  - image_templates:
-      - 'ghcr.io/l2d/azswitch:{{ .Tag }}-arm64'
-    dockerfile: Dockerfile
-    use: buildx
-    build_flag_templates:
-      - '--pull'
-      - '--platform=linux/arm64'
-      - '--label=org.opencontainers.image.created={{.Date}}'
-      - '--label=org.opencontainers.image.title={{.ProjectName}}'
-      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
-      - '--label=org.opencontainers.image.version={{.Version}}'
-      - '--label=org.opencontainers.image.source={{.GitURL}}'
-    goarch: arm64
-
-docker_manifests:
-  - name_template: 'ghcr.io/l2d/azswitch:{{ .Tag }}'
-    image_templates:
-      - 'ghcr.io/l2d/azswitch:{{ .Tag }}-amd64'
-      - 'ghcr.io/l2d/azswitch:{{ .Tag }}-arm64'
-
-  - name_template: 'ghcr.io/l2d/azswitch:latest'
-    image_templates:
-      - 'ghcr.io/l2d/azswitch:{{ .Tag }}-amd64'
-      - 'ghcr.io/l2d/azswitch:{{ .Tag }}-arm64'
+dockers_v2:
+  - images:
+      - 'ghcr.io/l2d/azswitch'
+    dockerfile: Dockerfile.goreleaser
+    tags:
+      - '{{ .Tag }}'
+      - '{{ if not .IsNightly }}latest{{ end }}'
+    platforms:
+      - linux/amd64
+      - linux/arm64
+    labels:
+      'org.opencontainers.image.created': '{{.Date}}'
+      'org.opencontainers.image.title': '{{.ProjectName}}'
+      'org.opencontainers.image.revision': '{{.FullCommit}}'
+      'org.opencontainers.image.version': '{{.Version}}'
+      'org.opencontainers.image.source': '{{.GitURL}}'
diff --git a/.mise.toml b/.mise.toml
index 939f37e..65847b1 100644
--- a/.mise.toml
+++ b/.mise.toml
@@ -5,6 +5,7 @@ azure-cli = "2.82.0"
 gitleaks = "8.24.3"
 go = "1.25.6"
 golangci-lint = "2.8.0"
+goreleaser = "2.13.3"
 pre-commit = "4.5.1"
 trivy = "0.68.2"
 yamlfmt = "0.21.0"
diff --git a/Dockerfile.goreleaser b/Dockerfile.goreleaser
new file mode 100644
index 0000000..a259d81
--- /dev/null
+++ b/Dockerfile.goreleaser
@@ -0,0 +1,26 @@
+# Dockerfile for GoReleaser - uses pre-built binary
+FROM mcr.microsoft.com/azure-cli:2.82.0
+
+LABEL org.opencontainers.image.title="azswitch"
+LABEL org.opencontainers.image.description="TUI for switching Azure tenants and subscriptions"
+LABEL org.opencontainers.image.source="https://github.com/l2D/azswitch"
+LABEL org.opencontainers.image.licenses="MIT"
+
+# Create non-root user
+RUN tdnf install -y shadow-utils && \
+    groupadd -g 1000 azswitch && \
+    useradd -u 1000 -g azswitch -d /home/azswitch -s /bin/sh -m azswitch && \
+    tdnf clean all
+
+# Copy pre-built binary from GoReleaser (dockers_v2 places binaries in $TARGETPLATFORM/)
+ARG TARGETPLATFORM
+COPY ${TARGETPLATFORM}/azswitch /usr/local/bin/azswitch
+
+# Set up Azure CLI cache directory with proper ownership
+RUN mkdir -p /home/azswitch/.azure && \
+    chown -R azswitch:azswitch /home/azswitch/.azure
+
+USER azswitch
+WORKDIR /home/azswitch
+
+ENTRYPOINT ["/usr/local/bin/azswitch"]