diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 55796e29cb446..3e5838f2a1501 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -701,6 +701,7 @@ jobs:
     runs-on: ${{ github.repository_owner == 'coder' && 'buildjet-8vcpu-ubuntu-2204' || 'ubuntu-latest' }}
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -724,6 +725,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push Linux amd64 Docker image
+        id: build_and_push
         run: |
           set -euxo pipefail
           go mod download
@@ -738,3 +740,21 @@ jobs:
             --version $version \
             --push \
             build/coder_linux_amd64
+
+          # Get commit sha to be used as package tag
+          new_package_tag=$(gh api repos/coder/coder/commits/main | jq -r '.sha[0:7]')
+
+          # Tag image with new package tag and push
+          docker tag ghcr.io/coder/coder-preview:main ghcr.io/coder/coder-preview:main-$new_package_tag
+          docker push ghcr.io/coder/coder-preview:main-$new_package_tag
+
+      - name: Prune old images
+        uses: vlaurin/action-ghcr-prune@v0.5.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          organization: coder
+          container: coder-preview
+          keep-younger-than: 7 # days
+          keep-tags-regexes: ^pr
+          prune-tags-regexes: ^main-
+          prune-untagged: true