diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..956f96f
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+FROM debian:12-slim as kubectl
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+    && rm -rf /var/lib/apt/lists/*
+RUN V="$(curl -sSL https://dl.k8s.io/release/stable.txt)" \
+    && curl -Lo /kubectl "https://dl.k8s.io/release/$V/bin/linux/amd64/kubectl"
+
+FROM debian:12-slim
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+COPY --from=kubectl --chmod=0755 /kubectl /usr/local/bin/
+COPY k8sdeploy.sh /usr/local/bin/
+RUN useradd -m app
+USER app
+ENTRYPOINT ["k8sdeploy.sh"]
diff --git a/README.md b/README.md
index 54e407c..4c20a30 100644
--- a/README.md
+++ b/README.md
@@ -1 +1 @@
-# checkout@v1
+# k8sdeploy@v1
diff --git a/action.yaml b/action.yaml
index 03caae3..8435ba3 100644
--- a/action.yaml
+++ b/action.yaml
@@ -9,11 +9,5 @@ inputs:
     description: Registry password
 
 runs:
-  using: composite
-  steps:
-    - name: k8sdeploy
-      run: ${{ gitea.action_path }}/k8sdeploy.sh
-      env:
-        ACTION_KUBECONFIG: ${{ inputs.kubeconfig }}
-        ACTION_REGISTRY_USERNAME: ${{ inputs.registry_username }}
-        ACTION_REGISTRY_PASSWORD: ${{ inputs.registry_password }}
+  using: docker
+  image: Dockerfile
diff --git a/k8sdeploy.sh b/k8sdeploy.sh
index 9532657..fc27005 100755
--- a/k8sdeploy.sh
+++ b/k8sdeploy.sh
@@ -9,19 +9,19 @@ REGISTRY="${IMAGEAPP%%/*}"
 NS="${GITHUB_REPOSITORY#*/}-${GITHUB_REF_NAME}"
 
 mkdir -p "$HOME/.kube/"
-echo "$ACTION_KUBECONFIG" > "$HOME/.kube/config"
+echo "$INPUT_KUBECONFIG" > "$HOME/.kube/config"
 kubectl get namespace "$NS" || kubectl create namespace "$NS"
 kubectl config set-context --current --namespace="$NS"
 
-if [ -n "$ACTION_REGISTRY_PASSWORD" ]; then
+if [ -n "$INPUT_REGISTRY_PASSWORD" ]; then
     kubectl get secret regcred \
         || kubectl create secret docker-registry regcred \
             --docker-server="$REGISTRY" \
-            --docker-username="$ACTION_REGISTRY_USERNAME" \
-            --docker-password="$ACTION_REGISTRY_PASSWORD"
+            --docker-username="$INPUT_REGISTRY_USERNAME" \
+            --docker-password="$INPUT_REGISTRY_PASSWORD"
 fi
 
-if [ "$GITHUB_REF_NAME" == prod ] || [ "$GITHUB_REF_NAME" == staging ]; then
+if [ "$GITHUB_REF_NAME" = prod ] || [ "$GITHUB_REF_NAME" = staging ]; then
     ./manifests/bin/prod.sh
 else
     ./manifests/bin/devel.sh