diff --git a/polkadot/.github/workflows/publish-docker-release.yml b/polkadot/.github/workflows/publish-docker-release.yml
index 8ccc605d9a..811849c561 100644
--- a/polkadot/.github/workflows/publish-docker-release.yml
+++ b/polkadot/.github/workflows/publish-docker-release.yml
@@ -14,12 +14,12 @@ jobs:
         uses: docker/setup-buildx-action@v1
       - name: Cache Docker layers
         uses: actions/cache@v2
-      - name: Login to Dockerhub
         with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
+      - name: Login to Dockerhub
         uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -29,10 +29,14 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           push: true
-          file: scripts/docker/Dockerfile.release
+          file: scripts/docker/release.Dockerfile
           tags: |
             parity/polkadot:latest
             parity/polkadot:${{ github.event.release.tag_name }}
+          build-args: |
+            POLKADOT_VERSION=${{ github.event.release.tag_name }}
+            VCS_REF=${{ github.ref }}
+            BUILD_DATE=${{ github.event.release.published_at }}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
       - name: Image digest
diff --git a/polkadot/scripts/docker/release.Dockerfile b/polkadot/scripts/docker/release.Dockerfile
index 517368ce2a..b4d3a786ec 100644
--- a/polkadot/scripts/docker/release.Dockerfile
+++ b/polkadot/scripts/docker/release.Dockerfile
@@ -3,6 +3,7 @@ FROM debian:buster-slim
 # metadata
 ARG VCS_REF
 ARG BUILD_DATE
+ARG POLKADOT_VERSION
 
 LABEL io.parity.image.authors="devops-team@parity.io" \
 	io.parity.image.vendor="Parity Technologies" \
@@ -18,21 +19,21 @@ ENV RUST_BACKTRACE 1
 
 # install tools and dependencies
 RUN apt-get update && \
-		DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \
-		DEBIAN_FRONTEND=noninteractive apt-get install -y \
+		DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
 			libssl1.1 \
 			ca-certificates \
 			curl \
 			gnupg && \
+		useradd -m -u 1000 -U -s /bin/sh -d /polkadot polkadot && \
 		gpg --recv-keys --keyserver hkps://keys.mailvelope.com 9D4B2B6EB8F97156D19669A9FF0812D491B96798 && \
 		gpg --export 9D4B2B6EB8F97156D19669A9FF0812D491B96798 > /usr/share/keyrings/parity.gpg && \
 		echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list && \
-		apt update && \
-		apt install polkadot && \
+		apt-get update && \
+		apt-get install -y --no-install-recommends polkadot=${POLKADOT_VERSION#?} && \
 # apt cleanup
 		apt-get autoremove -y && \
 		apt-get clean && \
-		find /var/lib/apt/lists/ -type f -not -name lock -delete
+		rm -rf /var/lib/apt/lists/*
 
 USER polkadot