diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index 6947259..0000000
--- a/.drone.yml
+++ /dev/null
@@ -1,89 +0,0 @@
----
-kind: pipeline
-name: default
-
-platform:
-  os: linux
-  arch: amd64
-
-workspace:
-  base: /go
-  path: src/github.com/nytimes/drone-gke
-
-go_config: &go_config
-  image: golang:1
-  pull: if-not-exists
-  environment:
-    GO111MODULE: on
-    GOPROXY: https://proxy.golang.org
-    CGO_ENABLED: 0
-
-slack_config: &slack_config
-  image: plugins/slack
-  pull: if-not-exists
-  settings:
-    channel: dv-cdp-alerts
-  environment:
-    SLACK_WEBHOOK:
-      from_secret: slack_webhook
-
-steps:
-- <<: *go_config
-  name: test
-  commands:
-  - go mod download
-  - go test -cover -vet all
-
-- <<: *go_config
-  name: build
-  commands:
-  - go build -a -ldflags "-X main.version=n/a -X main.rev=${DRONE_COMMIT}"
-  when:
-    branch:
-    - main
-
-- <<: *go_config
-  name: build_release
-  commands:
-  - go build -a -ldflags "-X main.version=${DRONE_TAG} -X main.rev=${DRONE_COMMIT}"
-  when:
-    event:
-    - tag
-
-- name: docker_build_test
-  image: plugins/docker
-  pull: if-not-exists
-  settings:
-    dry_run: true
-    dockerfile: Dockerfile
-    repo: nytimes/drone-gke
-  when:
-    event:
-    - pull_request
-
-- name: publish_release
-  image: plugins/docker
-  pull: if-not-exists
-  settings:
-    auto_tag: true
-    dockerfile: Dockerfile
-    repo: nytimes/drone-gke
-  environment:
-    DOCKER_PASSWORD:
-      from_secret: docker_password
-    DOCKER_USERNAME:
-      from_secret: docker_username
-
-- <<: *slack_config
-  name: slack
-  when:
-    branch:
-    - main
-
-- <<: *slack_config
-  name: slack_tag
-  when:
-    event:
-    - tag
-
-...
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..579c4fe
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,82 @@
+name: Go
+
+on:
+  push:
+    branches: [ "main" ]
+    tags:
+      - '*'
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  GO111MODULE: on
+  CGO_ENABLED: 0
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: write
+      checks: write
+      contents: write
+      deployments: write
+      id-token: write
+      issues: write
+      pull-requests: write
+      security-events: write
+      statuses: write
+      
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.19
+
+    - name: Test
+      run: |
+        go mod download
+        go test -cover -vet all
+        
+    - name: Build
+      run: |
+        go build -a -ldflags "-X main.version=${GITHUB_REF_NAME} -X main.rev=${GITHUB_SHA}"
+
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: nytimes/drone-gke
+        tags: |
+          type=raw,value=latest,enable={{is_default_branch}}
+          type=ref,event=tag
+        
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_TOKEN }}
+        
+    - name: Build and push
+      uses: docker/build-push-action@v4
+      with:
+        context: .
+        platforms: linux/amd64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        
+    - name: Send GitHub Action trigger data to Slack workflow
+      id: slack
+      uses: slackapi/slack-github-action@v1.23.0
+      if: ${{ github.event_name != 'pull_request' }}
+      with:
+        payload: |
+          {
+            "text": "GitHub Actions Build Result: ${{ job.status }}\n triggered_by: ${{ github.actor }}\n job url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n commit url: ${{ github.event.head_commit.url }}"
+          }
+      env:
+        # webhook for #dv-cdp-alerts
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 0000000..d098012
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,4 @@
+# As Security-hardening-for-github-actions best practices, make sure any changes to "./github/workflows" are approved
+# by project owners.
+
+./github/workflows @nytimes/delivery-engineering
diff --git a/README.md b/README.md
index a431632..ce35581 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Derive the API endpoints and credentials from the Google credentials and open th
 
 - Usage [documentation](DOCS.md)
 - Docker Hub [release tags](https://hub.docker.com/r/nytimes/drone-gke/tags)
-- Drone.io [builds](https://cloud.drone.io/nytimes/drone-gke)
+- GitHub Actions Workflow [runs](https://github.com/nytimes/drone-gke/actions)
 - Contributing [documentation](.github/CONTRIBUTING.md)
 
 ## Releases and versioning