diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 192b04ab..fc505927 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -23,3 +23,10 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+
+  # A dependabot rule to bump the runner version
+  - package-ecosystem: "docker"
+    target-branch: main
+    directory: "/images/gh_runner"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index 43b8292b..9e01586a 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -29,6 +29,52 @@ on:
       - release-*
 
 jobs:
+  gh-runner-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        name: Check out code
+      - name: Calculate build vars
+        id: vars
+        run: |
+          if [ "${{github.event_name == 'pull_request'}}" = "true" ]; then
+            echo "IMAGE_PUSH=false" >> $GITHUB_ENV
+            echo "IMAGE_OUTPUTS=type=docker,dest=/tmp/k8s-test-infra-image.tar" >> $GITHUB_ENV
+            echo "IMAGE_PLATFORMS=linux/amd64" >> $GITHUB_ENV
+          else
+            echo "IMAGE_PUSH=true" >> $GITHUB_ENV
+            echo "IMAGE_OUTPUTS=type=registry,push=true" >> $GITHUB_ENV
+            echo "IMAGE_PLATFORMS=linux/amd64,linux/arm64" >> $GITHUB_ENV
+          fi
+          HOLODECK_VERSION=$(sed -n 's/.*holodeck:v\([0-9.]*\).*/\1/p' images/gh_runner/Dockerfile)
+          RUNNER_VERSION=$(sed -n 's/.*actions-runner:\([0-9.]*\).*/\1/p' images/gh_runner/Dockerfile)
+          echo "HOLODECK_VERSION=$HOLODECK_VERSION" >> $GITHUB_ENV
+          echo "RUNNER_VERSION=$RUNNER_VERSION" >> $GITHUB_ENV
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/nvidia/k8s-test-infra
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: ${{ env.IMAGE_PUSH }}
+          context: .
+          outputs: ${{ env.IMAGE_OUTPUTS }}
+          platforms: ${{ env.IMAGE_PLATFORMS }}
+          tags: ghcr.io/nvidia/k8s-test-infra:gh-runner-${{ env.HOLODECK_VERSION }}-${{ env.RUNNER_VERSION }}
+          file: ./images/gh_runner/Dockerfile
   devel-image:
     runs-on: ubuntu-latest
     strategy:
diff --git a/images/gh_runner/Dockerfile b/images/gh_runner/Dockerfile
new file mode 100644
index 00000000..b7f93c13
--- /dev/null
+++ b/images/gh_runner/Dockerfile
@@ -0,0 +1,27 @@
+# Cache Holodeck image
+FROM ghcr.io/nvidia/holodeck:v0.1.1 AS holodeck
+
+# https://github.com/actions/runner/blob/main/images/Dockerfile
+FROM ghcr.io/actions/actions-runner:2.317.0 AS runner
+
+USER root
+
+RUN apt-get update -y \
+  && apt-get install -y --no-install-recommends \
+  ca-certificates \
+  curl \
+  git \
+  make \
+  gpg \
+  iptables \
+  jq \
+  lsb-release \
+  python3 \
+  sudo \
+  unzip \
+  zip \
+  && rm -rf /var/lib/apt/lists/*
+
+COPY --from=holodeck /go/bin/holodeck /usr/local/bin/holodeck
+
+USER runner