diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dc6c35fbe195b6f5e58c7cc69aa3d1b54555d838..18e9e2f4b6d17a4b8699a8079fb2530fe35cccb3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,9 +5,54 @@ build:
     - linux
   variables:
     IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
+    PARENT_IMAGE: searxng/searxng:latest
   script:
     - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
-    - docker build -t $IMAGE_TAG .
-    - docker push $IMAGE_TAG
+    - apk add curl jq
+    - docker pull $PARENT_IMAGE
+    - TAG_HASH=`docker image inspect searxng/searxng:latest | jq .[0].RepoDigests[0] | sed 's/"\(searxng\/searxng\)@\(.*\)"/\2/'`
+    - docker build --no-cache --build-arg SEARXNGIMAGE=${TAG_HASH} -t $IMAGE_TAG .
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        docker push $IMAGE_TAG
+      fi
   rules:
     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+      when: never
+
+build:schedule:
+  stage: build
+  tags:
+    - docker
+    - linux
+  variables:
+    IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
+    PARENT_IMAGE: searxng/searxng:latest
+  script:
+    - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
+    - apk add curl jq
+    - docker pull $IMAGE_TAG
+    - LOCAL_IMAGE=`docker image inspect $IMAGE_TAG | jq -r '.[0].Config.Labels."eu.monobear.searxng.upstream"'`
+    - echo "Local image upstream tag is $LOCAL_IMAGE"
+    - DOCKER_HUB_TOKEN=`curl 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:searxng/searxng:pull' | jq -r '.access_token'`
+    - |
+      REMOTE_ETAG=`curl --head --oauth2-bearer "$DOCKER_HUB_TOKEN" -i 'https://index.docker.io/v2/searxng/searxng/manifests/latest' | grep 'etag:' | sed 's/etag: "\(.*\)"/\1/'`
+      REMOTE_ETAG=${REMOTE_ETAG//$'\r'/}
+      echo "Remote tag is $REMOTE_ETAG"
+    - |
+      if [[ "$REMOTE_ETAG" != "$LOCAL_IMAGE" ]]; then
+        echo "Pull ${PARENT_IMAGE} as differ"
+        docker pull $PARENT_IMAGE
+        TAG_HASH=`docker image inspect searxng/searxng:latest | jq .[0].RepoDigests[0] | sed 's/"\(searxng\/searxng\)@\(.*\)"/\2/'`
+        echo "New hash for base: ${TAG_HASH}"
+        docker build --no-cache --build-arg SEARXNGIMAGE=${TAG_HASH} -t $IMAGE_TAG .
+        if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+          docker push $IMAGE_TAG
+        fi
+      else
+        echo "Tags are same"
+      fi
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "schedule"
diff --git a/Dockerfile b/Dockerfile
index 8817e3677726ef173567695a7ece27816ea9d490..639bf593bb5b069f0a55fa8c98448b6a9490134e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,9 @@
-FROM  searxng/searxng:latest
+ARG SEARXNGIMAGE
+FROM searxng/searxng@${SEARXNGIMAGE}
+
+ARG SEARXNGIMAGE
+MAINTAINER Lukas Schreiner <dev@lschreiner.de>
+LABEL eu.monobear.searxng.upstream=${SEARXNGIMAGE}
 RUN apk add git && \
     pip3 install --break-system-packages --no-cache git+https://git.monobear.eu/monobear/searxng/searxng-qrcode.git && \
     apk del git && \