diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml
new file mode 100644
index 0000000..8aa0061
--- /dev/null
+++ b/.github/workflows/update-dist.yml
@@ -0,0 +1,45 @@
+name: update-dist
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+
+jobs:
+  update-dist:
+    if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to push to the repository
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          persist-credentials: false
+      -
+        name: Build
+        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
+        with:
+          source: .
+          targets: build
+      -
+        name: Commit and push dist
+        uses: planetscale/ghcommit-action@a6b150b81dca5dd027baa898604418eec9e11465 # v0.2.22
+        with:
+          commit_message: "[dependabot skip] chore: update generated content"
+          repo: ${{ github.repository }}
+          branch: ${{ github.event.pull_request.head.ref }}
+          file_pattern: dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}