diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..a72b061
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,75 @@
+name: release-homecli
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Release version (e.g., 0.4.25)"
+        required: true
+        type: string
+      branch:
+        description: "Release branch"
+        required: true
+        type: choice
+        default: release/v0.4
+        options:
+          - release/v0.4
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write # to create tags and github releases
+
+    steps:
+      - name: Validate version format
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+        run: |
+          if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "::error::Version must be in format X.Y.Z (e.g., 0.4.25)"
+            exit 1
+          fi
+
+      - name: Checkout release branch
+        uses: actions/checkout@v4.1.1
+        with:
+          ref: ${{ github.event.inputs.branch }}
+          fetch-depth: 0
+
+      - name: Check if tag already exists
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+        run: |
+          if git rev-parse "v$VERSION" >/dev/null 2>&1; then
+            echo "::error::Tag v$VERSION already exists. Please use a different version."
+            exit 1
+          fi
+          echo "Tag v$VERSION does not exist, proceeding with release."
+
+      - name: Setup Golang
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache-dependency-path: go.sum
+
+      - name: Build binaries
+        env:
+          VERSION: ${{ github.event.inputs.version }}
+        run: |
+          chmod +x ./build.sh
+          ./build.sh "$VERSION"
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@4634c16e79c963813287e889244c50009e7f0981
+        with:
+          tag_name: "v${{ github.event.inputs.version }}"
+          name: "v${{ github.event.inputs.version }}"
+          target_commitish: ${{ github.event.inputs.branch }}
+          draft: false
+          generate_release_notes: true
+          files: |
+            bin/homecli_linux_amd64
+            bin/homecli_darwin_amd64
diff --git a/build.sh b/build.sh
index 4c1e424..2b41d1a 100755
--- a/build.sh
+++ b/build.sh
@@ -1,20 +1,70 @@
 #!/usr/bin/env sh
 
+set -e  # Exit on any error
+
 BUILD_VERSION=$1
 BUILD_TIME=$(date +'%Y-%m-%d_%T')
+
+echo "Building homecli version: ${BUILD_VERSION:-<no version specified>}"
+
 LD_FLAGS="-X main.BuildVersion=$BUILD_VERSION -X main.BuildTime=$BUILD_TIME"
 LD_FLAGS="$LD_FLAGS -s -w"
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_linux_amd64 cmd/homecli/*.go
-CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_darwin_amd64 cmd/homecli/*.go
 
-# Add UPX compression
+echo "Building Linux amd64 binary..."
+if ! CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_linux_amd64 cmd/homecli/*.go; then
+  echo "::error::Failed to build Linux binary"
+  exit 1
+fi
+
+echo "Building macOS amd64 binary..."
+if ! CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -ldflags="$LD_FLAGS" -o bin/homecli_darwin_amd64 cmd/homecli/*.go; then
+  echo "::error::Failed to build macOS binary"
+  exit 1
+fi
+
+# Add UPX compression (only on Linux, only for Linux binary)
+# UPX doesn't support macOS binaries and the Linux UPX binary can't run on macOS
+
+if [ "$(uname)" = "Linux" ]; then
+  echo "Compressing Linux binary with UPX..."
+  UPX_VERSION="${UPX_VERSION:-4.2.2}"
+  UPX_PLATFORM="${UPX_PLATFORM:-amd64_linux}"
+  # SHA256 checksum verified from official UPX 4.2.2 release
+  UPX_SHA256="915c8e844f835de03b9cc311ff185aedec79d757aee9d7133a528b9e89c463bb"
+
+  UPX_ARCHIVE="upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz"
+
+  if [ ! -d "upx-${UPX_VERSION}-${UPX_PLATFORM}" ]; then
+    echo "Downloading UPX ${UPX_VERSION}..."
+    if ! wget -q "https://github.com/upx/upx/releases/download/v${UPX_VERSION}/${UPX_ARCHIVE}"; then
+      echo "::error::Failed to download UPX"
+      exit 1
+    fi
+
+    echo "Verifying UPX checksum..."
+    ACTUAL_SHA256=$(sha256sum "$UPX_ARCHIVE" | cut -d' ' -f1)
+    if [ "$ACTUAL_SHA256" != "$UPX_SHA256" ]; then
+      echo "::error::UPX checksum verification failed!"
+      echo "Expected: $UPX_SHA256"
+      echo "Actual:   $ACTUAL_SHA256"
+      rm -f "$UPX_ARCHIVE"
+      exit 1
+    fi
+    echo "Checksum verified."
 
-UPX_VERSION="${UPX_VERSION:-4.2.2}"
-UPX_PLATFORM="${UPX_PLATFORM:-amd64_linux}"
+    if ! tar xf "$UPX_ARCHIVE" "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx"; then
+      echo "::error::Failed to extract UPX"
+      exit 1
+    fi
+  fi
 
-if [ ! -d "upx-${UPX_VERSION}-${UPX_PLATFORM}" ]; then
-  wget "https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz"
-  tar xf "upx-${UPX_VERSION}-${UPX_PLATFORM}.tar.xz" "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx"
+  if ! "upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" bin/homecli_linux_amd64; then
+    echo "::error::Failed to compress Linux binary with UPX"
+    exit 1
+  fi
+else
+  echo "Skipping UPX compression (not running on Linux)"
 fi
 
-"upx-${UPX_VERSION}-${UPX_PLATFORM}/upx" bin/*
+echo ""
+echo "Build completed successfully!"