diff --git a/.github/workflows/README.md b/.github/workflows/README.md
index 2b74c94..9cf40d3 100644
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -3,5 +3,6 @@
 - binder.yaml - Adds a Binder badge to Pull Requests that are newly opened
 - build.yaml - Build and push docker container images to a docker registry
 - conda-lock-command.yml - Refresh conda-lock files by writing `/condalock` in a Pull Request comment
+- retag.yml - Republish docker images originally tagged with a short hash using a new CalVer string
 - slash-command-dispatch.yml - ChatOps that looks for slash commands in Pull Requests to trigger automated scripts
 - test.yaml - Test building docker container images in a Pull Request
diff --git a/.github/workflows/retag.yml b/.github/workflows/retag.yml
new file mode 100644
index 0000000..8ad5ff6
--- /dev/null
+++ b/.github/workflows/retag.yml
@@ -0,0 +1,50 @@
+# Re-tag staging SHA-tagged image with git tag and 'latest'
+# tags can be anything, but typically calver string (2022.12.02)
+name: Retag
+on:
+  push:
+    tags:
+    - '*'
+
+env:
+  GITHUB_SHA: ${{ github.sha }}
+  GITHUB_REF: ${{ github.ref }}
+
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  retag-using-calver:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v3
+
+    # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
+    - name: Free up disk space
+      run: |
+        sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc
+        df -h
+
+    - name: Set Job Environment Variables
+      run: |
+        SHA12="${GITHUB_SHA::12}"
+        TAG="${GITHUB_REF##*/}"
+        echo "SHA12=${SHA12}" >> $GITHUB_ENV
+        echo "TAG=${TAG}" >> $GITHUB_ENV
+
+    - name: Login to Quay.io
+      uses: docker/login-action@v2
+      with:
+        registry: quay.io
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Pull Image for Corresponding GitHub Commit
+      run: docker pull quay.io/cryointhecloud/cryo-hub-image:${SHA12}
+
+    - name: Retag Images
+      run: docker tag cryointhecloud/cryo-hub-image:${SHA12} quay.io/cryointhecloud/cryo-hub-image:${TAG}
+
+    - name: Push Tags To Quay.io
+      run: docker push quay.io/cryointhecloud/cryo-hub-image:${TAG}