diff --git a/.drone.yml b/.drone.yml
index bd1abcb..836081b 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -4,40 +4,56 @@ type: docker
 name: default
 
 steps:
-- name: cloudron build & update
-  image: fbartels/cloudron-cli
+- name: set version
+  image: golang:1.12
+  commands:
+  - "current_version=$(grep drone/drone: Dockerfile | cut -d' ' -f 2 | cut -d: -f 2)"
+  - timestamp=$(date +%s)
+  - echo -n "$current_version-$timestamp" > .tags
+- name: docker build
+  image: docker:dind
+  volumes:
+  - name: dockersock
+    path: /var/run
+  commands:
+  - docker ps -a
+  - docker build -t fbartels/com.github.drone:latest .
+- name: docker push
+  image: docker:dind
   volumes:
   - name: dockersock
     path: /var/run
   environment:
     DOCKER_USERNAME: {from_secret: DOCKER_USERNAME}
     DOCKER_PASSWORD: {from_secret: DOCKER_PASSWORD}
+  commands:
+  - current_version=$(cat .tags)
+  - docker tag fbartels/com.github.drone:latest fbartels/com.github.drone:$current_version
+  - echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
+  - docker push fbartels/com.github.drone:latest
+  - docker push fbartels/com.github.drone:$current_version
+  when:
+    branch:
+      - master
+    event:
+      exclude:
+      - pull_request
+- name: cloudron update
+  image: fbartels/cloudron-cli:latest
+  environment:
     CLOUDRON_SERVER: {from_secret: CLOUDRON_SERVER}
     CLOUDRON_TOKEN: {from_secret: CLOUDRON_TOKEN}
   commands:
-  - dockerize -wait file:///var/run/docker.sock -timeout 60s
-  - docker ps -a
-  - echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
-  - make build
-  - make update-ci
+  - current_version=$(cat .tags)
+  - cloudron update --server $CLOUDRON_SERVER --token $CLOUDRON_TOKEN --app drone --image fbartels/com.github.drone:$current_version
   when:
     branch:
-      include:
-      - master
-
-services:
-- name: docker
-  image: docker:dind
-  privileged: true
-  command: [ --storage-driver=aufs]
-  volumes:
-  - name: dockersock
-    path: /var/run
-  when:
-    branch:
-      include:
       - master
+    event:
+      exclude:
+      - pull_request
 
 volumes:
 - name: dockersock
-  temp: {}
+  host:
+    path: /var/run/
diff --git a/.gitignore b/.gitignore
index 46a29bd..f7809e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 .env
 runner/.env
+secrets.txt
+.tags
diff --git a/README.md b/README.md
index 1f13eea..3cdda91 100644
--- a/README.md
+++ b/README.md
@@ -44,13 +44,13 @@ drone info
 You can also run pipelines directly with the Drone CLI:
 
 ```bash
-drone exec --secret-file drone_secrets.yaml .drone.yml
+drone exec --secret-file secrets.txt .drone.yml
 ```
 
-A template for `drone-secrets.yaml`:
+A template for `secrets.txt`:
 
-```yaml
-slack_url: https://hooks.slack.com/services/xxxxxxxxxxxx
+```bash
+slack_url=https://hooks.slack.com/services/xxxxxxxxxxxx
 ```
 
 ### Adding secrets through CLI
diff --git a/helpers/cloudron-cli/Dockerfile b/helpers/cloudron-cli/Dockerfile
index 3769681..7ec5a75 100644
--- a/helpers/cloudron-cli/Dockerfile
+++ b/helpers/cloudron-cli/Dockerfile
@@ -1,5 +1,6 @@
-FROM plugins/docker:latest
-RUN apk add --no-cache jq make npm perl python
+FROM docker:dind
+# hadolint ignore=DL3018
+RUN apk add --no-cache jq make npm perl python3
 ENV DOCKERIZE_VERSION v0.6.1
 RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \
     tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz && \