diff --git a/.github/e2e/harbor/env b/.github/e2e/harbor/env
new file mode 100644
index 0000000..05ec459
--- /dev/null
+++ b/.github/e2e/harbor/env
@@ -0,0 +1,8 @@
+REGISTRY_FQDN=localhost:8081
+REGISTRY_USER=admin
+REGISTRY_PASSWORD=Harbor12345
+REGISTRY_SLUG=localhost:8081/test-docker-action/test-docker-action
+
+HARBOR_HOST=localhost
+HARBOR_PORT=8081
+HARBOR_PROJECT=test-docker-action
diff --git a/.github/e2e/harbor/install.sh b/.github/e2e/harbor/install.sh
new file mode 100755
index 0000000..d0a6af2
--- /dev/null
+++ b/.github/e2e/harbor/install.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+set -eu
+
+: "${HARBOR_VERSION:=v2.7.0}"
+: "${HARBOR_HOST:=localhost}"
+: "${HARBOR_PORT:=49154}"
+: "${REGISTRY_USER:=admin}"
+: "${REGISTRY_PASSWORD:=Harbor12345}"
+
+: "${HARBOR_PROJECT:=test-docker-action}"
+
+project_post_data() {
+  cat <<EOF
+{
+  "project_name": "$HARBOR_PROJECT",
+  "public": true
+}
+EOF
+}
+
+export TERM=xterm
+
+# download
+echo "::group::Downloading Harbor $HARBOR_VERSION"
+(
+  cd /tmp
+  set -x
+  wget -q "https://github.com/goharbor/harbor/releases/download/${HARBOR_VERSION}/harbor-offline-installer-${HARBOR_VERSION}.tgz" -O harbor-online-installer.tgz
+  tar xvf harbor-online-installer.tgz
+)
+echo "::endgroup::"
+
+# config
+echo "::group::Configuring Harbor"
+(
+  cd /tmp/harbor
+  set -x
+  cp harbor.yml.tmpl harbor.yml
+  harborConfig="$(harborHost="$HARBOR_HOST" harborPort="$HARBOR_PORT" harborPwd="$REGISTRY_PASSWORD" yq --no-colors '.hostname = env(harborHost) | .http.port = env(harborPort) | .harbor_admin_password = env(harborPwd) | del(.https)' harbor.yml)"
+  tee harbor.yml <<<"$harborConfig" >/dev/null
+  yq --no-colors harbor.yml
+)
+echo "::endgroup::"
+
+# install and start
+echo "::group::Installing Harbor"
+(
+  cd /tmp/harbor
+  set -x
+  ./install.sh
+  sleep 10
+  netstat -aptn
+)
+echo "::endgroup::"
+
+# compose config
+echo "::group::Compose config"
+(
+  cd /tmp/harbor
+  set -x
+  docker compose config
+)
+echo "::endgroup::"
+
+# create project
+echo "::group::Creating project"
+(
+  set -x
+  curl --fail -v -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -X POST -H "Content-Type: application/json" -d "$(project_post_data)" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects"
+)
+echo "::endgroup::"
+
+# list projects
+echo "::group::List projects"
+(
+  set -x
+  curl --fail -s -k --max-time 10 -u "$REGISTRY_USER:$REGISTRY_PASSWORD" -H "Content-Type: application/json" "http://$HARBOR_HOST:$HARBOR_PORT/api/v2.0/projects" | jq
+)
+echo "::endgroup::"
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index c249ccd..027cd4a 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -25,69 +25,119 @@ on:
 env:
   BUILDX_VERSION: latest
   BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
+  HARBOR_VERSION: v2.7.0
 
 jobs:
-  docker:
+  build:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         include:
           -
+            name: Docker Hub
             registry: ''
             slug: ghactionstest/ghactionstest
             username_secret: DOCKERHUB_USERNAME
             password_secret: DOCKERHUB_TOKEN
+            type: remote
           -
+            name: GitHub
             registry: ghcr.io
             slug: ghcr.io/docker-ghactiontest/test
             username_secret: GHCR_USERNAME
             password_secret: GHCR_PAT
+            type: remote
           -
+            name: GitLab
             registry: registry.gitlab.com
             slug: registry.gitlab.com/test1716/test
             username_secret: GITLAB_USERNAME
             password_secret: GITLAB_TOKEN
+            type: remote
           -
+            name: AWS ECR
             registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com
             slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action
             username_secret: AWS_ACCESS_KEY_ID
             password_secret: AWS_SECRET_ACCESS_KEY
+            type: remote
           -
+            name: AWS ECR Public
             registry: public.ecr.aws
             slug: public.ecr.aws/q3b5f1u4/test-docker-action
             username_secret: AWS_ACCESS_KEY_ID
             password_secret: AWS_SECRET_ACCESS_KEY
+            type: remote
           -
+            name: Google Artifact Registry
             registry: us-east4-docker.pkg.dev
             slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action
             username_secret: GAR_USERNAME
             password_secret: GAR_JSON_KEY
+            type: remote
           -
+            name: Google Container Registry
             registry: gcr.io
             slug: gcr.io/sandbox-298914/test-docker-action
             username_secret: GCR_USERNAME
             password_secret: GCR_JSON_KEY
+            type: remote
           -
+            name: Azure Container Registry
             registry: officialgithubactions.azurecr.io
             slug: officialgithubactions.azurecr.io/test-docker-action
             username_secret: AZURE_CLIENT_ID
             password_secret: AZURE_CLIENT_SECRET
+            type: remote
           -
+            name: Quay
             registry: quay.io
             slug: quay.io/crazymax/build-push-action
             username_secret: QUAY_USERNAME
             password_secret: QUAY_TOKEN
+            type: remote
+          -
+            name: Harbor
+            id: harbor
+            type: local
     steps:
       -
         name: Checkout
         uses: actions/checkout@v3
+      -
+        name: Set up env
+        if: matrix.type == 'local'
+        run: |
+          cat ./.github/e2e/${{ matrix.id }}/env >> $GITHUB_ENV
+      -
+        name: Set up BuildKit config
+        run: |
+          touch /tmp/buildkitd.toml
+          if [ "${{ matrix.type }}" = "local" ]; then
+            echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
+          fi
+      -
+        name: Set up Docker daemon
+        if: matrix.type == 'local'
+        run: |
+          if [ ! -e /etc/docker/daemon.json ]; then
+            echo '{}' | tee /etc/docker/daemon.json >/dev/null
+          fi
+          DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
+          sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
+          sudo service docker restart
+      -
+        name: Install ${{ matrix.name }}
+        if: matrix.type == 'local'
+        run: |
+          sudo -E bash ./.github/e2e/${{ matrix.id }}/install.sh
       -
         name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
         with:
-          images: ${{ matrix.slug }}
+          images: ${{ env.REGISTRY_SLUG || matrix.slug }}
           tags: |
             type=ref,event=branch
             type=ref,event=tag
@@ -100,17 +150,19 @@ jobs:
         uses: docker/setup-buildx-action@v2
         with:
           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
-          buildkitd-flags: --debug
+          config: /tmp/buildkitd.toml
+          buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
           driver-opts: |
             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+            network=host
       -
         name: Login to Registry
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
-          registry: ${{ matrix.registry }}
-          username: ${{ secrets[matrix.username_secret] }}
-          password: ${{ secrets[matrix.password_secret] }}
+          registry: ${{ env.REGISTRY_FQDN || matrix.registry }}
+          username: ${{ env.REGISTRY_USER || secrets[matrix.username_secret] }}
+          password: ${{ env.REGISTRY_PASSWORD || secrets[matrix.password_secret] }}
       -
         name: Build and push
         uses: ./
@@ -121,16 +173,14 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ matrix.slug }}:master
+          cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || matrix.slug }}:master
           cache-to: type=inline
       -
         name: Inspect image
-        if: github.event_name != 'pull_request'
         run: |
-          docker pull ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
-          docker image inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }}
+          docker pull ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
+          docker image inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }}
       -
         name: Check manifest
-        if: github.event_name != 'pull_request'
         run: |
-          docker buildx imagetools inspect ${{ matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'
+          docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || matrix.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'