diff --git a/.github/workflows/bake_update.yml b/.github/workflows/bake_update.yml
new file mode 100644
index 00000000..fb24d4fa
--- /dev/null
+++ b/.github/workflows/bake_update.yml
@@ -0,0 +1,67 @@
+name: Update PostgreSQL versions
+
+on:
+  schedule:
+    - cron: 0 0 * * 1
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: 'bash -Eeuo pipefail -x {0}'
+
+permissions: read-all
+
+jobs:
+  build:
+    name: Run update script
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          token: ${{ secrets.REPO_GHA_PAT }}
+
+      - name: Run update script
+        uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
+        with:
+          timeout_minutes: 15
+          max_attempts: 3
+          command: |
+            VERSIONS="$(
+            curl -Ss -q https://www.postgresql.org/versions.json \
+            | jq -r '[.[] | select(.supported == true) | .major + "." + .latestMinor]
+            | sort
+            | map("  \"" + . + "\"")
+            | join(",\n")' \
+            | sed '1i postgreSQLVersions = [' \
+            | sed '$a ]'
+            )"
+            printf '%s\n' "$VERSIONS" \
+            | sed -i '/^postgreSQLVersions = \[/,/^]/d;/^\/\/ PostgreSQL versions/r /dev/stdin' docker-bake.hcl
+
+      - name: Diff
+        run: |
+          git status
+          git diff
+
+      - name: Temporarily disable "include administrators" branch protection
+        if: ${{ always() && github.ref == 'refs/heads/main' }}
+        id: disable_include_admins
+        uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2
+        with:
+          access_token: ${{ secrets.REPO_GHA_PAT }}
+          branch: main
+          enforce_admins: false
+
+      - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
+        with:
+          author_name: CloudNativePG Automated Updates
+          author_email: noreply@cnpg.com
+          message: 'chore: update PostgreSQL versions'
+
+      - name: Enable "include administrators" branch protection
+        uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2
+        if: ${{ always() && github.ref == 'refs/heads/main' }}
+        with:
+          access_token: ${{ secrets.REPO_GHA_PAT }}
+          branch: main
+          enforce_admins: ${{ steps.disable_include_admins.outputs.initial_status }}
diff --git a/docker-bake.hcl b/docker-bake.hcl
index c642f9af..8b666149 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -20,6 +20,16 @@ now = timestamp()
 authors = "The CloudNativePG Contributors"
 url = "https://github.com/cloudnative-pg/postgres-containers"
 
+// PostgreSQL versions to build
+postgreSQLVersions = [
+  "13.22",
+  "14.19",
+  "15.14",
+  "16.10",
+  "17.6",
+  "18~beta3"
+]
+
 extensions = [
   "pgaudit",
   "pgvector",
@@ -32,14 +42,7 @@ target "default" {
       "minimal",
       "standard"
     ]
-    pgVersion = [
-      "13.22",
-      "14.19",
-      "15.14",
-      "16.10",
-      "17.6",
-      "18~beta3"
-    ]
+    pgVersion = postgreSQLVersions
     base = [
       // renovate: datasource=docker versioning=loose
       "debian:bookworm-slim@sha256:b1a741487078b369e78119849663d7f1a5341ef2768798f7b7406c4240f86aef",