diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..4120a1c
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,63 @@
+name: Build Unifont
+
+permissions:
+  # Required for uploading artifacts
+  actions: write
+
+on:
+  workflow_dispatch:
+    inputs:
+      unifont_version:
+        description: 'The Unifont version to build (example: 15.1.01)'
+        required: true
+        type: string
+
+jobs:
+  build:
+    name: Unifont BMP TTF
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+
+      - name: Install required dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -yq --no-install-recommends fontforge
+
+      - name: Download and verify Unifont v${{ inputs.unifont_version }}
+        run: |
+          readonly BASE_URL='https://unifoundry.com/pub/unifont/unifont-${{ inputs.unifont_version }}'
+          readonly SOURCE_TARBALL_NAME='unifont-${{ inputs.unifont_version }}.tar.gz'
+
+          echo "> Fetching Unifont source tarball and its signature..."
+          curl -o unifont.tar.gz "$BASE_URL/$SOURCE_TARBALL_NAME"
+          curl -o unifont.tar.gz.sig "$BASE_URL/$SOURCE_TARBALL_NAME.sig"
+
+          # Verify according to the instructions at https://unifoundry.com/verify/index.html
+          # with a known-good keyring at this repository
+          echo "> Asserting Unifont source tarball provenance..."
+          echo "Creating root of trust key"
+          gpg --batch --quick-generate-key --passphrase '' '41898282+github-actions[bot]@users.noreply.github.com'
+          echo "> Importing expected Unifoundry signing keys from unifoundry-keys.gpg"
+          gpg --batch --import unifoundry-keys.gpg
+          echo "> Extending trust to Unifoundry signing keys by signing with root of trust key"
+          gpg --list-keys --with-colons | awk -F: '/^fpr:/ { print $10 }' | while read -r key_fingerprint; do
+            gpg --batch --expert --quick-lsign "$key_fingerprint" || true
+          done
+          echo "> Verifying Unifont source tarball signature"
+          gpg --batch --verify unifont.tar.gz.sig unifont.tar.gz
+
+      - name: Extract and build Unifont BMP TTF
+        run: |
+          tar -xf unifont.tar.gz
+          mv 'unifont-${{ inputs.unifont_version }}' unifont
+          make -C unifont/font truetype
+
+      - name: Upload generated Unifont BMP TTF as artifact
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
+        with:
+          name: Unifont BMP TTF
+          path: unifont/font/compiled/unifont-${{ inputs.unifont_version }}.ttf
diff --git a/unifoundry-keys.gpg b/unifoundry-keys.gpg
new file mode 100644
index 0000000..72b5081
--- /dev/null
+++ b/unifoundry-keys.gpg
@@ -0,0 +1,65 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFI9G/MBEADSuYOMN3qajJihjXpO6JQ/rpxQOSwpwUglG7gPej1krh8QkpPy
+GE5AydjgsMFSES1Hk1KkwSkULPYaR+omEBFBC6ZSM8li7HyPw1x6cJejY5uZ6NXu
+ryvmnJBQ3cb0dBhCZGMVt3qDv8KRZ3fB1GwOPF2M4oH04HFHBkxBmcpCDj/7f2sO
+6BcRvqKlhGjm+w6jzyDgAvxpri/PvKsN+Os70DwOw3JzEegDrhoaW2V55v+ycXXK
+KRnRemBBRkM5yDtsRsrsNAWZhh9Kak2bV36Rv549+oLIvkt32e7Xeezgx5guVD1w
+/+oa+25ZUKwqLYvfA1cfb8wH93yR1Xy2tWoasN3XP7legHt2YsGIu5QDg9Bq1oQ+
+Z1uNUYnLBYumjdlofThqAQwYxQ23DuWczAUaLZUc72r/iAN3rDLaW4rt3XpN+5fo
+yHV8BKRWQ/kMRlRTQADolClHog2bavj0FxYqwfChLHl9INsi2uDnzEgJWdstKq7J
+3s1KRxhCt7i+D+K2ICZZMyuW0SD+N81V8gVXtAuCNvTj8kzYOaSUyn8kjJklVLwV
+wo3s2xSSMI4sZAwdPkwGiet+aqPn6AemGxsmmWONVpXCP9bkezvPDAVrVYRlZDtm
+8JAQ6sTjq/z/wAAPrwNIagxKmvzpRJe/WikWBBEDzaONwGIBrRnIqJGndwARAQAB
+tCZQYXVsIEhhcmR5IDx1bmlmb3VuZHJ5QHVuaWZvdW5kcnkuY29tPokCWAQTAQoA
+QgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4ACGQEWIQSV0umrh0DYBGOH/RUa
+CSJ7H0NaMwUCYjYhRAUJGV8G0QAKCRAaCSJ7H0NaM7LvD/sEMAgz4Xnzzv1TA17Y
+gVCsDm2CM8BFSztG5VfeFOguhcoQHvh1Y7Bko+oMwMBbo8+mWIb/Zcm3/BVMSmSn
+h3WfT0dEQOkK6n4gm0XHCKfG77hvna7zDmbNp77+T3jGLaXrcS9Wcal5sBmxuFFc
+Pum36lZBD0mf2NqVWuZBujtA6pPuSs5t4NaU/N+3bZrbjtmqIKqurKQQVS4aU7Jn
+K6jkPYTjjG3ivJZvZcp9KxukrMbe3Dr2S1yQUPuwgPzu2W8UbM9OuAalXxv8yOSg
+2JnXWuhHPG/LWIYXnzZcDYMEKK5acpWjs8fqNTi7IukH/EZoNSB2YwlvwojV3EVl
+7x2kmvamcUJNmJaQg6jYCIMyAfTXsz7lsm/Ij+fqdSiwfysBpq9qPxtClrHt5y3t
+cGtaAxVwKWIybBf8azmb2HSSXt3YQDdfGpHJ7dFVZeDRcLFP6WiU/hmDDcHRRd9G
+NbTKl6YMLC/F+h+oLJGWtIz9vQAdpCAekr8EsUi8yU6smjZboceaTI+R7iBlrZe+
+ampb3q31e3RHrrSPv3CjkI82R8spWdH+KxIc9qlPte6E36HPOdEj70ekMnfQzJQG
+hEDJ6/8AjBbZm4n7+zSZVOit2R3zDlYPE7Q5gcTE+FN7f7mAXgV77a15wSiXV+LW
+WXTf9lmppFOulvaszUGkS4eTfrQhUGF1bCBIYXJkeSA8dW5pZm91bmRyeUBnbWFp
+bC5jb20+iQJVBBMBCgA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBJXS
+6auHQNgEY4f9FRoJInsfQ1ozBQJiNiFEBQkZXwbRAAoJEBoJInsfQ1ozKI0P/izG
+E3W/2c8ikWXMZR2lHuf1VgHGc2pEbOQws63Cb8EJGpykOFDyatLItdJgnuuLKJLe
+3anqT40x/XOnAaaDLcolY5nZaEdyBnG9hXG1x9HT5lQQr9V0GRiSyIVMpRMuYDba
+85axMM9rFsRvfuszjIIAleBgSwyX4IH6XrxMmSr08KtguixFpRCS5Wz9Zgm3JTKc
+kyGiDWSZhvMZ7+lQxQGS6tpjEgqi9qdlgy1EtcUSWjgoyiAhgYt+J4OHStu/bLAr
+X7X1Ivyk0TxIKLlB3isjHsiqNovKbSXJw3zwtwaef9rfYEBWaf1Qa4iiBPpCDyvF
+HxA8pNzWadDZ+1vPWcWBrz96nDC+Dwu6dXoAVYnDrBWoVgc2fX6+Gas3esinxgUM
+UsBDfbGk+LsxLHbWZQocyPvaX0ms81UbBgibt62ZwevKq/9+BtUzF3S0MHoiF4C1
+iofqtQgOp7bRVzo/cLt+i2rwaXaNWaZBUciF3wEQMM+bpBYagFK0iuGExEGrlBJH
+SiDtuHJ9bxueN9wpILRtjhXjn5s3g4hBM0GYvRS6Se6T94kpuLBJXX8/BHN3hrIZ
+vFR9cnfkSAcay3sDd8YG1ZMtbcz3o7rR2c4xgKmsbI1TAF0289u0dZUggrGpt5vg
+9rAXde2DOCxIR3U7Q1rRcWjRbqWseNk7tUg4w5KHuQINBFI9HTQBEAC9cuBfOGba
+uA+M/8bUN8PIxr0N0ImbTHUxf8P+o1sLxoMOiirK13s4uS/WXtyc6/47w0XmWoQt
+v/Kc2khfDFyTVnLeU1NYHG45+WRobxsaDu6sKo1EJZhmy6L0kFUSDSmcpT6i9N+O
+plWjAbkUUX63Y1G13yk4J1X5fD9VWqLNyokNmC6dwnJfzHlhlQHOuEUQtNHeJhfQ
+NkE4ixaP3ZXwdTONNau7YKoYekqumf3CwynUD0YKeLBubU+YKcva9vJy7p4/9eQu
+UE+xvfNhzH2rEjgbOgbCDN5aupWe44dV0PcJ8FOTP95mbKNW1H5HnD1f4gx8IFJi
+bgi7zObriQUmqLsBDWF8FvIhiTudRzqZURaKDYUBBveVDD9XHzlnjA56XsPUoEE5
+vHY+sA0STBLdh4ROf7rUYOHLGkBL9U3wVbd9YhGzY5nUQCTl5bH3Jimy3RnNwHWb
+cs3hWYUZSacJnhrbNgrC7e0BPf0z+ZzfV9UAYnADTwwWxyqup/RSKtB59PNCB0a1
+0iTmMEW3fSKIXdCEqaqINjCDGzvJiitCbkUlDViil+jyhDypZLAZGG1Bf+dKSWM6
+O94U7l8/Ycc18lrv/ZNLyuDVjd+RCD0+44lDd9lD8V1hUmvqg+rg+MF5LPO/hR07
+a7mpBqdto5KC/0KqlJNnNOZWV6cbSYGaWQARAQABiQI8BBgBCgAmAhsMFiEEldLp
+q4dA2ARjh/0VGgkiex9DWjMFAmI2IUoFCRlfBZYACgkQGgkiex9DWjOwgA//S7gm
+Bq8hFesEsrb1JE59ahY3RtvIJfp+bBLo7f1ZEVPGmF8OK+wlZhEg+2scN3QzZvBv
+AYlHYBplIgsUi3eNLUh7x80GQIDfjMU5pZ0DJG/e97f6zv11rIfCsvnkUp+9dmu2
+LR+k97rujrobUHjl8mlWOhbb3S5I3f6CF8UViHwKHfYzPWQLMFMvabmWbmIVXQuX
+ocJCz9sWrJpqWgGuMjcMfo07IiFan2fHptF2K5i5LQV/S0sAykXZcHiME6bxa6TA
+3GqjgOaQnEZfhu1pSEOS9asVCCPMyCIYdrrmx3eQ0z7qxLxxtzEVn/JWprZqCSzQ
+tcPn8591obaAXzF8ddJ0wJ2nxKUhy3H8jhSaJMEZKBrikhZIiC/5NY4OuRYaIjFe
+CpfrRULYTUciEl7EViJdNwBJxr1mgXc+DZioxkOg2C+Yya6yL9zewgsFvR/D7zT3
+Z5YeLSpdfz9BRV2ys8sRHBCqFmn3E/8KV5lYUDWD1YhAN1uTkeZMy2oa1Eqf2Hdj
+zesutlS4FGk+BeGqHrj6J+MfVT7FsW0u+3BraB8ojQ0+QbPxku0RF4bIC9b/AkEN
+th6zWJDmOrY7mTlXmdEYe0s6hwc8kWSt/WuQvd+Gg1MkA1uBNekEq6jK3gPV9z5g
+5FvYNgYvjGGpyMBuulIcw82FGG5Jogf1q6n5l4E=
+=nbqX
+-----END PGP PUBLIC KEY BLOCK-----