diff --git a/.github/workflows/clean-dockerhub-tag.yaml b/.github/workflows/clean-dockerhub-tag.yaml
new file mode 100644
index 000000000..64be96a0f
--- /dev/null
+++ b/.github/workflows/clean-dockerhub-tag.yaml
@@ -0,0 +1,19 @@
+---
+name: Clean docker hub tags
+
+on: delete
+
+jobs:
+  clean:
+    runs-on: ubuntu-20.04
+    name: Clean docker hub tags
+    env:
+      SUMMON_PROVIDER: /usr/local/bin/gopass
+    steps:
+      - uses: actions/checkout@v1
+      - uses: camptocamp/initialise-gopass-summon-action@v1
+        with:
+          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
+          github-gopass-ci-token: ${{secrets.GITHUB_GOPASS_CI_TOKEN}}
+      - name: Clean docker hub tags
+        run: scripts/clean-dockerhub-tag
diff --git a/ci/clean-dockerhub-tag b/ci/clean-dockerhub-tag
new file mode 100755
index 000000000..9a9295b10
--- /dev/null
+++ b/ci/clean-dockerhub-tag
@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import json
+import os
+import subprocess
+import sys
+
+import requests
+
+
+def clean(image: str, tag: str, token: str) -> None:
+    print("Delete image '{image}:{tag}'.".format(image=image, tag=tag))
+
+    response = requests.head(
+        "https://hub.docker.com/v2/repositories/{image}/tags/{tag}/".format(image=image, tag=tag),
+        headers={"Authorization": "JWT " + token},
+    )
+    if response.status_code == 404:
+        return
+    if not response.ok:
+        print("Error checking image '{image}:{tag}' status.".format(image=image, tag=tag))
+        print(response.text)
+        sys.exit(2)
+
+    response = requests.delete(
+        "https://hub.docker.com/v2/repositories/{image}/tags/{tag}/".format(image=image, tag=tag),
+        headers={"Authorization": "JWT " + token},
+    )
+    if not response.ok:
+        print("Error on deleting tag: " + tag)
+        print(response.text)
+        sys.exit(2)
+
+
+def main() -> None:
+    token = requests.post(
+        "https://hub.docker.com/v2/users/login/",
+        headers={"Content-Type": "application/json"},
+        data=json.dumps(
+            {
+                "username": subprocess.check_call(["gopass", "gs/ci/dockerhub/username"]),
+                "password": subprocess.check_call(["gopass", "gs/ci/dockerhub/password"]),
+            }
+        ),
+    ).json()["token"]
+
+    with open(os.environ["GITHUB_EVENT_PATH"]) as event_file:
+        ref = json.loads(event_file.read())["ref"]
+
+    ref = ref.replace("/", "_")
+
+    clean("camptocamp/c2cwsgiutils", ref, token)
+
+
+if __name__ == "__main__":
+    main()