diff --git a/Dockerfile b/Dockerfile
index a97e302..313724f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,9 +7,14 @@ LABEL "homepage" "https://github.com/pypa/gh-action-pypi-publish"
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
+COPY requirements .
 RUN \
-  pip install --upgrade --no-cache-dir pip-with-requires-python && \
-  pip install --upgrade --no-cache-dir --prefer-binary twine
+  PIP_CONSTRAINT=requirements/runtime-prerequisites.txt \
+    pip install --upgrade --no-cache-dir \
+      -r requirements/runtime-prerequisites.in && \
+  PIP_CONSTRAINT=requirements/runtime.txt \
+    pip install --upgrade --no-cache-dir --prefer-binary \
+      -r requirements/runtime.in
 
 WORKDIR /app
 COPY LICENSE.md .
diff --git a/requirements/runtime-prerequisites.in b/requirements/runtime-prerequisites.in
new file mode 100644
index 0000000..02a2071
--- /dev/null
+++ b/requirements/runtime-prerequisites.in
@@ -0,0 +1 @@
+pip-with-requires-python
diff --git a/requirements/runtime-prerequisites.txt b/requirements/runtime-prerequisites.txt
new file mode 100644
index 0000000..ae3e411
--- /dev/null
+++ b/requirements/runtime-prerequisites.txt
@@ -0,0 +1,12 @@
+#
+# This file is autogenerated by pip-compile with python 3.9
+# To update, run:
+#
+#    pip-compile --allow-unsafe --output-file=requirements/runtime-prerequisites.txt --resolver=backtracking --strip-extras requirements/runtime-prerequisites.in
+#
+pip-with-requires-python==1.0.1
+    # via -r requirements/runtime-prerequisites.in
+
+# The following packages are considered to be unsafe in a requirements file:
+pip==22.3.1
+    # via pip-with-requires-python
diff --git a/requirements/runtime.in b/requirements/runtime.in
new file mode 100644
index 0000000..af996cf
--- /dev/null
+++ b/requirements/runtime.in
@@ -0,0 +1 @@
+twine
diff --git a/requirements/runtime.txt b/requirements/runtime.txt
new file mode 100644
index 0000000..56bcb30
--- /dev/null
+++ b/requirements/runtime.txt
@@ -0,0 +1,70 @@
+#
+# This file is autogenerated by pip-compile with python 3.9
+# To update, run:
+#
+#    pip-compile --allow-unsafe --output-file=requirements/runtime.txt --resolver=backtracking --strip-extras requirements/runtime.in
+#
+bleach==5.0.1
+    # via readme-renderer
+certifi==2022.9.24
+    # via requests
+cffi==1.15.1
+    # via cryptography
+charset-normalizer==2.1.1
+    # via requests
+commonmark==0.9.1
+    # via rich
+cryptography==38.0.4
+    # via secretstorage
+docutils==0.19
+    # via readme-renderer
+idna==3.4
+    # via requests
+importlib-metadata==5.1.0
+    # via
+    #   keyring
+    #   twine
+jaraco-classes==3.2.3
+    # via keyring
+jeepney==0.8.0
+    # via
+    #   keyring
+    #   secretstorage
+keyring==23.11.0
+    # via twine
+more-itertools==9.0.0
+    # via jaraco-classes
+pkginfo==1.9.2
+    # via twine
+pycparser==2.21
+    # via cffi
+pygments==2.13.0
+    # via
+    #   readme-renderer
+    #   rich
+readme-renderer==37.3
+    # via twine
+requests==2.28.1
+    # via
+    #   requests-toolbelt
+    #   twine
+requests-toolbelt==0.10.1
+    # via twine
+rfc3986==2.0.0
+    # via twine
+rich==12.6.0
+    # via twine
+secretstorage==3.3.3
+    # via keyring
+six==1.16.0
+    # via bleach
+twine==4.0.1
+    # via -r requirements/runtime.in
+urllib3==1.26.13
+    # via
+    #   requests
+    #   twine
+webencodings==0.5.1
+    # via bleach
+zipp==3.11.0
+    # via importlib-metadata