diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..7eb88e91
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,32 @@
+# This is the build stage for appchain. Here we create the binary in a temporary image.
+FROM docker.io/paritytech/ci-linux:production as builder
+
+WORKDIR /appchain
+COPY . /appchain
+
+RUN cargo build --locked --release
+
+# This is the 2nd stage: a very small image where we copy the appchain binary."
+FROM docker.io/library/ubuntu:20.04
+
+COPY --from=builder /appchain/target/release/debio /usr/local/bin
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y ca-certificates && update-ca-certificates
+
+RUN useradd -m -u 1000 -U -s /bin/sh -d /appchain appchain && \
+	mkdir -p /data /appchain/.local/share && \
+	chown -R appchain:appchain /data && \
+	ln -s /data /appchain/.local/share/appchain && \
+# unclutter and minimize the attack surface
+	rm -rf /usr/bin /usr/sbin && \
+# check if executable works in this container
+	/usr/local/bin/debio --version
+
+USER appchain
+
+EXPOSE 30333 9933 9944 9615
+VOLUME ["/data"]
+
+ENTRYPOINT ["/usr/local/bin/debio"]
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
new file mode 100644
index 00000000..638c5427
--- /dev/null
+++ b/cloudbuild.yaml
@@ -0,0 +1,8 @@
+steps:
+- name: 'gcr.io/cloud-builders/docker'
+  args: [ 'build', '-t', 'us-central1-docker.pkg.dev/$PROJECT_ID/octopus-appchains/$REPO_NAME', '.' ]
+images:
+- 'us-central1-docker.pkg.dev/$PROJECT_ID/octopus-appchains/$REPO_NAME'
+timeout: 1800s
+options:
+  machineType: 'E2_HIGHCPU_32'