diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100755
index 0000000..acf3469
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,97 @@
+name: Docker
+
+on:
+  push:
+    # Publish `master` as Docker `master` tag.
+    # See also https://github.com/crazy-max/ghaction-docker-meta#basic
+    branches:
+      - main
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+  pull_request:
+    # Run Tests when changes are made to the Docker file
+    paths:
+      - 'Dockerfile'
+
+  workflow_dispatch:
+
+jobs:
+  # Run image build test
+  test:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Run Build tests
+        run: docker build . --file Dockerfile
+
+  push:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2.1.6
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v4
+        with:
+          images: onaio/fhir-gateway-plugin
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push to Docker Image Repositories
+        uses: docker/build-push-action@v3
+        id: docker_build
+        with:
+          push: true
+          context: .
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      # Temp fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..e47722d
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,26 @@
+FROM maven:3.8.5-openjdk-17-slim as build
+
+RUN apt-get update \
+    && apt-get install -y nodejs npm \
+    && npm install -g n && n stable
+
+WORKDIR /app
+
+COPY plugins/src ./plugins/src
+COPY plugins/pom.xml ./plugins/
+COPY exec/src ./exec/src
+COPY exec/pom.xml ./exec/
+COPY pom.xml .
+
+RUN mvn --batch-mode package -Dlicense.skip=true -DskipTests -Dspotless.check.skip
+
+
+FROM gcr.io/distroless/java17-debian12:nonroot as default
+
+USER 65532:65532
+
+COPY --from=build /app/exec/target/opensrp-gateway-plugin-exec.jar /app/
+COPY resources/hapi_page_url_allowed_queries.json resources/hapi_page_url_allowed_queries.json
+COPY resources/hapi_sync_filter_ignored_queries.json resources/hapi_sync_filter_ignored_queries.json
+
+CMD ["/app/opensrp-gateway-plugin-exec.jar"]