diff --git a/.containerignore b/.containerignore
new file mode 100644
index 0000000..b1ff795
--- /dev/null
+++ b/.containerignore
@@ -0,0 +1,4 @@
+*
+!.git
+!pyproject.toml
+!updatebot.py
diff --git a/Containerfile b/Containerfile
new file mode 100644
index 0000000..db62ff4
--- /dev/null
+++ b/Containerfile
@@ -0,0 +1,43 @@
+FROM git.pyrocufflink.net/containerimages/dch-base AS build
+
+RUN --mount=type=cache,target=/var/cache \
+    microdnf install -y \
+        --setopt=install_weak_deps=0 \
+        git-core \
+        python3 \
+        python3-pip \
+        python3-wheel \
+    && :
+
+COPY . /app
+
+WORKDIR /app
+
+RUN python3 -m pip wheel .
+
+
+FROM git.pyrocufflink.net/containerimages/dch-base
+
+RUN --mount=type=cache,target=/var/cache \
+    microdnf install -y \
+        --setopt=install_weak_deps=0 \
+        git-core \
+        python3 \
+    && echo bot:x:25167:25167:bot:/home/bot:/bin/bash >> /etc/passwd \
+    && echo bot:x:25167: >> /etc/group \
+    && :
+
+RUN --mount=type=bind,src=/app,dst=/build,from=build \
+    python3 -m venv /app \
+    && /app/bin/python3 -m pip install --no-index -f /build updatebot \
+    && :
+
+USER 25167:25167
+
+ENTRYPOINT ["/app/bin/updatebot"]
+
+LABEL \
+    license=0BSD \
+    vendor='Dustin C. Hatch' \
+    version='0' \
+    name=updatebot