diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..cfba217
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,99 @@
+name: CI
+
+concurrency:
+  group: ci-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+  schedule:
+    - cron: "0 10 * * *" # ~2am PST
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        type: boolean
+        description: "Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)"
+        required: false
+        default: false
+
+env:
+  REGISTRY: ghcr.io
+  ORG: githedgehog
+
+jobs:
+  dockers:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+    #   - name: Set up QEMU
+    #     uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Context for Buildx
+        id: buildx-context
+        run: |
+          docker context create builders
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          endpoint: builders
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.ORG }}/toolbox
+          tags: |
+            type=ref,event=pr
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push (on master only) Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Setup tmate session for debug
+        if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
+        uses: mxschmitt/action-tmate@v3
+        timeout-minutes: 30
+        with:
+          limit-access-to-actor: true
+
+  dockers-results:
+    name: Docker Build/Publish Results
+    needs:
+      - dockers
+    if: ${{ always() }}
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - run: |
+          result="${{ needs.dockers.result }}"
+          if [[ $result == "success" || $result == "skipped" ]]; then
+            exit 0
+          else
+            exit 1
+          fi
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..89c5bca
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,3 @@
+FROM ubuntu:jammy
+
+RUN --mount=type=bind,source=packages.sh,target=/tmp/packages.sh /tmp/packages.sh
\ No newline at end of file
diff --git a/packages.sh b/packages.sh
new file mode 100755
index 0000000..25b8757
--- /dev/null
+++ b/packages.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -eux
+set -o pipefail
+
+APT_PACKAGES=(
+    curl
+    dhcping
+    ethtool
+    iperf3
+    iproute2
+    iputils-ping
+    net-tools
+    openssh-client
+    socat
+    tcpdump
+    wget
+)
+
+apt-get update -y \
+    && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes \
+    "${APT_PACKAGES[@]}" \
+    && apt-get clean autoclean \
+    && apt-get autoremove --yes \
+    && rm -rf /var/lib/apt/lists/*