diff --git a/.containerignore b/.containerignore
new file mode 100644
index 0000000..5fda93c
--- /dev/null
+++ b/.containerignore
@@ -0,0 +1,2 @@
+/target
+Containerfile
diff --git a/.gitea/workflows/container.yaml b/.gitea/workflows/container.yaml
new file mode 100644
index 0000000..e48b3fd
--- /dev/null
+++ b/.gitea/workflows/container.yaml
@@ -0,0 +1,12 @@
+name: Build Multiarch Container Image
+on: [push]
+jobs:
+  call-reusable-workflow:
+    uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main
+    with:
+      repository: ${{ gitea.repository }}
+      ref_name: ${{ gitea.ref_name }}
+      sha: ${{ gitea.sha }}
+      registry_url: ${{ secrets.REGISTRY_URL }}
+      registry_user: ${{ secrets.REGISTRY_USER }}
+      registry_pw: ${{ secrets.REGISTRY_PW }}
diff --git a/Containerfile b/Containerfile
new file mode 100644
index 0000000..8e9d9f8
--- /dev/null
+++ b/Containerfile
@@ -0,0 +1,29 @@
+FROM docker.io/rust:1-alpine3.20 AS builder
+
+RUN mkdir /tmp/tmp
+RUN echo "hesinde:x:2222:2222:Linux User,,,:/:/app" > /passwd
+
+RUN apk --no-cache add \
+  musl-dev
+
+ENV CARGO_CARGO_NEW_VCS="none"
+ENV CARGO_BUILD_RUSTFLAGS="-C target-feature=+crt-static"
+
+WORKDIR /work
+
+COPY . .
+
+RUN cargo build --release --target=$(arch)-unknown-linux-musl
+RUN cp "./target/$(arch)-unknown-linux-musl/release/hesinde-sync" /app
+
+FROM scratch
+
+COPY --from=builder /passwd /etc/passwd
+COPY --from=builder /app /app
+COPY --from=builder --chown=2222: /tmp/tmp /tmp
+
+USER hesinde
+
+CMD ["/app", "--address", "[::]:3000"]
+
+EXPOSE 3000