diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..bc35f30
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,59 @@
+# Check out this cool article:
+# https://chemidy.medium.com/create-the-smallest-and-secured-golang-docker-image-based-on-scratch-4752223b7324
+
+# We recommend building with docker's buildx toolset
+
+ARG  BUILDER_IMAGE=golang:alpine
+############################
+# STEP 1 build executable binary
+############################
+FROM ${BUILDER_IMAGE} as builder
+
+# Install git + SSL ca certificates.
+# Git is required for fetching the dependencies.
+# Ca-certificates is required to call HTTPS endpoints.
+RUN apk update && apk add --no-cache git ca-certificates tzdata && update-ca-certificates
+
+# Create appuser
+ENV USER=pullpal
+ENV UID=10001
+
+# See https://stackoverflow.com/a/55757473/12429735
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+WORKDIR $GOPATH/src/mypackage/myapp/
+COPY . .
+
+# Fetch dependencies.
+RUN go get -d -v
+
+# Build the binary
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags='-w -s -extldflags "-static"' -a \
+    -o /go/bin/pullpal .
+
+############################
+# STEP 2 build a small image
+############################
+FROM alpine
+
+# Import from builder.
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+
+# Copy our static executable
+COPY --from=builder /go/bin/pullpal /go/bin/pullpal
+
+# Use an unprivileged user.
+USER pullpal:pullpal
+
+# Run the pullpal binary.
+ENTRYPOINT ["/go/bin/pullpal","--config=/etc/pullpal/config.yaml"]