diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 0000000..251a550
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,31 @@
+name: Build non-root XBPS container image
+
+on:
+  push:
+    branches:
+      - docker
+
+# TODO: create arch matrix
+env:
+  GHCR_IMAGE: "ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:x86_64"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build container image
+        run: |
+          docker build -t ${GHCR_IMAGE} image/x86_64
+          docker push ${GHCR_IMAGE}
diff --git a/image/x86_64/Dockerfile b/image/x86_64/Dockerfile
new file mode 100644
index 0000000..5d426f6
--- /dev/null
+++ b/image/x86_64/Dockerfile
@@ -0,0 +1,19 @@
+FROM ghcr.io/void-linux/void-buildroot-glibc:20230904R2
+
+RUN xbps-install -Sy \
+        xbps \
+    && xbps-install -Syu \
+    && xbps-install -Sy \
+        git \
+        cmake \
+        python3 \
+        tar \
+        shadow \
+        util-linux \
+    && groupadd -g 5000 user \
+    && useradd -u 5000 -g user -s /bin/bash user \
+    && mkdir -m 1777 /__w \
+    && chown -R user:user /__w
+
+WORKDIR /home/user
+USER user