diff --git a/.github/workflows/container_build.yml b/.github/workflows/container_build.yml
new file mode 100644
index 0000000..d2b5938
--- /dev/null
+++ b/.github/workflows/container_build.yml
@@ -0,0 +1,32 @@
+name: Build containers
+
+on:
+  pull_request:
+    paths:
+      - 'docker/Dockerfile'
+      - 'docker/entrypoint.sh'
+
+jobs:
+  docker_container:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout pull request branch
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+
+      - name: Setup up docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build docker containers
+        uses: docker/build-push-action@v6
+        with:
+          context: docker
+          tags: tmate-minimal:latest
+          outputs: type=image,compression=zstd
diff --git a/.github/workflows/container_upload.yml b/.github/workflows/container_upload.yml
new file mode 100644
index 0000000..773c4ff
--- /dev/null
+++ b/.github/workflows/container_upload.yml
@@ -0,0 +1,45 @@
+name: Push containers to registries
+
+on:
+  pull_request_target:
+    types: [closed]
+    paths:
+      - 'docker/Dockerfile'
+      - 'docker/entrypoint.sh'
+
+jobs:
+  push_docker_containers:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout pull request branch
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+
+      - name: Setup up docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to ghcr.io with docker
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push docker containers
+        uses: docker/build-push-action@v6
+        with:
+          context: docker
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/tmate-minimal:latest
+          outputs: type=image,compression=zstd,push=true
diff --git a/.github/workflows/dispatch_container_upload.yml b/.github/workflows/dispatch_container_upload.yml
new file mode 100644
index 0000000..f040ae2
--- /dev/null
+++ b/.github/workflows/dispatch_container_upload.yml
@@ -0,0 +1,41 @@
+name: Push containers to registries
+
+on:
+  workflow_dispatch:
+
+jobs:
+  push_docker_containers:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout pull request branch
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+
+      - name: Setup up docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to ghcr.io with docker
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push docker containers
+        uses: docker/build-push-action@v6
+        with:
+          context: docker
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/tmate-minimal:latest
+          outputs: type=image,compression=zstd,push=true
diff --git a/docker/Dockerfile b/docker/Dockerfile
index e2666d3..8ec235b 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -5,10 +5,12 @@ USER root
 # libgomp1 is needed for FINEMAP, which is precompiled and breaks with RPATH relocation
 # tmate is needed so that SSH access is possible
 # curl is needed to bootstrap pixi
+# DO NOT add other packages here unless specifically told to- dependencies should be managed by pixi
 RUN apt-get update && apt-get -y install ca-certificates tzdata libgl1 libgomp1 tmate curl
 
 # Use bash as default shell instead of dash
 RUN ln -sf /bin/bash /bin/sh
+RUN usermod -a -G users ubuntu
 
 # RUN useradd --no-log-init --create-home --shell /bin/bash --uid 2000 --no-user-group jovyan
 COPY --chown=ubuntu --chmod=755 entrypoint.sh /usr/local/bin/entrypoint.sh
diff --git a/docker/README.md b/docker/README.md
index d36dc78..733062c 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,6 +1,5 @@
 # Minimal VM image for mmcloud
 
-This image is designed to work for mmcloud as the base image where we add additional package on the fly. 
+This image is designed to work for mmcloud as the base image where we add additional package on the fly. Instead of the typical approach of installing software into a container, we install our software into an AWS FSx volume with pixi and mount this volume into the container at run time.  This greatly reduces the startup time for jobs as well as the EBS volume storage requirements for the host VM.
 
-- The image is maintained in the long run at https://github.com/danielnachun/misc-containers/tree/main/tmate-minimal. Please check that repo for the latest version
-- To use this image in mmcloud please check this page: https://wanggroup.org/productivity_tips/mmcloud-interactive
+To use this image in mmcloud please check this page: https://wanggroup.org/productivity_tips/mmcloud-interactive