diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..535afea
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,58 @@
+# Build container
+# =================================
+FROM python:3.11 AS build
+
+RUN python -m pip install pip --upgrade
+RUN curl -sSL -o /install-poetry.py https://install.python-poetry.org
+RUN python /install-poetry.py --yes
+
+ADD . /build
+WORKDIR /build
+
+RUN /root/.local/bin/poetry self add poetry-plugin-export
+RUN /root/.local/bin/poetry export \
+  --format requirements.txt \
+  --output /build/requirements.txt \
+  --without-hashes
+RUN python -m pip wheel \
+  --wheel-dir /build/wheels \
+  --requirement /build/requirements.txt \
+  --disable-pip-version-check \
+  --no-cache-dir
+
+
+# Runtime container
+# ==================================
+FROM python:3.11-slim
+
+ENV SEMAPHORE_RUNNER_CONFIG_FILE /semaphore/config.json
+
+COPY --from=build /build/wheels /tmp/wheels
+
+RUN apt-get update --yes && \
+  apt-get install --yes \
+    openssh-client \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg && \
+  mkdir --parents /tmp/apt && \
+  curl -sSL -o /tmp/apt/opentofu.deb https://github.com/opentofu/opentofu/releases/download/v1.6.2/tofu_1.6.2_amd64.deb && \
+  curl -sSL -o /tmp/apt/semaphore.deb https://github.com/ansible-semaphore/semaphore/releases/download/v2.9.45/semaphore_2.9.45_linux_amd64.deb && \
+  apt-get install --yes /tmp/apt/*.deb && \
+  apt-get clean --yes && \
+  rm -rf /tmp/apt && \
+  python -m pip install /tmp/wheels/*.whl \
+    --upgrade \
+    --pre \
+    --no-index \
+    --no-cache-dir \
+    --find-links /tmp/wheels \
+    --disable-pip-version-check && \
+  rm -rf /tmp/wheels && \
+  mkdir --parents /semaphore
+
+ADD entrypoint.sh /entrypoint.sh
+ADD configure.py /configure.py
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/configure.py b/configure.py
new file mode 100644
index 0000000..0adc521
--- /dev/null
+++ b/configure.py
@@ -0,0 +1,32 @@
+import sys
+import os
+import json
+import tempfile
+
+
+def main() -> str:
+    try:
+        config = {
+            "registration_token": os.environ["SEMAPHORE_RUNNER_REGISTRATION_TOKEN"],
+            "config_file": os.getenv(
+                "SEMAPHORE_RUNNER_CONFIG_FILE", "/semaphore/runner.json"
+            ),
+            "api_url": os.environ["SEMAPHORE_RUNNER_API_URL"],
+            "max_parallel_tasks": int(
+                os.getenv("SEMAPHORE_RUNNER_MAX_PARALLEL_TASKS", "1")
+            ),
+        }
+    except KeyError as err:
+        print(f"Missing required configuration value {err}", file=sys.stderr)
+        sys.exit(1)
+
+    path = tempfile.mkstemp(prefix="semaphore-runner-")
+
+    with open(path, "w") as outfile:
+        json.dump(config, outfile, indent=4)
+
+    return path
+
+
+if __name__ == "__main__":
+    main()
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..a994ad2
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -e
+
+semaphore runner --config="$(python /configure.py)"