diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml
new file mode 100644
index 0000000..a3c9f85
--- /dev/null
+++ b/.woodpecker/build.yml
@@ -0,0 +1,34 @@
+---
+kind: pipeline
+type: docker
+name: docker_build
+depends_on:
+  - lint
+steps:
+  selfhosted_tag:
+    image: plugins/docker
+    settings:
+      dockerfile: Dockerfile
+      repo: registry.mgrote.net/oxidized-selfmade
+      registry: registry.mgrote.net
+      tags:
+        - ${CI_COMMIT_TAG}
+    when:
+      event:
+        - tag
+
+  selfhosted_push:
+    image: plugins/docker
+    settings:
+      dockerfile: Dockerfile
+      repo: registry.mgrote.net/oxidized-selfmade
+      registry: registry.mgrote.net
+      tags:
+        - ${CI_COMMIT_SHA:0:8}
+        - ${CI_COMMIT_BRANCH}
+        - latest
+    when:
+      event:
+        exclude:
+          - pull_request
+          - tag
diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml
new file mode 100644
index 0000000..176feb0
--- /dev/null
+++ b/.woodpecker/lint.yml
@@ -0,0 +1,31 @@
+---
+kind: pipeline
+type: docker
+name: linting
+steps:
+  gitleaks:
+    image: zricethezav/gitleaks:latest
+    commands:
+      - gitleaks detect --no-git --verbose --source $CI_WORKSPACE
+    when:
+      event:
+        exclude:
+          - tag
+
+  hadolint:
+    image: hadolint/hadolint:latest-debian
+    commands:
+      - hadolint Dockerfile
+    when:
+      event:
+        exclude:
+          - tag
+
+  shellcheck:
+    image: koalaman/shellcheck-alpine:stable
+    commands:
+      - "find . -name *.sh -exec shellcheck {} +"
+    when:
+      event:
+        exclude:
+          - tag