diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 000000000..fd22191a7
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,19 @@
+.DS_Store
+
+.anchor
+test-ledger
+target
+
+**/*.rs.bk
+
+dist
+node_modules
+yarn-error.log
+
+.idea
+.vscode
+
+programs/margin-trade/src/lib-expanded.rs
+programs/mango-v4/src/lib-expanded.rs
+
+keeper/.env
\ No newline at end of file
diff --git a/.github/workflows/ci-docker-heroku-deploy.yml b/.github/workflows/ci-docker-heroku-deploy.yml
new file mode 100644
index 000000000..911f669b6
--- /dev/null
+++ b/.github/workflows/ci-docker-heroku-deploy.yml
@@ -0,0 +1,35 @@
+name: Deploy Docker Image to Heroku
+
+on:
+  workflow_dispatch:
+    inputs:
+      appName:
+        description: 'Heroku App Name'
+        required: true
+        type: string
+      imageName:
+        description: 'Docker Image Name'
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout 
+        uses: actions/checkout@v2
+
+      - name: Login
+        env: 
+          HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
+        run: heroku container:login
+
+      - name: Push
+        env:
+          HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
+        run: heroku container:push ${{ inputs.imageName }} -a ${{ inputs.appName }} --recursive 
+
+      - name: Release
+        env:
+          HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
+        run: heroku container:release ${{ inputs.imageName }} -a ${{ inputs.appName }}
\ No newline at end of file
diff --git a/.github/workflows/ci-docker-publish.yml b/.github/workflows/ci-docker-publish.yml
new file mode 100644
index 000000000..ddbf396dd
--- /dev/null
+++ b/.github/workflows/ci-docker-publish.yml
@@ -0,0 +1,60 @@
+name: Publish Docker Image to GCR
+
+on:
+  push:
+    branches: [dev]
+  workflow_call:
+    secrets:
+      GCR_PROJECT:
+        required: true
+      GCR_SA_KEY:
+        required: true
+
+env:
+  PROJECT_ID: ${{ secrets.GCR_PROJECT }}
+  IMAGE: mango-v4
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      
+      # Use docker buildx
+      - name: Use docker buildx
+        uses: docker/setup-buildx-action@v2
+        id: buildx
+        with:
+          install: true
+          buildkitd-flags: --debug
+
+      # Login to Google Cloud
+      - name: 'Login to Google Cloud'
+        uses: 'google-github-actions/auth@v0'
+        id: auth
+        with:
+          token_format: 'access_token'
+          credentials_json: '${{ secrets.GCR_SA_KEY }}'
+
+      # Login to GCR
+      - name: Login to GCR
+        uses: docker/login-action@v2
+        with:
+          registry: us-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+
+      # Build and push the image, leveraging layer caching
+      - name: Build and Push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: |
+            us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:${{ github.sha }}
+            us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:latest
+          cache-from: type=registry,ref=us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:buildcache
+          cache-to: type=registry,ref=us-docker.pkg.dev/${{ env.PROJECT_ID }}/gcr.io/${{ env.IMAGE }}:buildcache,mode=max
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..93fed90ec
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,21 @@
+# Base image containing all binaries, deployed to gcr.io/mango-markets/mango-v4:latest
+FROM rust:1.60 as build
+RUN apt-get update && apt-get -y install clang cmake
+
+WORKDIR /app
+COPY ./ .
+
+# Hack to prevent a ghost member lib/init
+RUN sed -i 's|lib/\*|lib/checked_math|' Cargo.toml
+
+# Mount cache for downloaded and compiled dependencies
+RUN --mount=type=cache,target=/usr/local/cargo,from=rust,source=/usr/local/cargo \
+    --mount=type=cache,target=target \
+    cargo build --release --bins
+
+# Copy bins out of cache
+RUN --mount=type=cache,target=target mkdir .bin && cp target/release/keeper target/release/liquidator .bin/
+
+FROM debian:buster-slim as run
+RUN apt-get update && apt-get -y install ca-certificates
+COPY --from=build /app/.bin/* /usr/local/bin/
diff --git a/keeper/Dockerfile.keeper b/keeper/Dockerfile.keeper
new file mode 100644
index 000000000..5770c5476
--- /dev/null
+++ b/keeper/Dockerfile.keeper
@@ -0,0 +1,6 @@
+# Dockerfile for keeper service in Heroku
+# heroku container:push keeper -R -a HEROKU_APP_NAME
+# heroku container:release -a HEROKU_APP_NAME
+FROM us-docker.pkg.dev/mango-markets/gcr.io/mango-v4:latest
+ENTRYPOINT ["keeper"] 
+CMD ["crank"]
diff --git a/liquidator/Dockerfile.liquidator b/liquidator/Dockerfile.liquidator
new file mode 100644
index 000000000..6257911e5
--- /dev/null
+++ b/liquidator/Dockerfile.liquidator
@@ -0,0 +1,5 @@
+# Dockerfile for keeper service in Heroku
+# heroku container:push keeper -R -a HEROKU_APP_NAME
+# heroku container:release -a HEROKU_APP_NAME
+FROM us-docker.pkg.dev/mango-markets/gcr.io/mango-v4:latest
+ENTRYPOINT ["liquidator"]