diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..13204720435afdcb258aa8e7b4a5fb3087d0443d
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,50 @@
+---
+workflow:
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: $CI_COMMIT_TAG
+
+stages:
+  - test
+  - build
+
+
+lint dockerfile:
+  stage: test
+  image: hadolint/hadolint:latest-debian
+  before_script:
+    - mkdir -p reports
+  script:
+    - hadolint --format gitlab_codeclimate Dockerfile > reports/hadolint-$(md5sum Dockerfile | cut -d" " -f1).json
+  artifacts:
+    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
+    when: always
+    reports:
+      codequality:
+        - "reports/*"
+    paths:
+      - "reports/*"
+  rules:
+    - if: $CI_MERGE_REQUEST_IID
+      changes:
+        - Dockerfile
+
+build container image:
+  stage: build
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
+  script:
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"},\"$harbor_registry\":{\"auth\":\"$HARBOR_ROBOT_TOKEN64\"}}}" > /kaniko/.docker/config.json
+    - /kaniko/executor
+      --context $CI_PROJECT_DIR
+      --dockerfile $CI_PROJECT_DIR/Dockerfile
+      --build-arg build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+      --build-arg vcs_ref=${CI_COMMIT_SHORT_SHA}
+      --build-arg version=${CI_COMMIT_SHORT_SHA}
+      --destination $CI_REGISTRY_IMAGE/repdav:$CI_COMMIT_SHORT_SHA
+      --destination $harbor_registry/$harbor_repo/repdav:$CI_COMMIT_SHORT_SHA
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
diff --git a/Dockerfile b/Dockerfile
index cf497852fd23b9644957f2913e6e64dabe6cabff..c49ee941d84699d83459f36c3aa884c96c2fda6b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,37 @@
 # syntax=docker/dockerfile:1
 FROM python:3.8
 
+LABEL \
+    org.label-schema.dockerfile="/Dockerfile" \
+    org.label-schema.license="AGPL-3.0-or-later" \
+    org.label-schema.maintainer="Stefan Hynek" \
+    org.label-schema.name="Textgrid Repository WebDAV Server" \
+    org.label-schema.schema-version="1.0" \
+    org.label-schema.url="https://gitlab.gwdg.de/dariah-de/textgridrep/repdav" \
+    org.label-schema.vcs-url="https://gitlab.gwdg.de/dariah-de/textgridrep/repdav" \
+    org.label-schema.vendor="SUB/FE"
+
+
+RUN useradd --create-home repdav
+USER repdav
+
+COPY --chown=repdav requirements.txt /
+RUN pip install \
+    --no-cache-dir \
+    --requirement requirements.txt \
+    --user
+
 WORKDIR /app
+COPY --chown=repdav src/ .
 
-COPY requirements.txt .
-RUN pip install -r requirements.txt
+ARG build_date
+ARG vcs_ref
+ARG version
+LABEL \
+    org.label-schema.build-date="${build_date}" \
+    org.label-schema.vcs-ref="${vcs_ref}" \
+    org.label-schema.version="${version}"
 
 CMD ["python", "main.py"]
+
+COPY Dockerfile /