diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 000000000..1451e3141
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1,45 @@
+# TODO: use matrix to test different build options and linux distros
+version: 2.1
+
+jobs:
+  build:
+    docker:
+      - image: docker.io/sudoproject/debian:latest
+    steps:
+      - checkout
+      - run:
+          name: "Building and packaging sudo"
+          command: ./scripts/mkpkg --flavor=ldap --enable-warnings --enable-werror
+      # Save workspace for subsequent jobs (i.e. test)
+      - persist_to_workspace:
+          root: .
+          paths:
+            - .
+  test:
+    docker:
+      - image: docker.io/sudoproject/debian:latest
+    steps:
+      # Reuse the workspace from the build job
+      - attach_workspace:
+          at: .
+      - run:
+          name: "Running tests"
+          command: make check
+
+# Orchestrate our job run sequence
+workflows:
+  version: 2
+  build_and_test:
+    jobs:
+      - build:
+          # Only build the "main" branch
+          filters:
+            branches:
+              only: main
+      - test:
+          filters:
+          # Only test the "main" branch
+            branches:
+              only: main
+          requires:
+            - build
diff --git a/MANIFEST b/MANIFEST
index 04f1581c7..683f2e1d4 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -55,6 +55,14 @@ doc/sudoreplay.man.in
 doc/sudoreplay.mdoc.in
 doc/visudo.man.in
 doc/visudo.mdoc.in
+docker/README
+docker/debian/latest/Dockerfile
+docker/debian/testing/Dockerfile
+docker/fedora/latest/Dockerfile
+docker/fedora/rawhide/Dockerfile
+docker/ubuntu/devel/Dockerfile
+docker/ubuntu/latest/Dockerfile
+docker/ubuntu/rolling/Dockerfile
 etc/codespell.exclude
 etc/codespell.ignore
 etc/codespell.skip
diff --git a/docker/README b/docker/README
new file mode 100644
index 000000000..d51360928
--- /dev/null
+++ b/docker/README
@@ -0,0 +1,29 @@
+Container images are stored in https://hub.docker.com/repositories as
+user sudoproject.  Build images are named based on the distro and use
+the tag to differentiate between different versions and architectures.
+There should always be a "latest" tag (or manifest).
+
+When creating a new Dockerfile, use one of the Debian or Fedora files
+as a template.  The examples below use podman rather than docker but it
+should be possible to them interchangably.
+
+To build Debian containers for both amd64 and i386 (others only have amd64):
+
+    podman build --arch amd64 --pull -t sudoproject/debian:latest.amd64 \
+	docker/debian/latest
+    podman build --arch 386 --pull -t sudoproject/debian:latest.i386 \
+	docker/debian/latest
+
+Then push it to dockerhub (may need to run "podman login" first):
+    podman push sudoproject/debian:latest.amd64
+    podman push sudoproject/debian:latest.i386
+
+Multi-arch containers are supported by creating a manifest, e.g.:
+    podman manifest create sudoproject/debian:latest
+    podman manifest add sudoproject/debian:latest \
+	sudoproject/debian:latest.amd64
+    podman manifest add sudoproject/debian:latest \
+	sudoproject/debian:latest.i386
+
+Finally push the manifest to dockerhub:
+    podman push sudoproject/debian:latest
diff --git a/docker/debian/latest/Dockerfile b/docker/debian/latest/Dockerfile
new file mode 100644
index 000000000..bb1645151
--- /dev/null
+++ b/docker/debian/latest/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/debian:latest
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client
diff --git a/docker/debian/testing/Dockerfile b/docker/debian/testing/Dockerfile
new file mode 100644
index 000000000..2ca39ff4b
--- /dev/null
+++ b/docker/debian/testing/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/debian:testing
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client
diff --git a/docker/fedora/latest/Dockerfile b/docker/fedora/latest/Dockerfile
new file mode 100644
index 000000000..ad7d5ab50
--- /dev/null
+++ b/docker/fedora/latest/Dockerfile
@@ -0,0 +1,7 @@
+FROM docker.io/library/fedora:latest
+ENV TZ=America/Denver
+
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
+    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
+    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
+    procps which
diff --git a/docker/fedora/rawhide/Dockerfile b/docker/fedora/rawhide/Dockerfile
new file mode 100644
index 000000000..a16457645
--- /dev/null
+++ b/docker/fedora/rawhide/Dockerfile
@@ -0,0 +1,7 @@
+FROM docker.io/library/fedora:rawhide
+ENV TZ=America/Denver
+
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
+    libselinux-devel libsepol-devel openldap-devel openssl-devel pam-devel \
+    python3-devel rpm-build zlib-devel binutils ed gcc gdb git openssh \
+    procps which
diff --git a/docker/ubuntu/devel/Dockerfile b/docker/ubuntu/devel/Dockerfile
new file mode 100644
index 000000000..810ce78d0
--- /dev/null
+++ b/docker/ubuntu/devel/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/ubuntu:devel
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client
diff --git a/docker/ubuntu/latest/Dockerfile b/docker/ubuntu/latest/Dockerfile
new file mode 100644
index 000000000..f5e6a6180
--- /dev/null
+++ b/docker/ubuntu/latest/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/ubuntu:latest
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client
diff --git a/docker/ubuntu/rolling/Dockerfile b/docker/ubuntu/rolling/Dockerfile
new file mode 100644
index 000000000..41fcfb571
--- /dev/null
+++ b/docker/ubuntu/rolling/Dockerfile
@@ -0,0 +1,8 @@
+FROM docker.io/library/ubuntu:rolling
+
+RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
+    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
+	build-essential curl dpkg-dev ed libldap2-dev libpam0g-dev \
+	libsasl2-dev libselinux1-dev libsepol1-dev libssl-dev zlib1g-dev \
+	libaudit-dev libssl-dev python3-dev libpython3-dev \
+	file lsb-release fakeroot procps git ssh openssh-client