diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
new file mode 100644
index 0000000..33a7e75
--- /dev/null
+++ b/.github/workflows/docker-build.yml
@@ -0,0 +1,76 @@
+name: Docker Build and Push
+
+on:
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: willnewby/kshell
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        run: |
+          # Get commit timestamp and format as DATE
+          COMMIT_TIMESTAMP=$(git show -s --format=%ct)
+          DATE=$(date -u -d @${COMMIT_TIMESTAMP} +%Y%m%d%H%M)
+
+          # Get short git SHA
+          GITSHA=$(git rev-parse --short HEAD)
+
+          echo "date=${DATE}" >> $GITHUB_OUTPUT
+          echo "gitsha=${GITSHA}" >> $GITHUB_OUTPUT
+
+      - name: Build Docker image (PR)
+        if: github.event_name == 'pull_request'
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
+          push: false
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.date }}-${{ steps.meta.outputs.gitsha }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push Docker image (main)
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.date }}-${{ steps.meta.outputs.gitsha }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/CLAUDE.md b/CLAUDE.md
new file mode 100644
index 0000000..0c2a9af
--- /dev/null
+++ b/CLAUDE.md
@@ -0,0 +1,59 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+kshell is a lightweight troubleshooting container image designed to run in Kubernetes clusters. It provides a pre-configured Ubuntu-based environment with common networking and debugging tools.
+
+## Building and Publishing
+
+The project uses [Taskfile](https://taskfile.dev) for build automation.
+
+**Build and push the image:**
+```bash
+task
+```
+or explicitly:
+```bash
+task build-push
+```
+
+This builds multi-architecture images (linux/amd64, linux/arm/v7, linux/arm64/v8) and pushes them to `ghcr.io/willnewby/kshell` with two tags:
+- `latest`
+- `{DATE}-{GITSHA}` (e.g., `202501151430-a1b2c3d`)
+
+The DATE format is `%Y%m%d%H%M` derived from the git commit timestamp.
+
+**Requirements:**
+- Docker with buildx support
+- Authenticated to GitHub Container Registry (ghcr.io)
+
+## Usage
+
+The image is designed to be launched as an ephemeral troubleshooting pod:
+
+```bash
+kubectl run -it --attach --rm atlas --restart=Never --image=ghcr.io/willnewby/kshell:latest -- bash
+```
+
+Users typically alias this command as `kshell` in their shell profile.
+
+## Image Architecture
+
+**Base Image:** Ubuntu 22.04 with multi-platform support
+
+**Installed Tools:**
+- Networking: curl, wget, dnsutils, iputils-ping, net-tools, hey (HTTP load generator)
+- Development: git, emacs
+- Utilities: jq, openssl, unzip, dumb-init
+
+**Entrypoint:** Uses dumb-init as PID 1 for proper signal handling
+
+**Default Behavior:** The container runs `/sleep-123`, a simple bash script that prints status messages every 120 seconds, keeping the pod alive for troubleshooting.
+
+## Key Files
+
+- `Dockerfile`: Multi-architecture Ubuntu image definition
+- `Taskfile.yaml`: Build and publish automation
+- `sleep-123`: Bash script that keeps the container running with periodic logging
diff --git a/Dockerfile b/Dockerfile
index 3038d51..e8b8070 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,6 +17,7 @@ RUN apt-get update && apt-get install -y \
     wget \
     iputils-ping \
     hey \
+    net-tools \
     && rm -rf /var/lib/apt/lists/*
 
 COPY sleep-123 /sleep-123