diff --git a/.github/workflows/pull-docker-image.yml b/.github/workflows/pull-docker-image.yml
new file mode 100644
index 0000000000..eb0170b7ef
--- /dev/null
+++ b/.github/workflows/pull-docker-image.yml
@@ -0,0 +1,51 @@
+# Copyright 2023 Democratized Data Foundation
+#
+# Use of this software is governed by the Business Source License
+# included in the file licenses/BSL.txt.
+#
+# As of the Change Date specified in that file, in accordance with
+# the Business Source License, use of this software will be governed
+# by the Apache License, Version 2.0, included in the file
+# licenses/APL.txt.
+
+# This workflow validates that the images pushed to the container
+# registries can be pulled then run sucessfully.
+name: Pull Docker Image Workflow
+
+on:
+  workflow_run:
+    # Warning: this workflow must NOT:
+    # - interact with any new code.
+    # - checkout new code.
+    # - build/compile anything (only pull).
+    # - make any indirect calls (i.e. make xyz, or npm install, etc.)
+    # Note this workflow:
+    # - will use the base's (or default) workflow file's state.
+    # - doesn't run on the PR or the branch coming in, it runs on the default branch.
+    # - has read-write repo token
+    # - has access to secrets
+    workflows: ["Push Docker Image To Registries Workflow"]
+    types:
+      - completed
+
+jobs:
+  pull-docker-image:
+    name: Pull docker image job
+
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        image_tag:
+          - sourcenetwork/defradb:latest
+          - ghcr.io/sourcenetwork/defradb:latest
+
+    steps:
+      - name: Pull Docker image
+        run: docker pull ${{ matrix.image_tag }}
+
+      - name: Test Docker image
+        run: docker run --rm ${{ matrix.image_tag }}
diff --git a/.github/workflows/push-docker-image-to-registries.yml b/.github/workflows/push-docker-image-to-registries.yml
new file mode 100644
index 0000000000..d7d00d14aa
--- /dev/null
+++ b/.github/workflows/push-docker-image-to-registries.yml
@@ -0,0 +1,83 @@
+# Copyright 2023 Democratized Data Foundation
+#
+# Use of this software is governed by the Business Source License
+# included in the file licenses/BSL.txt.
+#
+# As of the Change Date specified in that file, in accordance with
+# the Business Source License, use of this software will be governed
+# by the Apache License, Version 2.0, included in the file
+# licenses/APL.txt.
+
+# This workflow builds a Docker container image, if the build is successful
+# then it will deploy the image to DockerHub & GitHub container registries.
+name: Push Docker Image To Registries Workflow
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+env:
+  TEST_TAG: sourcenetwork/defradb:test
+
+jobs:
+  push-docker-image-to-registries:
+    name: Push Docker image to registries job
+    
+    runs-on: ubuntu-latest
+    
+    permissions:
+      packages: write
+      contents: read
+    
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: tools/defradb.containerfile
+          load: true
+          tags: ${{ env.TEST_TAG }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Test Docker image
+        run: docker run --rm ${{ env.TEST_TAG }}
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            sourcenetwork/defradb
+            ghcr.io/${{ github.repository }}
+      
+      - name: Push Docker images
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: tools/defradb.containerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/validate-containerfile.yml b/.github/workflows/validate-containerfile.yml
new file mode 100644
index 0000000000..5b300f4d30
--- /dev/null
+++ b/.github/workflows/validate-containerfile.yml
@@ -0,0 +1,58 @@
+# Copyright 2023 Democratized Data Foundation
+#
+# Use of this software is governed by the Business Source License
+# included in the file licenses/BSL.txt.
+#
+# As of the Change Date specified in that file, in accordance with
+# the Business Source License, use of this software will be governed
+# by the Apache License, Version 2.0, included in the file
+# licenses/APL.txt.
+
+# This workflow tests that the container build is successful and
+# that the built container runs successfully.
+name: Validate Containerfile Workflow
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+    paths:
+      - '.github/workflows/validate-containerfile.yml'
+      - 'tools/defradb.containerfile'
+
+  push:
+    branches:
+      - master
+      - develop
+
+env:
+  TEST_TAG: sourcenetwork/defradb:test
+
+jobs:
+  validate-containerfile:
+    name: Validate containerfile job
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      
+      - name: Build Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: tools/defradb.containerfile
+          load: true
+          tags: ${{ env.TEST_TAG }}
+
+      - name: Test Docker image
+        run: docker run --rm ${{ env.TEST_TAG }}
+
diff --git a/tools/defradb.containerfile b/tools/defradb.containerfile
index 9bb62d6d53..c5674f10db 100644
--- a/tools/defradb.containerfile
+++ b/tools/defradb.containerfile
@@ -9,11 +9,16 @@ WORKDIR /repo/
 COPY go.mod go.sum Makefile ./
 RUN make deps:modules
 COPY . .
+# manually copy libwasmer.so to fix linking issue https://github.com/wasmerio/wasmer-go/issues/281
+RUN export WASMER_ARCH=$(go env GOHOSTARCH | sed "s/arm64/aarch64/") && \
+    export WASMER_PATH=$(go env GOMODCACHE)/github.com/wasmerio/wasmer-go@v1.0.4/wasmer/packaged/lib/linux-$WASMER_ARCH/libwasmer.so && \
+    cp $WASMER_PATH /lib/libwasmer.so
 RUN make build
 
 # Stage: RUN
-FROM gcr.io/distroless/base-debian11
+FROM debian:bookworm-slim
 COPY --from=BUILD /repo/build/defradb /defradb
+COPY --from=BUILD /lib/libwasmer.so /lib/libwasmer.so
 
 # Documents which ports are normally used.
 # To publish the ports: `docker run -p 9181:9181` ...