diff --git a/.dockerignore b/.dockerignore
index f939117bf..dd4e3be51 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,14 +1,27 @@
 .git
 .gitignore
+.gitmodules
 CONTRIBUTORS.txt
 LICENSE.rst
 README.md
 
-*.pyc
+**/*.pyc
 *media/*
 *static/*
 *build/*
-*.DS_STORE
+**/*.DS_STORE
 db.*
 venv*
 node_modules
+Resources
+graphql
+.vscode
+.github
+.circleci
+docker-compose.yml
+.dockerignore
+/*.md
+/*.js
+.env
+*pycache*
+target
\ No newline at end of file
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
new file mode 100644
index 000000000..a9d9c0040
--- /dev/null
+++ b/.github/workflows/docker-image.yml
@@ -0,0 +1,53 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'staging'
+    tags:
+      - '*.*.*'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            pokeapi/pokeapi
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME_NARAMSIM }}
+          password: ${{ secrets.DOCKERHUB_TOKEN_NARAMSIM }}
+      -
+        name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Resources/docker/app/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      -
+        name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/Resources/compose/docker-compose-prod-graphql.yml b/Resources/compose/docker-compose-prod-graphql.yml
index fcdf1bca8..d50c8e58e 100644
--- a/Resources/compose/docker-compose-prod-graphql.yml
+++ b/Resources/compose/docker-compose-prod-graphql.yml
@@ -14,7 +14,7 @@ services:
 
   graphql-engine:
     environment:
-      HASURA_GRAPHQL_DATABASE_URL: "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/pokeapi"
+      HASURA_GRAPHQL_DATABASE_URL: "postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-pokeapi}"
       HASURA_GRAPHQL_ADMIN_SECRET: "${HASURA_GRAPHQL_ADMIN_SECRET}"
 
   graphiql:
diff --git a/Resources/docker/app/Dockerfile b/Resources/docker/app/Dockerfile
index 51b553c43..b2f16de03 100644
--- a/Resources/docker/app/Dockerfile
+++ b/Resources/docker/app/Dockerfile
@@ -6,7 +6,6 @@ ENV PYTHONHASHSEED 'random'
 
 RUN mkdir /code
 WORKDIR /code
-VOLUME /code
 
 ADD requirements.txt /code/
 RUN \
@@ -16,5 +15,6 @@ RUN \
     apk --purge del .build-deps
 ADD . /code/
 
+USER nobody
 CMD gunicorn config.wsgi:application -c gunicorn.py.ini
-EXPOSE 8000
+EXPOSE 80
diff --git a/config/docker-compose.py b/config/docker-compose.py
index f8dffe4cd..185878ce3 100644
--- a/config/docker-compose.py
+++ b/config/docker-compose.py
@@ -5,7 +5,7 @@
 DATABASES = {
     "default": {
         "ENGINE": "django.db.backends.postgresql_psycopg2",
-        "NAME": "pokeapi",
+        "NAME": os.environ.get("POSTGRES_DB", "pokeapi"),
         "USER": os.environ.get("POSTGRES_USER", "ash"),
         "PASSWORD": os.environ.get("POSTGRES_PASSWORD", "pokemon"),
         "HOST": "db",
diff --git a/docker-compose.yml b/docker-compose.yml
index 28a2dfff8..f2d5814ab 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,9 +9,9 @@ services:
   db:
     image: postgres
     environment:
-      POSTGRES_PASSWORD: 'pokemon'
-      POSTGRES_USER: 'ash'
-      POSTGRES_DB: 'pokeapi'
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-pokemon}
+      POSTGRES_USER: ${POSTGRES_USER:-ash}
+      POSTGRES_DB: ${POSTGRES_DB:-pokeapi}
     volumes:
       - pg_data:/var/lib/postgresql/data
     restart: always
@@ -20,6 +20,10 @@ services:
     build:
       context: .
       dockerfile: ./Resources/docker/app/Dockerfile
+    environment:
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-pokemon}
+      POSTGRES_USER: ${POSTGRES_USER:-ash}
+      POSTGRES_DB: ${POSTGRES_DB:-pokeapi}
     volumes:
       - .:/code
     links:
@@ -53,11 +57,11 @@ services:
       - "db"
     restart: always
     environment:
-      HASURA_GRAPHQL_DATABASE_URL: postgres://ash:pokemon@db:5432/pokeapi
+      HASURA_GRAPHQL_DATABASE_URL: postgres://${POSTGRES_USER:-ash}:${POSTGRES_PASSWORD:-pokemon}@db:5432/${POSTGRES_DB:-pokeapi}
       HASURA_GRAPHQL_ENABLE_CONSOLE: "true"
       HASURA_GRAPHQL_DEV_MODE: "false"
       HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup, http-log, webhook-log, websocket-log, query-log
-      HASURA_GRAPHQL_ADMIN_SECRET: pokemon
+      HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET:-pokemon}
       HASURA_GRAPHQL_UNAUTHORIZED_ROLE: anon
       HASURA_GRAPHQL_ENABLE_TELEMETRY: "false"
       # HASURA_GRAPHQL_CONSOLE_ASSETS_DIR: /srv/console-assets