diff --git a/.forgejo/workflows/build.yaml b/.forgejo/workflows/build.yaml
index d356930..3635ed4 100644
--- a/.forgejo/workflows/build.yaml
+++ b/.forgejo/workflows/build.yaml
@@ -1,43 +1,41 @@
-on:
-  push:
-env:
-  REGISTRY_IMAGE: ${{ vars.REGISTRY }}/${{ github.repository }}:${{ github.ref_name }}
-
-jobs:
-  build:
-    runs-on: debian
-    steps:
-      -
-        name: Install and configure dependencies
-        run: |
-          apt-get update
-          apt-get install -y --no-install-recommends \
-            buildah \
-            ca-certificates \
-            containers-storage \
-            crun \
-            git \
-            netavark \
-          ;
-          shared=/var/lib/shared/storage
-          sed /usr/share/containers/storage.conf \
-            -e "/^additionalimagestores/a"'\
-            '"\"$shared\"" \
-          > /etc/containers/storage.conf
-      -
-        name: Checkout repository
-        run: |
-          git config --global credential.helper store
-          echo "https://runner:${{ secrets.GITHUB_TOKEN }}@$(echo "${{ github.server_url }}" | cut -b 9-)" > ~/.git-credentials
-          git clone --branch ${{ github.ref_name }} ${{ github.server_url }}/${{ github.repository }} ${{ github.workspace }}
-      -
-        name: Authenticate with registry
-        run: |
-          echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ vars.REGISTRY }} --username runner --password-stdin
-      -
-        name: Build and push
-        run: |
-          export BUILDAH_ISOLATION=chroot
-          export _BUILDAH_STARTED_IN_USERNS=""
-          ${{ github.workspace }}/builder.sh ${{ env.REGISTRY_IMAGE }}
-          buildah push ${{ env.REGISTRY_IMAGE }}
+on: [push]
+env:
+  REGISTRY: forgejo.sbox.hornwitser.no
+  REGISTRY_IMAGE: forgejo.sbox.hornwitser.no/furnavia/builder
+
+jobs:
+  build:
+    runs-on: docker
+    container:
+      image: sif.g100.hornwitser.no:3000/furnavia/builder:latest
+    steps:
+      -
+        name: Get image tags
+        id: info
+        shell: bash
+        run: |
+          tee -a ${GITHUB_OUTPUT} <<EOF
+          TAGS<<EOT
+          $(
+            echo ${{ env.REGISTRY_IMAGE }}:${{ github.ref_name }}
+            if [[ "${{ github.ref_name }}" =~ ^r[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+              echo ${{ env.REGISTRY_IMAGE }}:latest
+            elif [[ "${{ github.ref_name }}" == forgejo ]]; then
+              echo ${{ env.REGISTRY_IMAGE }}:development
+            fi
+          )
+          EOT
+          EOF
+      -
+        name: Authenticate
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+          registry: ${{ env.REGISTRY }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: ${{ steps.info.outputs.TAGS }}
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..01defa6
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,17 @@
+default:
+  image: docker:24.0.5
+
+build:
+  stage: build
+  script:
+    - docker build $CI_PROJECT_DIR
+      --tag ${REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}
+      $(echo "$CI_COMMIT_TAG" | if grep -q $(date -u '+^r%g\.%-V\.\(0\|[1-9][0-9]*\)$');
+        then echo --tag ${REGISTRY_IMAGE}:latest;
+      fi)
+
+deploy:
+  stage: deploy
+  script:
+    - echo "$REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $REGISTRY_USER --password-stdin
+    - docker push --all-tags ${REGISTRY_IMAGE}
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..d268858
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,45 @@
+FROM debian:bookworm
+
+ARG KUBE_RELEASE=v1.30.2
+ARG YQ_VERSION=v4.44.2
+ARG NODE_VERSION=20.x
+ARG PNPM_VERSION=v9.5.0
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		ca-certificates \
+		curl \
+		git \
+		openssh-client \
+	; \
+	install -m 0755 -d /etc/apt/keyrings; \
+	curl -sSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc; \
+	chmod a+r /etc/apt/keyrings/docker.asc; \
+	echo \
+		"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
+		https://download.docker.com/linux/debian \
+		bookworm stable" \
+	> /etc/apt/sources.list.d/docker.list; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		docker-ce-cli \
+		docker-buildx-plugin \
+		docker-compose-plugin \
+	; \
+	curl --silent --location "https://dl.k8s.io/release/$KUBE_RELEASE/bin/linux/amd64/kubectl" \
+		| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/kubectl \
+	; \
+	curl --silent --location "https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz" \
+		| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
+		| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
+	; \
+	curl --silent --location "https://deb.nodesource.com/setup_$NODE_VERSION" | bash; \
+	apt-get install -y --no-install-recommends nodejs; \
+	corepack install --global pnpm@$PNPM_VERSION; \
+	corepack enable pnpm; \
+	rm -rf /var/lib/apt/lists/*
+
+# References:
+# - docker: https://docs.docker.com/engine/install/debian/#install-from-a-package
+# - node: https://github.com/nodesource/distributions#installation-instructions-deb
diff --git a/Readme.md b/Readme.md
index efa1195..e5d77ec 100644
--- a/Readme.md
+++ b/Readme.md
@@ -1,14 +1,14 @@
 # Builder
 
-Common container image used for running application builds, CI pipelines, and deployment scripts based on Debian Trixie.
+Common docker image used for running application builds, CI pipelines, and deployment scripts based on Debian 12.
 
 ## Tools included
 
-- `buildah` trixie - https://packages.debian.org/trixie/buildah
-- `curl` trixie - https://packages.debian.org/trixie/curl
-- `git` trixie - https://packages.debian.org/trixie/git
-- `node` v22.x - https://github.com/nodesource/distributions
-- `pnpm` v9.5.0 - https://pnpm.io/
-- `podman` trixie - https://packages.debian.org/trixie/podman
-- `ssh` trixie - https://packages.debian.org/trixie/openssh-client
-- `yq` v4.44.2 - https://github.com/mikefarah/yq
+- `docker`
+- `curl`
+- `git`
+- `kubectl`
+- `node`
+- `pnpm`
+- `ssh`
+- `yq` - https://github.com/mikefarah/yq
diff --git a/builder.sh b/builder.sh
deleted file mode 100755
index 87e459e..0000000
--- a/builder.sh
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-set -xe
-
-YQ_VERSION=v4.44.2
-NODE_VERSION=22.x
-PNPM_VERSION=v9.5.0
-
-ctr=$(buildah from "docker.io/library/debian:trixie-20250428")
-mnt=$(buildah mount $ctr) # Used to verify mounts work
-
-# Install dependencies
-buildah run $ctr -- apt-get update
-buildah run $ctr -- apt-get install -y --no-install-recommends \
-	buildah \
-	ca-certificates \
-	containers-storage \
-	crun \
-	curl \
-	git \
-	netavark \
-	openssh-client \
-	podman \
-	podman-docker \
-;
-
-# Configure container storage
-shared=/var/lib/shared/storage
-buildah run $ctr -- sh -c "sed /usr/share/containers/storage.conf \
-	-e '/^additionalimagestores/a"'\
-'"  \"$shared\"' \
-> /etc/containers/storage.conf"
-buildah run $ctr -- sh -c "\
-	mkdir -p $shared/overlay-images $shared/overlay-layers; \
-	touch $shared/overlay-images/images.lock; \
-	touch $shared/overlay-layers/layers.lock; \
-"
-
-# yq https://github.com/mikefarah/yq?tab=readme-ov-file#install
-buildah run $ctr -- sh -c "curl --silent --location \"https://github.com/mikefarah/yq/releases/download/$YQ_VERSION/yq_linux_amd64.tar.gz\" \
-	| tar --extract --gzip --to-stdout ./yq_linux_amd64 \
-	| install --owner=root --group=root --mode=0755 /dev/stdin /usr/local/bin/yq \
-;"
-
-# node https://github.com/nodesource/distributions?tab=readme-ov-file#using-debian-as-root-nodejs-22
-buildah run $ctr -- sh -c "curl --silent --location \"https://deb.nodesource.com/setup_$NODE_VERSION\" | bash"
-buildah run $ctr -- apt-get install -y --no-install-recommends nodejs
-
-# pnpm https://nodejs.org/api/corepack.html#upgrading-the-global-versions
-buildah run $ctr -- corepack install --global pnpm@$PNPM_VERSION
-buildah run $ctr -- corepack enable pnpm
-
-# Clear caches
-buildah run $ctr -- rm -rf /var/lib/apt/lists/*
-
-# Config
-buildah config \
-	--env BUILDAH_ISOLATION=chroot \
-	--env _BUILDAH_STARTED_IN_USERNS= \
-$ctr;
-
-buildah unmount $ctr
-buildah commit --rm $ctr $1
diff --git a/tag-release.sh b/tag-release.sh
index c5527fa..24575c1 100644
--- a/tag-release.sh
+++ b/tag-release.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 
-# Finds the next available r<year>.<month>.<increment> identifier
-YEAR_MONTH=$(date -u +%Y.%-m)
-YEAR=${YEAR_MONTH:0:4}
-MONTH=${YEAR_MONTH:5}
-LAST_INCREMENT=$(git tag --list | grep '^r[1-9][0-9]*\.\([1-9]\|1[0-2]\)\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1)
-RELEASE=r${YEAR_MONTH}.$(( ${LAST_INCREMENT:--1} + 1 ))
+# Finds the next available r<year>.<week>.<bump> identifier for the current year and week
+YEAR_WEEK=$(date -u +%g.%-V)
+YEAR=${YEAR_WEEK:0:2}
+WEEK=${YEAR_WEEK:3}
+LAST_BUMP=$(git tag --list | grep '^r'$YEAR'\.'$WEEK'\.\(0\|[1-9][0-9]*\)$' | cut -d . -f 3 | sort -nr | head -n 1)
+RELEASE=r${YEAR_WEEK}.$(( ${LAST_BUMP:--1} + 1 ))
 
 git tag $RELEASE
 echo Tagged $RELEASE