diff --git a/.circleci/config.yml b/.circleci/config.yml
index 04feeedf3..41b18b048 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,6 +1,7 @@
 version: 2.1
 orbs:
   go: gotest/tools@0.0.13
+  aws-cli: circleci/aws-cli@1.3.2
 
 executors:
   golang:
@@ -447,6 +448,114 @@ jobs:
           name: Publish release
           command: ./scripts/publish-release.sh
 
+  build-and-push-image:
+    description: build and push docker images to public AWS ECR registry
+    executor: aws-cli/default
+    parameters:
+      profile-name:
+        type: string
+        default: "default"
+        description: AWS profile name to be configured.
+
+      aws-access-key-id:
+        type: env_var_name
+        default: AWS_ACCESS_KEY_ID
+        description: >
+          AWS access key id for IAM role. Set this to the name of
+          the environment variable you will set to hold this
+          value, i.e. AWS_ACCESS_KEY.
+
+      aws-secret-access-key:
+        type: env_var_name
+        default: AWS_SECRET_ACCESS_KEY
+        description: >
+          AWS secret key for IAM role. Set this to the name of
+          the environment variable you will set to hold this
+          value, i.e. AWS_SECRET_ACCESS_KEY.
+
+      region:
+        type: env_var_name
+        default: AWS_REGION
+        description: >
+          Name of env var storing your AWS region information,
+          defaults to AWS_REGION
+
+      account-url:
+        type: env_var_name
+        default: AWS_ECR_ACCOUNT_URL
+        description: >
+          Env var storing Amazon ECR account URL that maps to an AWS account,
+          e.g. {awsAccountNum}.dkr.ecr.us-west-2.amazonaws.com
+          defaults to AWS_ECR_ACCOUNT_URL
+
+      dockerfile:
+        type: string
+        default: Dockerfile
+        description: Name of dockerfile to use. Defaults to Dockerfile.
+
+      path:
+        type: string
+        default: .
+        description: Path to the directory containing your Dockerfile and build context. Defaults to . (working directory).
+
+      extra-build-args:
+        type: string
+        default: ""
+        description: >
+          Extra flags to pass to docker build. For examples, see
+          https://docs.docker.com/engine/reference/commandline/build
+
+      repo:
+        type: string
+        description: Name of an Amazon ECR repository
+
+      tag:
+        type: string
+        default: "latest"
+        description: A comma-separated string containing docker image tags to build and push (default = latest)
+
+    steps:
+      - aws-cli/setup:
+          profile-name: <<parameters.profile-name>>
+          aws-access-key-id: <<parameters.aws-access-key-id>>
+          aws-secret-access-key: <<parameters.aws-secret-access-key>>
+          aws-region: <<parameters.region>>
+
+      - run:
+          name: Log into Amazon ECR
+          command: |
+            aws ecr-public get-login-password --region $<<parameters.region>> --profile <<parameters.profile-name>> | docker login --username AWS --password-stdin $<<parameters.account-url>>
+
+      - checkout
+
+      - setup_remote_docker:
+          version: 19.03.13
+          docker_layer_caching: false
+
+      - run:
+          name: Build docker image
+          command: |
+            registry_id=$(echo $<<parameters.account-url>> | sed "s;\..*;;g")
+
+            docker_tag_args=""
+            IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>"
+            for tag in "${DOCKER_TAGS[@]}"; do
+              docker_tag_args="$docker_tag_args -t $<<parameters.account-url>>/<<parameters.repo>>:$tag"
+            done
+
+            docker build \
+              <<#parameters.extra-build-args>><<parameters.extra-build-args>><</parameters.extra-build-args>> \
+              -f <<parameters.path>>/<<parameters.dockerfile>> \
+              $docker_tag_args \
+              <<parameters.path>>
+
+      - run:
+          name: Push image to Amazon ECR
+          command: |
+            IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>"
+            for tag in "${DOCKER_TAGS[@]}"; do
+              docker push $<<parameters.account-url>>/<<parameters.repo>>:${tag}
+            done
 
 workflows:
   version: 2.1
@@ -537,3 +646,8 @@ workflows:
             tags:
               only:
                 - /^v\d+\.\d+\.\d+$/
+      - build-and-push-image:
+          dockerfile: Dockerfile.lotus
+          path: .
+          repo: lotus-dev
+          tag: '${CIRCLE_SHA1:0:8}'
diff --git a/Dockerfile.lotus b/Dockerfile.lotus
new file mode 100644
index 000000000..43d8fbc23
--- /dev/null
+++ b/Dockerfile.lotus
@@ -0,0 +1,74 @@
+FROM golang:1.15.6 AS builder-deps
+MAINTAINER Lotus Development Team
+
+RUN apt-get update && apt-get install -y ca-certificates build-essential clang ocl-icd-opencl-dev ocl-icd-libopencl1 jq libhwloc-dev
+
+ARG RUST_VERSION=nightly
+ENV XDG_CACHE_HOME="/tmp"
+
+ENV RUSTUP_HOME=/usr/local/rustup \
+    CARGO_HOME=/usr/local/cargo \
+    PATH=/usr/local/cargo/bin:$PATH
+
+RUN wget "https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init"; \
+    chmod +x rustup-init; \
+    ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION; \
+    rm rustup-init; \
+    chmod -R a+w $RUSTUP_HOME $CARGO_HOME; \
+    rustup --version; \
+    cargo --version; \
+    rustc --version;
+
+
+FROM builder-deps AS builder-local
+MAINTAINER Lotus Development Team
+
+COPY ./ /opt/filecoin
+WORKDIR /opt/filecoin
+RUN make clean deps
+
+
+FROM builder-local AS builder
+MAINTAINER Lotus Development Team
+
+WORKDIR /opt/filecoin
+
+ARG RUSTFLAGS=""
+ARG GOFLAGS=""
+
+RUN make deps lotus lotus-miner lotus-worker lotus-shed lotus-chainwatch lotus-stats
+
+
+FROM ubuntu:20.04 AS base
+MAINTAINER Lotus Development Team
+
+# Base resources
+COPY --from=builder /etc/ssl/certs                           /etc/ssl/certs
+COPY --from=builder /lib/x86_64-linux-gnu/libdl.so.2         /lib/
+COPY --from=builder /lib/x86_64-linux-gnu/librt.so.1         /lib/
+COPY --from=builder /lib/x86_64-linux-gnu/libgcc_s.so.1      /lib/
+COPY --from=builder /lib/x86_64-linux-gnu/libutil.so.1       /lib/
+COPY --from=builder /usr/lib/x86_64-linux-gnu/libltdl.so.7   /lib/
+COPY --from=builder /usr/lib/x86_64-linux-gnu/libnuma.so.1   /lib/
+COPY --from=builder /usr/lib/x86_64-linux-gnu/libhwloc.so.5  /lib/
+COPY --from=builder /usr/lib/x86_64-linux-gnu/libOpenCL.so.1 /lib/
+
+RUN useradd -r -u 532 -U fc
+
+
+FROM base AS lotus
+MAINTAINER Lotus Development Team
+
+COPY --from=builder /opt/filecoin/lotus      /usr/local/bin/
+COPY --from=builder /opt/filecoin/lotus-shed /usr/local/bin/
+
+ENV FILECOIN_PARAMETER_CACHE /var/tmp/filecoin-proof-parameters
+ENV LOTUS_PATH /var/lib/lotus
+
+RUN mkdir /var/lib/lotus /var/tmp/filecoin-proof-parameters && chown fc /var/lib/lotus /var/tmp/filecoin-proof-parameters
+
+USER fc
+
+ENTRYPOINT ["/usr/local/bin/lotus"]
+
+CMD ["-help"]