diff --git a/.github/scripts/prepare b/.github/scripts/prepare
new file mode 100644
index 0000000..61b76d3
--- /dev/null
+++ b/.github/scripts/prepare
@@ -0,0 +1,5 @@
+#!/bin/sh
+# perform minimal preparation and run ansible
+export DOTFILES_USER=$USER
+echo "$USER ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/$DOTFILES_USER > /dev/null
+ansible-playbook $(git rev-parse --show-toplevel)/main.yml
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
new file mode 100644
index 0000000..482985b
--- /dev/null
+++ b/.github/workflows/docker-build.yml
@@ -0,0 +1,20 @@
+name: Docker Build Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build-and-run:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v2
+    - name: Build Docker image
+      run: docker build -t dotfiles .
+    - name: Run Docker container
+      run: docker run --rm dotfiles .github/scripts/prepare
diff --git a/Dockerfile b/Dockerfile
index fa71a39..32543bb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,10 +36,15 @@ COPY . $HOME/git/dotfiles
 WORKDIR $HOME/git/dotfiles
 USER root
 RUN chown -R ansible-user:ansible-user $HOME
+
+# add ansible user to sudoers file for pipelines
+RUN echo "ansible-user ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/ansible-user > /dev/null
+
 USER ansible-user
 RUN echo /.dockerenv
 RUN git config --global --add safe.directory '*'
 # RUN git checkout eerie-fog
 RUN chmod +x dotfiles.sh
+RUN chmod +x .github/scripts/prepare
 
 CMD $HOME/git/dotfiles/dotfiles.sh