diff --git a/ci/container/external/registry-image-resource/vars.yml b/ci/container/external/registry-image-resource/vars.yml
index 1846ad9..c96feb0 100644
--- a/ci/container/external/registry-image-resource/vars.yml
+++ b/ci/container/external/registry-image-resource/vars.yml
@@ -1,11 +1,12 @@
 base-image: ubuntu-hardened
 base-image-tag: "latest"
 image-repository: registry-image-resource
-oci-build-params: {}
+oci-build-params:
+  DOCKERFILE: common-dockerfiles/container/dockerfiles/registry-image-resource/Dockerfile
 src-source:
   uri: https://github.com/concourse/registry-image-resource
   branch: master
   # Since src is a repo outside the cloud-gov org, don't verify commits.
 common-pipelines-trigger: false
-dockerfile-path: []
-dockerfile-trigger: false
+dockerfile-path: ["container/dockerfiles/registry-image-resource/Dockerfile"]
+dockerfile-trigger: true
diff --git a/container/dockerfiles/registry-image-resource/Dockerfile b/container/dockerfiles/registry-image-resource/Dockerfile
new file mode 100644
index 0000000..7aa972e
--- /dev/null
+++ b/container/dockerfiles/registry-image-resource/Dockerfile
@@ -0,0 +1,53 @@
+ARG base_image
+ARG builder_image=concourse/golang-builder
+
+FROM ${builder_image} as builder
+WORKDIR /src
+
+COPY go.mod .
+COPY go.sum .
+RUN go mod download
+
+COPY . .
+ENV CGO_ENABLED=0
+ENV AWS_USE_FIPS_ENDPOINT=true
+RUN go build -o /assets/in ./cmd/in
+RUN go build -o /assets/out ./cmd/out
+RUN go build -o /assets/check ./cmd/check
+RUN set -e; for pkg in $(go list ./...); do \
+  go test -o "/tests/$(basename $pkg).test" -c $pkg; \
+  done
+
+FROM ${base_image} AS resource
+USER root
+ENV DEBIAN_FRONTEND=noninteractive
+ENV AWS_USE_FIPS_ENDPOINT=true
+RUN apt update && apt upgrade -y -o Dpkg::Options::="--force-confdef"
+RUN apt update \
+  && apt install -y --no-install-recommends \
+  tzdata \
+  ca-certificates \
+  unzip \
+  zip \
+  && rm -rf /var/lib/apt/lists/*
+COPY --from=builder assets/ /opt/resource/
+RUN chmod +x /opt/resource/*
+
+FROM resource AS tests
+COPY --from=builder /tests /tests
+ADD . /docker-image-resource
+ARG DOCKER_PRIVATE_USERNAME
+ARG DOCKER_PRIVATE_PASSWORD
+ARG DOCKER_PRIVATE_REPO
+ARG DOCKER_PUSH_USERNAME
+ARG DOCKER_PUSH_PASSWORD
+ARG DOCKER_PUSH_REPO
+ARG GCR_PUSH_SERVICE_ACCOUNT_KEY
+ARG GCR_PUSH_REPO
+ENV AWS_USE_FIPS_ENDPOINT=true
+RUN set -e; for test in /tests/*.test; do \
+  $test -ginkgo.v; \
+  done
+
+FROM resource
+ENV AWS_USE_FIPS_ENDPOINT=true