diff --git a/Dockerfile b/Dockerfile
index 8fa37f20..a345adb1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,2 +1,73 @@
-FROM ubuntu:22.04
-RUN apt-get update && apt-get install -y curl
\ No newline at end of file
+# syntax=docker/dockerfile:1
+
+# Base stage with common settings
+FROM heroku/heroku:22 AS base
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Trust Heroku's PostgreSQL repository and update GPG keys
+RUN apt-get update && apt-get install -y ca-certificates gnupg curl \
+    && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - \
+    && curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+    && apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0xB1998361219BD9C9 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install common dependencies
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    openjdk-11-jdk-headless \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Full variant with Node.js and CLI
+FROM base AS full
+ARG SF_CLI_VERSION
+ARG NODE_VERSION
+ARG NODE_CHECKSUM
+
+# Set Node.js architecture and download appropriate version
+RUN case "$(dpkg --print-architecture)" in \
+    'amd64') NODE_ARCH='x64' ;; \
+    'arm64') NODE_ARCH='arm64' ;; \
+    *) echo "Unsupported architecture" && exit 1 ;; \
+    esac \
+    && echo "${NODE_CHECKSUM}  ./nodejs.tar.gz" > node-file-lock.sha \
+    && curl -s -o nodejs.tar.gz "https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-${NODE_ARCH}.tar.gz" \
+    && sha256sum --check node-file-lock.sha \
+    && mkdir -p /usr/local/lib/nodejs \
+    && tar xf nodejs.tar.gz -C /usr/local/lib/nodejs/ --strip-components 1 \
+    && rm nodejs.tar.gz node-file-lock.sha
+
+ENV PATH=/usr/local/lib/nodejs/bin:$PATH
+
+# Install jq and Salesforce CLI
+RUN apt-get update && apt-get install -y jq \
+    && npm install --global @salesforce/cli@${SF_CLI_VERSION} \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Slim variant with bundled CLI
+FROM base AS slim
+ARG DOWNLOAD_URL
+
+# Download and install platform-specific CLI bundle
+RUN case "$(dpkg --print-architecture)" in \
+    'amd64') ARCH_SUFFIX='-x64' ;; \
+    'arm64') ARCH_SUFFIX='-arm64' ;; \
+    *) echo "Unsupported architecture" && exit 1 ;; \
+    esac \
+    && curl -s "${DOWNLOAD_URL%x64}${ARCH_SUFFIX}.tar.xz" --output sf-linux.tar.xz \
+    && mkdir -p /usr/local/sf \
+    && tar xJf sf-linux.tar.xz -C /usr/local/sf --strip-components 1 \
+    && rm sf-linux.tar.xz
+
+ENV PATH="/usr/local/sf/bin:$PATH"
+
+# Common environment variables
+ENV SF_CONTAINER_MODE=true \
+    SFDX_CONTAINER_MODE=true \
+    DEBIAN_FRONTEND=dialog \
+    SHELL=/bin/bash
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD sf --version >/dev/null 2>&1
\ No newline at end of file