diff --git a/.github/docker/Dockerfile b/.github/docker/Dockerfile
new file mode 100644
index 00000000000..ab9fb88363a
--- /dev/null
+++ b/.github/docker/Dockerfile
@@ -0,0 +1,6 @@
+# Note that this image is used only to publish HAPI-FHIR. this is published at `smilecdr/hapi-build`
+# Start from the maven image
+FROM maven:3.9-eclipse-temurin-21-jammy
+
+# Install gpg
+RUN apt-get update && apt-get install -y gpg
diff --git a/snapshot-pipeline.yml b/snapshot-pipeline.yml
index b0d3deaf069..5c38ac7d569 100644
--- a/snapshot-pipeline.yml
+++ b/snapshot-pipeline.yml
@@ -12,7 +12,7 @@ schedules:
 pr: none
 trigger: none
 
-# We'll run the process on the latest version of unbuntu because they tend to be the fastest
+# We'll run the process on the latest version of ubuntu because they tend to be the fastest
 pool:
   vmImage: 'ubuntu-latest'
 
@@ -24,7 +24,9 @@ variables:
 - group: GPG_VARIABLE_GROUP
 - group: SONATYPE_VARIABLE_GROUP
 
-container: maven:3.9-eclipse-temurin-21-jammy
+container:
+    image: smilecdr/hapi-build:latest
+
 steps:
 
   # We need a valid signing key to sign our builds for deployment to sonatype. We have uploaded
@@ -44,11 +46,8 @@ steps:
 
   # Although we have imported the key files into our workspace, GPG has no knowledge that these keys exist.
   # We use a bash script to import both the private and puablic keys into gpg for future signing.
-
   # 3. Import keys into gpg
   - bash: |
-      sudo apt update
-      sudo apt install -y gpg
       gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
       gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
       gpg --list-keys --keyid-format LONG