diff --git a/.dockerignore b/.dockerignore
index 04ae4fb..ca9caf8 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,4 @@
 node_modules
 .git
-.next
\ No newline at end of file
+.next
+.env
\ No newline at end of file
diff --git a/.gitea/workflows/publish.yml b/.gitea/workflows/publish.yml
index 48376be..f85dbc0 100644
--- a/.gitea/workflows/publish.yml
+++ b/.gitea/workflows/publish.yml
@@ -32,13 +32,29 @@ jobs:
             [registry."docker.io"]
               mirrors = ["mirror.gcr.io"]            
 
-      - name: Build and push Docker image
-        uses: https://github.com/docker/build-push-action@v6
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          tags: ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1
+      #      - name: Build and push Docker image
+      #        uses: https://github.com/docker/build-push-action@v6
+      #        with:
+      #          context: .
+      #          file: ./Dockerfile
+      #          push: true
+      #          tags: ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1
+
+      - name: Build Docker image
+        run: |
+          DOCKER_BUILDKIT=1 docker build --secret id=SPOTIFY_CLIENT_ID,src=.env \
+          --secret id=SPOTIFY_CLIENT_SECRET,src=.env \
+          --secret id=SPOTIFY_REFRESH_TOKEN,src=.env \
+          --secret id=NEXT_PUBLIC_SITE_URL,src=.env \
+          --secret id=GITHUB_ACCESS_TOKEN,src=.env \
+          --secret id=GITHUB_USERNAME,src=.env \
+          --secret id=GITHUB_CLIENT_ID,src=.env \
+          --secret id=GITHUB_SECRET,src=.env \
+          --secret id=NEXT_PUBLIC_SUPABASE_URL,src=.env \
+          --secret id=NEXT_PUBLIC_SUPABASE_ANON_KEY,src=.env \
+          --secret id=SUPABASE_SERVICE_ROLE_KEY,src=.env \
+          -t ${{secrets.DOCKER_HUB_USERNAME}}/portfolio:v1 \
+          .
 
       - name: Push the Docker image
         run: |
diff --git a/Dockerfile b/Dockerfile
index de7aef4..ef412a1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,6 +6,39 @@ FROM base AS deps
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
+RUN --mount=type=secret,id=SPOTIFY_CLIENT_ID \
+    export SPOTIFY_CLIENT_ID=$(cat /run/secrets/SPOTIFY_CLIENT_ID)
+
+RUN --mount=type=secret,id=SPOTIFY_CLIENT_SECRET \
+    export SPOTIFY_CLIENT_SECRET=$(cat /run/secrets/SPOTIFY_CLIENT_SECRET)
+
+RUN --mount=type=secret,id=SPOTIFY_REFRESH_TOKEN \
+    export SPOTIFY_REFRESH_TOKEN=$(cat /run/secrets/SPOTIFY_REFRESH_TOKEN)
+
+RUN --mount=type=secret,id=NEXT_PUBLIC_SITE_URL \
+    export NEXT_PUBLIC_SITE_URL=$(cat /run/secrets/NEXT_PUBLIC_SITE_URL)
+
+RUN --mount=type=secret,id=GITHUB_ACCESS_TOKEN \
+    export GITHUB_ACCESS_TOKEN=$(cat /run/secrets/GITHUB_ACCESS_TOKEN)
+
+RUN --mount=type=secret,id=GITHUB_USERNAME \
+    export GITHUB_USERNAME=$(cat /run/secrets/GITHUB_USERNAME)
+
+RUN --mount=type=secret,id=GITHUB_CLIENT_ID \
+    export GITHUB_CLIENT_ID=$(cat /run/secrets/GITHUB_CLIENT_ID)
+
+RUN --mount=type=secret,id=GITHUB_SECRET \
+    export GITHUB_SECRET=$(cat /run/secrets/GITHUB_SECRET)
+
+RUN --mount=type=secret,id=NEXT_PUBLIC_SUPABASE_URL \
+    export NEXT_PUBLIC_SUPABASE_URL=$(cat /run/secrets/NEXT_PUBLIC_SUPABASE_URL)
+
+RUN --mount=type=secret,id=NEXT_PUBLIC_SUPABASE_ANON_KEY \
+    export NEXT_PUBLIC_SUPABASE_ANON_KEY=$(cat /run/secrets/NEXT_PUBLIC_SUPABASE_ANON_KEY)
+
+RUN --mount=type=secret,id=SUPABASE_SERVICE_ROLE_KEY \
+    export SUPABASE_SERVICE_ROLE_KEY=$(cat /run/secrets/SUPABASE_SERVICE_ROLE_KEY)
+
 # Install dependencies based on the preferred package manager
 COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
 RUN \