diff --git a/.actrc b/.actrc
new file mode 100644
index 0000000..a999e8b
--- /dev/null
+++ b/.actrc
@@ -0,0 +1,4 @@
+-P ubuntu-latest=catthehacker/ubuntu:act-latest
+-P ubuntu-20.04=catthehacker/ubuntu:act-20.04
+-P ubuntu-18.04=catthehacker/ubuntu:act-18.04
+ubuntu-16.04=catthehacker/ubuntu:act-16.04
\ No newline at end of file
diff --git a/.aliases b/.aliases
index 9f5d9a9..9e48a12 100644
--- a/.aliases
+++ b/.aliases
@@ -7,6 +7,7 @@ alias rm='rm -i -v'
 alias cp='cp -v'
 alias mkdir='mkdir -p -v'
 alias emacs='emacs -nw'
+alias act='act --env-file="$HOME/.config/act/.env"'
 
 # single letter shortcuts to core commands
 alias a=''
diff --git a/.circleci/config.yml b/.circleci/config.yml
deleted file mode 100644
index 56650c0..0000000
--- a/.circleci/config.yml
+++ /dev/null
@@ -1,86 +0,0 @@
-version: 2.1
-
-jobs:
-  linting:
-    docker:
-      - image: koalaman/shellcheck-alpine:latest
-    steps:
-      - checkout
-      - run:
-          name: "Run Shellcheck"
-          # TODO(#35): fix bogus shellcheck errors on Circle CI
-          command: find . -type f -name '*.sh' | xargs shellcheck --external-sources --exclude=SC1091,SC2086
-
-  deploy_staging:
-    docker:
-      - image: meatwallace/alpine-zeit-now:latest
-    environment:
-      NOW_TARGET: staging
-    steps:
-      - checkout
-      - run:
-          name: "Deploy to Staging"
-          command: "./scripts/deploy.sh"
-          no_output_timeout: 30m
-
-  build_alpine:
-    docker:
-      - image: docker:latest
-    steps:
-      - checkout
-      - setup_remote_docker
-      - run:
-          name: "Build Dockerfile"
-          command: |
-            apk add --no-cache git >/dev/null 2>&1
-            cd ./scripts/alpine
-            GIT_BRANCH=$CIRCLE_BRANCH GIT_COMMIT_SHA1=$CIRCLE_SHA1 ./build.sh
-          no_output_timeout: 30m
-
-  build_arch:
-    docker:
-      - image: docker:latest
-    steps:
-      - checkout
-      - setup_remote_docker
-      - run:
-          name: "Build Dockerfile"
-          command: |
-            apk add --no-cache git >/dev/null 2>&1
-            cd ./scripts/arch
-            GIT_BRANCH=$CIRCLE_BRANCH GIT_COMMIT_SHA1=$CIRCLE_SHA1 ./build.sh
-          no_output_timeout: 30m
-
-  deploy_production:
-    docker:
-      - image: meatwallace/alpine-zeit-now:latest
-    environment:
-      NOW_TARGET: production
-    steps:
-      - checkout
-      - run:
-          name: "Deploy to Production"
-          command: "./scripts/deploy.sh"
-
-workflows:
-  version: 2
-  lint_stage_then_build_then_deploy:
-    jobs:
-      - linting
-      - deploy_staging
-      - build_alpine:
-          requires:
-            - linting
-            - deploy_staging
-      - build_arch:
-          requires:
-            - linting
-            - deploy_staging
-      - deploy_production:
-          requires:
-            - build_alpine
-            - build_arch
-          filters:
-            branches:
-              only: master
-
diff --git a/.config/act/.env b/.config/act/.env
new file mode 100644
index 0000000..e69de29
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..5efb761
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,66 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    container: "koalaman/shellcheck-alpine:latest"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Run Shellcheck
+        # TODO(#35): fix bogus shellcheck errors in Github Actions
+        run: |
+          find . -type f -name '*.sh' | xargs shellcheck --external-sources --exclude=SC1091,SC2086
+
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro: [alpine, arch]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Generate image tags
+        id: generate_image_tags
+        run: |
+          IMAGE_TAG_BASE="meatwallace/meatbox-${{ matrix.distro }}"
+
+          if [[ "${{ github.ref}}" = refs/heads/master ]]; then
+            TAGS="${IMAGE_TAG_BASE}:latest,"
+          fi
+
+          TAGS="$TAGS${IMAGE_TAG_BASE}:${{ github.sha }}"
+
+          echo "::set-output name=tags::${TAGS}"
+
+      - name: Log in to Dockerhub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build container image
+        uses: docker/build-push-action@v2
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          file: ./scripts/${{ matrix.distro }}/Dockerfile
+          build-args: |
+            MEATBOX_USER: meatwallace
+            MEATBOX_PASSWORD: meatword
+            MEATBOX_CHECKOUT_SHA1: ${{ github.sha }}
+          tags: ${{ steps.generate_image_tags.outputs.tags }}
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/README.md b/README.md
index f075003..e91dae8 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # dotfiles
 
-[![CircleCI](https://circleci.com/gh/meatwallace/dotfiles/tree/master.svg?style=svg)](https://circleci.com/gh/meatwallace/dotfiles/tree/master)
+![Github Actions CI workflow status](https://github.com/meatwallace/dotfiles/actions/workflows/ci.yml/badge.svg?branch=master)
 
 > **!!! READ ME !!!**
 > there's currently a lot of outstanding issues with just about everything in
diff --git a/scripts/alpine/Dockerfile b/scripts/alpine/Dockerfile
index 8ae9f62..d36a19c 100644
--- a/scripts/alpine/Dockerfile
+++ b/scripts/alpine/Dockerfile
@@ -59,9 +59,8 @@ RUN \
     sqlite-dev \
     unzip \
     zlib-dev >/dev/null && \
-  # run our system setup script from our staging alias
-  curl "https://meatbox.meatwallace.now.sh" | MEATBOX_CHECKOUT_SHA1="${MEATBOX_CHECKOUT_SHA1}" bash && \
-  . "$HOME/.bashrc" && \
+  # run our system setup scripts
+  export PATH="$HOME/bin:$PATH" && \
   meatbox bootstrap && \
   . "$HOME/.bashrc" && \
   meatbox setup && \
diff --git a/scripts/alpine/build.sh b/scripts/alpine/build.sh
deleted file mode 100755
index c2d2de4..0000000
--- a/scripts/alpine/build.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-set -e
-
-GIT_BRANCH=${GIT_BRANCH:-$(git rev-parse --abbrev-ref HEAD)}
-GIT_COMMIT_SHA1=${GIT_COMMIT_SHA1:-$(git rev-parse HEAD)}
-
-MEATBOX_USER=${MEATBOX_USER:-meatwallace}
-MEATBOX_PASSWORD=${MEATBOX_PASSWORD:-meatword}
-
-DOCKER_NAMESPACE=${DOCKER_USER:-meatwallace}
-DOCKER_IMAGE_NAME=${DOCKER_IMAGE_NAME:-meatbox-alpine}
-DOCKER_IMAGE_VERSION=${GIT_COMMIT_SHA1:-development}
-DOCKER_IMAGE_TAG_COMMIT="$DOCKER_NAMESPACE/$DOCKER_IMAGE_NAME:$DOCKER_IMAGE_VERSION"
-DOCKER_IMAGE_TAG_LATEST="$DOCKER_NAMESPACE/$DOCKER_IMAGE_NAME:latest"
-
-echo "$DOCKER_PASS" | docker login --username "$DOCKER_USER" --password-stdin
-
-docker build . \
-  --build-arg "MEATBOX_USER=$MEATBOX_USER" \
-  --build-arg "MEATBOX_PASSWORD=$MEATBOX_PASSWORD" \
-  --build-arg "MEATBOX_CHECKOUT_SHA1=$GIT_COMMIT_SHA1" \
-  --tag "$DOCKER_IMAGE_TAG_COMMIT"
-
-docker push "$DOCKER_IMAGE_TAG_COMMIT" >/dev/null
-
-# if we're on master, then push to latest
-if [ "$GIT_BRANCH" = "master" ]; then
-  docker tag "$DOCKER_IMAGE_TAG_COMMIT" "$DOCKER_IMAGE_TAG_LATEST"
-
-  docker push "$DOCKER_IMAGE_TAG_LATEST" >/dev/null
-fi
diff --git a/scripts/arch/Dockerfile b/scripts/arch/Dockerfile
index 200f38c..2c0c0eb 100644
--- a/scripts/arch/Dockerfile
+++ b/scripts/arch/Dockerfile
@@ -1,7 +1,7 @@
-###############################################################################
+##############################################################################
 # meatwallace/meatbox-arch
 ###
-FROM archlinux/base:latest
+FROM archlinux:latest
 
 # specific to antergos setup when using the `base` installation
 ARG USER_SUDOERS_FILE="10-user"
@@ -36,9 +36,7 @@ SHELL ["/bin/bash", "-c"]
 ARG MEATBOX_CHECKOUT_SHA1
 
 RUN \
-  # run our system setup script from our staging alias
-  curl "https://meatbox.meatwallace.now.sh" | MEATBOX_CHECKOUT_SHA1="${MEATBOX_CHECKOUT_SHA1}" bash && \
-  . "$HOME/.bashrc" && \
+  export PATH="$HOME/bin:$PATH" && \
   meatbox bootstrap && \
   . "$HOME/.bashrc" && \
   meatbox setup && \
diff --git a/scripts/arch/Yayfile b/scripts/arch/Yayfile
index d1474a1..263c8d2 100644
--- a/scripts/arch/Yayfile
+++ b/scripts/arch/Yayfile
@@ -139,6 +139,7 @@ veonim
 visual-studio-code-insiders
 
 # dev
+act
 google-cloud-sdk
 watchman
 
diff --git a/scripts/arch/build.sh b/scripts/arch/build.sh
deleted file mode 100755
index 2202623..0000000
--- a/scripts/arch/build.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-set -e
-
-GIT_BRANCH=${GIT_BRANCH:-$(git rev-parse --abbrev-ref HEAD)}
-GIT_COMMIT_SHA1=${GIT_COMMIT_SHA1:-$(git commit rev-parse HEAD)}
-
-MEATBOX_USER=${MEATBOX_USER:-meatwallace}
-MEATBOX_PASSWORD=${MEATBOX_PASSWORD:-meatword}
-
-DOCKER_NAMESPACE=${DOCKER_USER:-meatwallace}
-DOCKER_IMAGE_NAME=${DOCKER_IMAGE_NAME:-meatbox-arch}
-DOCKER_IMAGE_VERSION=${GIT_COMMIT_SHA1:-development}
-DOCKER_IMAGE_TAG_COMMIT="$DOCKER_NAMESPACE/$DOCKER_IMAGE_NAME:$DOCKER_IMAGE_VERSION"
-DOCKER_IMAGE_TAG_LATEST="$DOCKER_NAMESPACE/$DOCKER_IMAGE_NAME:latest"
-
-echo "$DOCKER_PASS" | docker login --username "$DOCKER_USER" --password-stdin
-
-docker build . \
-  --build-arg "MEATBOX_USER=$MEATBOX_USER" \
-  --build-arg "MEATBOX_PASSWORD=$MEATBOX_PASSWORD" \
-  --build-arg "MEATBOX_CHECKOUT_SHA1=$GIT_COMMIT_SHA1" \
-  --tag "$DOCKER_IMAGE_TAG_COMMIT"
-
-docker push "$DOCKER_IMAGE_TAG_COMMIT" >/dev/null
-
-# if we're on master, then push to latest
-if [ "$GIT_BRANCH" = "master" ]; then
-  docker tag "$DOCKER_IMAGE_TAG_COMMIT" "$DOCKER_IMAGE_TAG_LATEST"
-
-  docker push "$DOCKER_IMAGE_TAG_LATEST" >/dev/null
-fi
diff --git a/scripts/darwin/Brewfile b/scripts/darwin/Brewfile
index 27818b0..0058d1a 100644
--- a/scripts/darwin/Brewfile
+++ b/scripts/darwin/Brewfile
@@ -84,6 +84,7 @@ brew 'neovim'
 cask 'visual-studio-code-insiders'
 
 # dev
+brew 'act'
 brew 'watchman'
 # brew 'shellcheck'
 #cask 'google-cloud-sdk'