diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 0000000..85b655b
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,98 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '0 0 * * 1'
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..27865fa
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM public.ecr.aws/lts/ubuntu:24.04_stable
+
+ENV DEBIAN_FRONTEND=noninteractive
+WORKDIR /usr/bulldozer
+
+RUN apt-get update && apt-get install -y python3 python3-pip mktorrent curl libwebp-dev libavif-dev ffmpeg && ln -s $(which python3) /usr/bin/python
+ 
+RUN curl -fsSL https://deb.nodesource.com/setup_23.x -o nodesource_setup.sh && bash nodesource_setup.sh && apt-get install -y nodejs
+
+RUN npm install -g podcast-dl
+
+COPY ./ /usr/bulldozer
+
+RUN pip install --no-cache-dir --break-system-packages -r requirements.txt
+
+CMD ["python", "bulldozer", "--check-config"]
diff --git a/README.md b/README.md
index e3344e7..443daf9 100644
--- a/README.md
+++ b/README.md
@@ -107,6 +107,29 @@ chmod +x bulldozer
 - `--name`: Use <input> as the podcast name.
 - `--match-titles`: Will only keep episodes matching <input> in the feed.
 
+## Running With Docker
+
+Docker should allow you to run bulldozer on mac or without installing all the native dependencies. This is a quick guide assuming you're new to docker. 
+
+To get started, first install [Docker Desktop](https://www.docker.com/products/docker-desktop/)
+
+To run interactively, you'll want to construct a command like this: 
+
+```
+docker run --pull always -it --rm -v ./config.yaml:/usr/bulldozer/config.yaml -v ~/temp_podcasts/:/output/podcasts/ ghcr.io/lewler/bulldozer:main /bin/bash
+```
+Explanation: 
+- [`--pull always`](https://docs.docker.com/reference/cli/docker/container/run/#pull) tries to pull updates to the image. 
+- `-it` and `/bin/bash` in the command drop you into a shell inside the container. This is useful because bulldozer requires interaction. If you leave these off, the default command will validate your config. 
+- [`--rm`](https://docs.docker.com/reference/cli/docker/container/run/#rm) automatically cleans up the container when it exits. This is a good default or docker has a habit of filling up your hard drive.
+- [`-v`](https://docs.docker.com/reference/cli/docker/container/run/#volume) mounts the volume following the pattern `/path/on/your/computer/:/path/on/container/`.
+    - `/path/to/config.yaml:/usr/bulldozer/config.yaml` is required in order to pass your local bulldozer config.
+    - `~/temp_podcasts/:/output/podcasts/` can be whatever you want. Note: the path you specify in your config is the path in the container not the host!
+- `ghcr.io/lewler/bulldozer:main` is the name for the image. `main` will automatically update when new versions are pushed to the main branch on github. The short commit sha should also work as a tag.
+
+For Mac users: You can probably get it to run with `--platform linux/x86_64` in the `docker run` command using docker desktop for mac (I tested it once). 
+
+
 ## Project Structure
 
 - bulldozer: Main script
@@ -153,4 +176,4 @@ Contributions are welcome! Please open an issue or submit a pull request for any
 - [Podchaser API](https://api-docs.podchaser.com/docs/overview) for additional metadata.
 - [Podcastindex API](https://podcastindex.org) for additional metadata.
 - [Podnews](https://podnews.net) for additional metadata.
-- [TinyDB](https://pypi.org/project/tinydb/) for database support.
\ No newline at end of file
+- [TinyDB](https://pypi.org/project/tinydb/) for database support.
diff --git a/bulldozer b/bulldozer
old mode 100644
new mode 100755
index 0d36130..951791d
--- a/bulldozer
+++ b/bulldozer
@@ -3,6 +3,7 @@
 # bulldozer
 import os
 import argparse
+import shutil
 from pathlib import Path
 from classes.dupe_checker import DupeChecker
 from classes.podcast import Podcast
@@ -21,7 +22,7 @@ def main(input, censor_rss, report_only=False, search_term=None, download_only=F
     :param censor_rss: Whether to censor the RSS feed or not
     """
     global config
-    print("· • —– ++ ---| Bulldozer v0.6.4 |--- ++ —– • ·")
+    print("· • —– ++ ---| Bulldozer v0.6.5 |--- ++ —– • ·")
     database_active = config.get("database", {}).get("active", True)
 
     if os.path.isdir(input):
@@ -99,11 +100,11 @@ def main(input, censor_rss, report_only=False, search_term=None, download_only=F
         if ask_to_move and ask_yes_no(f"Would you like to move the folder to {move_folder_path}"):
             move_folder_path = Path(move_folder_path)
             if move_folder_path.exists() and move_folder_path.is_dir():
-                new_folder_path = move_folder_path / folder_path.name
+                new_folder_path = move_folder_path / podcast.folder_path.name
                 if new_folder_path.exists():
                     announce(f"Folder {new_folder_path} already exists, skipping move", "warning")
                 else:
-                    folder_path.rename(new_folder_path)
+                    shutil.move(str(podcast.folder_path), str(new_folder_path))
                     announce(f"Moved folder to {new_folder_path}", "info")
             else:
                 announce(f"Move folder {move_folder_path} does not exist", "error")
diff --git a/classes/utils.py b/classes/utils.py
index 33d23a0..5338682 100644
--- a/classes/utils.py
+++ b/classes/utils.py
@@ -138,14 +138,16 @@ def load_config():
         log("Failed to load base config file.", "error")
         return None
     
-    try:
-        with open(user_config_file, 'r') as user_file:
-            user_config = yaml.safe_load(user_file)
-    except FileNotFoundError:
-        log("'config.yaml' not found, will only use defaults.", "debug")
-        user_config = {}
-
-    deep_merge(base_config, user_config)
+    if user_config_file.exists():
+        try:
+            with open(user_config_file, 'r') as user_file:
+                user_config = yaml.safe_load(user_file)
+        except FileNotFoundError:
+            log("'config.yaml' could not be loaded.", "error")
+            user_config = {}
+
+        deep_merge(base_config, user_config)
+        
     config = base_config
 
     return config