diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 232ae7c07c..cbb37bafab 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -12,6 +12,7 @@ on:
         required: false
         type: choice
         options:
+          - auctioneer
           - composer
           - conductor
           - sequencer
@@ -39,6 +40,22 @@ jobs:
   run_checker:
     uses: ./.github/workflows/reusable-run-checker.yml
 
+  auctioneer:
+    needs: run_checker
+    if: needs.run_checker.outputs.run_docker == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'auctioneer')
+    uses: "./.github/workflows/reusable-docker-build.yml"
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+    with:
+      depot-project-id: 1kp2p2bvbr
+      package-name: auctioneer
+      binary-name: auctioneer
+      tag: ${{ inputs.tag }}
+      force: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'auctioneer' }}
+    secrets: inherit
+
   composer:
     needs: run_checker
     if: needs.run_checker.outputs.run_docker == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.target == 'composer')
@@ -296,7 +313,7 @@ jobs:
 
   docker:
     if: ${{ always() && !cancelled() }}
-    needs: [composer, conductor, sequencer, sequencer-relayer, evm-bridge-withdrawer, cli, smoke-test, smoke-cli, ibc-bridge-test, ibc-no-native-asset-test, ibc-timeout-refund]
+    needs: [auctioneer, composer, conductor, sequencer, sequencer-relayer, evm-bridge-withdrawer, cli, smoke-test, smoke-cli, ibc-bridge-test, ibc-no-native-asset-test, ibc-timeout-refund]
     uses: ./.github/workflows/reusable-success.yml
     with:
       success: ${{ !contains(needs.*.result, 'failure') }}
diff --git a/crates/astria-auctioneer/src/auction/mod.rs b/crates/astria-auctioneer/src/auction/mod.rs
index 5f66fce7d8..208a9c862e 100644
--- a/crates/astria-auctioneer/src/auction/mod.rs
+++ b/crates/astria-auctioneer/src/auction/mod.rs
@@ -265,6 +265,7 @@ impl Auction {
             .into_transaction_body(
                 nonce,
                 self.rollup_id,
+                self.sequencer_key.clone(),
                 self.fee_asset_denomination.clone(),
                 self.sequencer_chain_id,
             );
diff --git a/crates/astria-auctioneer/src/bundle/mod.rs b/crates/astria-auctioneer/src/bundle/mod.rs
index a7d9a75d5a..cc77285350 100644
--- a/crates/astria-auctioneer/src/bundle/mod.rs
+++ b/crates/astria-auctioneer/src/bundle/mod.rs
@@ -1,4 +1,8 @@
 use astria_core::{
+    crypto::{
+        Signature,
+        VerificationKey,
+    },
     generated::bundle::v1alpha1::{
         self as raw,
     },
@@ -19,6 +23,8 @@ use bytes::Bytes;
 pub(crate) use client::BundleStream;
 use prost::Message as _;
 
+use crate::sequencer_key::SequencerKey;
+
 mod client;
 
 // TODO: this should probably be moved to astria_core::bundle?
@@ -71,19 +77,18 @@ impl Bundle {
         self,
         nonce: u32,
         rollup_id: RollupId,
+        sequencer_key: SequencerKey,
         fee_asset: asset::Denom,
         chain_id: String,
     ) -> TransactionBody {
-        let data = self.into_raw().encode_to_vec();
-
-        // TODO: sign the bundle data and put it in a `SignedBundle` message or something (need to
-        // update protos for this)
+        let allocation = Allocation::new(self, sequencer_key);
+        let allocation_data = allocation.into_raw().encode_to_vec();
 
         TransactionBody::builder()
             .actions(vec![
                 RollupDataSubmission {
                     rollup_id,
-                    data: data.into(),
+                    data: allocation_data.into(),
                     fee_asset,
                 }
                 .into(),
@@ -106,3 +111,37 @@ impl Bundle {
         self.base_sequencer_block_hash
     }
 }
+
+#[derive(Debug)]
+pub(crate) struct Allocation {
+    signature: Signature,
+    verification_key: VerificationKey,
+    payload: Bundle,
+}
+
+impl Allocation {
+    fn new(bundle: Bundle, sequencer_key: SequencerKey) -> Self {
+        let bundle_data = bundle.clone().into_raw().encode_to_vec();
+        let signature = sequencer_key.signing_key().sign(&bundle_data);
+        let verification_key = sequencer_key.signing_key().verification_key();
+        Self {
+            signature,
+            verification_key,
+            payload: bundle,
+        }
+    }
+
+    fn into_raw(self) -> raw::Allocation {
+        let Self {
+            signature,
+            verification_key,
+            payload,
+        } = self;
+
+        raw::Allocation {
+            signature: Bytes::copy_from_slice(&signature.to_bytes()),
+            public_key: Bytes::copy_from_slice(&verification_key.to_bytes()),
+            payload: Some(payload.into_raw()),
+        }
+    }
+}