diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..306cb8c
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,103 @@
+stages:
+  - compiling
+#  - assembling
+#  - testing
+#  - signing
+#  - packaging
+#  - publishing
+
+image: ubuntu:20.04
+
+Compile:
+  stage: compiling
+  script:
+    - npm install
+    - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then npm run build:prod ; fi
+    - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then npm run build:nightly ; fi
+  artifacts:
+    paths:
+      - ./src/js/Static/*
+      - ./src/l10n/*
+      - ./src/css/*
+
+Assemble:
+  stage: assembling
+  script:
+    - mkdir passwords
+    - if [ "${CI_COMMIT_REF_NAME}" == "stable" ] ; then sed -i -e "s/-BUILD//g" ./src/appinfo/info.xml ; fi
+    - if [ "${CI_COMMIT_REF_NAME}" != "stable" ] ; then sed -i -e "s/-BUILD/-build${CI_PIPELINE_ID}/g" ./src/appinfo/info.xml ; fi
+    - rsync -r --exclude="vue" --exclude="js" --exclude="scss" src/* passwords
+    - rsync -r src/js/Static passwords/js/
+    - cp CHANGELOG.md passwords/
+  artifacts:
+    paths:
+      - ./passwords
+
+PHPUnit:
+  stage: testing
+  script:
+    - npm run phpunit
+  artifacts:
+    paths:
+      - ./passwords
+
+Sign:
+  stage: signing
+  script:
+    - echo "-----BEGIN PRIVATE KEY-----" > sign.key
+    - echo $SIGN_KEY | tr " " "\n" >> sign.key
+    - echo "-----END PRIVATE KEY-----" >> sign.key
+    - echo "-----BEGIN CERTIFICATE-----" > sign.crt
+    - echo $SIGN_CRT | tr " " "\n" >> sign.crt
+    - echo "-----END CERTIFICATE-----" >> sign.crt
+    - /usr/src/nextcloud/occ integrity:sign-app --path=$(pwd)/passwords --privateKey=$(pwd)/sign.key --certificate=$(pwd)/sign.crt
+    - rm sign.key sign.crt
+  artifacts:
+    paths:
+      - ./passwords
+  only:
+    - testing
+    - stable
+
+Pack:
+  stage: packaging
+  script:
+    - tar -zcf passwords.tar.gz passwords
+    - echo "export JOB_ID=\"${CI_JOB_ID}\"" > job.id
+  artifacts:
+    paths:
+      - ./passwords.tar.gz
+      - job.id
+  only:
+  - testing
+  - stable
+
+Publish Nightly:
+  stage: publishing
+  script:
+    - source job.id
+    - echo "-----BEGIN PRIVATE KEY-----" > sign.key
+    - echo $SIGN_KEY | tr " " "\n" >> sign.key
+    - echo "-----END PRIVATE KEY-----" >> sign.key
+    - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n")
+    - rm sign.key
+    - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":true}"'
+  environment:
+    name: Testing
+  only:
+  - testing
+
+Publish Stable:
+  stage: publishing
+  script:
+    - source job.id
+    - echo "-----BEGIN PRIVATE KEY-----" > sign.key
+    - echo $SIGN_KEY | tr " " "\n" >> sign.key
+    - echo "-----END PRIVATE KEY-----" >> sign.key
+    - SIGNATURE=$(openssl dgst -sha512 -sign ./sign.key ./passwords.tar.gz | openssl base64 | tr -d "\n")
+    - rm sign.key
+    - 'curl -f -X POST ${API_URL} -H "Authorization: Token ${API_TOKEN}" -H "Content-Type: application/json" -d "{\"download\":\"${CI_PROJECT_URL}/-/jobs/${JOB_ID}/artifacts/raw/passwords.tar.gz\",\"signature\":\"${SIGNATURE}\",\"nightly\":false}"'
+  environment:
+    name: Stable
+  only:
+  - stable