diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..5d7a3b5
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,48 @@
+stages:
+  - publish
+  - deploy
+
+variables:
+  REGISTRY: registry.gitlab.com/$CI_PROJECT_PATH
+
+.deploy_setup: &deploy_setup
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client
+    - eval $(ssh-agent -s)
+    - echo "$VPS_SSH_KEY" | ssh-add -
+    - mkdir -p ~/.ssh
+    - echo "$VPS_HOST_KEY" >> ~/.ssh/known_hosts
+
+publish:
+  stage: publish
+  image: docker:27
+  services:
+    - docker:27-dind
+  variables:
+    DOCKER_TLS_CERTDIR: ""
+  before_script:
+    - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
+  script:
+    - docker build -t $REGISTRY:${CI_COMMIT_SHORT_SHA} -t $REGISTRY:latest .
+    - docker push $REGISTRY:${CI_COMMIT_SHORT_SHA}
+    - docker push $REGISTRY:latest
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+
+deploy:
+  <<: *deploy_setup
+  stage: deploy
+  needs: [publish]
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+  script:
+    - |
+      ssh $VPS_USER@$VPS_HOST << ENDSSH
+        set -e
+        echo "$CI_REGISTRY_PASSWORD" | docker login registry.gitlab.com -u "$CI_REGISTRY_USER" --password-stdin
+        cd /opt/services
+        docker compose -f docker-compose.yml -f docker-compose.prod.yml pull audio-foreign
+        docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d audio-foreign
+        docker image prune -af
+      ENDSSH