diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cc3d4c1a00517e31d8abec974e5d58c243dc0bd1..45fa69739fdcc64a984fe9bcf3a9eb165eb30eca 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,41 +1,65 @@
-# This file is a template, and might need editing before it works on your project.
-# This is a sample GitLab CI/CD configuration file that should run without any modifications.
-# It demonstrates a basic 3 stage CI/CD pipeline. Instead of real tests or scripts,
-# it uses echo commands to simulate the pipeline execution.
-#
-# A pipeline is composed of independent jobs that run scripts, grouped into stages.
-# Stages run in sequential order, but jobs within stages run in parallel.
-#
-# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
-#
-# You can copy and paste this template into a new `.gitlab-ci.yml` file.
-# You should not add this template to an existing `.gitlab-ci.yml` file by using the `include:` keyword.
-#
-# To contribute improvements to CI/CD templates, please follow the Development guide at:
-# https://docs.gitlab.com/ee/development/cicd/templates.html
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Getting-Started.gitlab-ci.yml
-
-image: sdvharbor.slub-dresden.de/replication/debian:bookworm-slim
-
-before_script:
-  - apt-get update && \
-    apt-get dist-upgrade -y && \
-    apt-get autoremove -y && \
-    apt-get install -y dpkg git sed shellcheck
+variables:
+  DOCKERFILE_DEB: "${CI_PROJECT_DIR}/gitlab-ci/Dockerfile_DEB"
+  IMAGE_TARGET_DEB: "${CI_REGISTRY_IMAGE}/debian12_validate_workflows_build_env"
 
 stages:          # List of stages for jobs, and their order of execution
+  - build
   - test
   - packaging
 
-test-job:   # This job runs in the test stage.
+.build-env-job:
+  stage: build
+  timeout: 10m
+  tags:
+    - "docker"
+  image:
+    # Use Kaniko base image to build a Docker image to use as the base image for later jobs.
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
+  # Do not run the before_script tasks here, they wouldn't be included in the Docker image. Instead, provide an empty list of tasks.
+  before_script: []
+  # docu: https://docs.gitlab.com/ee/ci/docker/using_kaniko.html, this is basically copy-pasted from there
+  script:
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
+    # In this task, Kaniko executor is called to build the Image based on the Dockerfile provided with "--dockerfile".
+    - echo "CI_PROJECT_DIR=${CI_PROJECT_DIR}"
+    - >-
+      /kaniko/executor
+      --context "${CI_PROJECT_DIR}"
+      --dockerfile "${DOCKERFILE}"
+      --destination "${IMAGE_TARGET}:latest"
+      --build-arg "GITDIR=${CI_PROJECT_DIR}"
+      --cache=true
+      --cache-repo=${CI_REGISTRY_IMAGE}
+      --cache-copy-layers=true
+      --snapshotMode=redo
+      --use-new-run
+      --ignore-var-run
+
+build-deb-env-job:
+  extends: .build-env-job
+  variables:
+    DOCKERFILE: ${DOCKERFILE_DEB}
+    IMAGE_TARGET: ${IMAGE_TARGET_DEB}
+
+test-in-debian-job:   # This job runs in the test stage.
   stage: test    # It only starts when the job in the build stage completes successfully.
+  timeout: 5m
+  tags:
+    - "docker"
+  image:
+    name: "${IMAGE_TARGET_DEB}:latest"
   script:
     - shellcheck --color=always --shell=bash --enable=all --exclude=SC2317 "validate_workflow.sh"
 
-packaging-job:
+packaging-deb-job:
   stage: packaging
   timeout: 5m
+  image:
+    name: "${IMAGE_TARGET_DEB}:latest"
+  tags:
+    - "docker"
   script:
     # HINT: current working dir == '/builds/digital-preservation/validate_workflows' as root
     # retrieve version infos
diff --git a/gitlab-ci/Dockerfile_DEB b/gitlab-ci/Dockerfile_DEB
new file mode 100644
index 0000000000000000000000000000000000000000..feeddc417cbfee41acaf33110be5cdb8d1db4ee8
--- /dev/null
+++ b/gitlab-ci/Dockerfile_DEB
@@ -0,0 +1,8 @@
+FROM sdvharbor.slub-dresden.de/replication/debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+    apt-get dist-upgrade -y && \
+    apt-get autoremove -y && \
+    apt-get install -y dpkg git sed spellcheck && \
+    apt-get autoclean -y