diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8dea5a24ff948a9df682018a8b40aec1a57bc712
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,121 @@
+variables:
+  VERAPDF_VERSION: "1.24.1"
+  DOCKERFILE_DEB: "${CI_PROJECT_DIR}/gitlab-ci/Dockerfile_DEB"
+  IMAGE_TARGET_DEB: "${CI_REGISTRY_IMAGE}/debian12_verapdf_build_env"
+
+stages:          # List of stages for jobs, and their order of execution
+  - build-env
+  - local-install
+  - package
+  - install-test
+
+.build-env-job:
+  stage: build-env
+  timeout: 10m
+  tags:
+    - "docker"
+  image:
+    # Use Kaniko base image to build a Docker image to use as the base image for later jobs.
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [""]
+  # Do not run the before_script tasks here, they wouldn't be included in the Docker image. Instead, provide an empty list of tasks.
+  before_script: []
+  # docu: https://docs.gitlab.com/ee/ci/docker/using_kaniko.html, this is basically copy-pasted from there
+  script:
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
+    # In this task, Kaniko executor is called to build the Image based on the Dockerfile provided with "--dockerfile".
+    - echo "CI_PROJECT_DIR=${CI_PROJECT_DIR}"
+    - >-
+      /kaniko/executor
+      --context "${CI_PROJECT_DIR}"
+      --dockerfile "${DOCKERFILE}"
+      --destination "${IMAGE_TARGET}:latest"
+      --build-arg "GITDIR=${CI_PROJECT_DIR}"
+      --cache=true
+      --cache-repo=${CI_REGISTRY_IMAGE}
+      --cache-copy-layers=true
+      --snapshotMode=redo
+      --use-new-run
+      --ignore-var-run
+
+build-debian-env-job:
+  extends: .build-env-job
+  variables:
+    DOCKERFILE: ${DOCKERFILE_DEB}
+    IMAGE_TARGET: ${IMAGE_TARGET_DEB}
+
+local-install-debian-job:   # This job runs in the test stage.
+  stage: local-install    # It only starts when the job in the build stage completes successfully.
+  timeout: 5m
+  tags:
+    - "docker"
+  image:
+    name: "${IMAGE_TARGET_DEB}:latest"
+  variables:
+    INSTALL_PATH_DEB: "/usr/local/verapdf"
+  script:
+    # download zipped verapdf installer
+    # HINT: https://software.verapdf.org/rel/1.24/verapdf-greenfield-1.24.1-installer.zip
+    - VERAPDF_VERSION_WITHOUT_PATCHLEVEL="$(echo ${VERAPDF_VERSION} | sed 's#^\([0-9]*\.[0-9]*\).*#\1#g')"
+    - ZIPPED_VERAPDF_INSTALLER_URL="https://software.verapdf.org/rel/${VERAPDF_VERSION_WITHOUT_PATCHLEVEL}/verapdf-greenfield-${VERAPDF_VERSION}-installer.zip"
+    - wget "${ZIPPED_VERAPDF_INSTALLER_URL}"
+    # unpack installer
+    - unzip verapdf-greenfield-${VERAPDF_VERSION}-installer.zip
+    # set absolute file path to xml template for automated install
+    # HINT: /builds/digital-preservation/verapdf_package_build/verapdf-greenfield-1.24.1
+    - VERAPDF_UNZIP_DIR="$(pwd)verapdf-greenfield-${VERAPDF_VERSION}"
+    - AUTO_INSTALL_XML_PATH="${VERAPDF_UNZIP_DIR}/auto-install.DEB.xml"
+    # set installation path in xml template
+    - sed "s#INSTALL_PATH#${INSTALL_PATH_DEB}#g" gitlab-ci/auto-install.xml > "${AUTO_INSTALL_XML_PATH}"
+    # run headless verapdf installation
+    - "${VERAPDF_UNZIP_DIR}/verapdf-install" "${AUTO_INSTALL_XML_PATH}"
+    # test call verapdf
+    - /usr/local/verapdf/verapdf --version | grep "${VERAPDF_VERSION}"
+
+package-debian-job:
+  stage: package
+  timeout: 5m
+  image:
+    name: "${IMAGE_TARGET_DEB}:latest"
+  tags:
+    - "docker"
+  script:
+    # HINT: current working dir == '/builds/digital-preservation/verapdf_package_build' as root
+    # retrieve version infos
+    - REVISION="1"
+    - BRANCH="$(([ -z "${CI_COMMIT_BRANCH}" ] && echo ${CI_COMMIT_TAG} || echo ${CI_COMMIT_BRANCH}) | sed "s#[^A-Za-z0-9\.~+-]##g")" # use tag name in tag pipelines, filter characters based on https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-version
+    - VERSION="$(git rev-list HEAD --count)-${BRANCH}"
+    - ARCHITECTURE="all"
+    # create build dir structure
+    - DEB_BUILD_DIR="verapdf_${VERSION}-${REVISION}_${ARCHITECTURE}"
+    - mkdir -p ${DEB_BUILD_DIR}/DEBIAN
+    # copy project files to be packaged
+    - mkdir -p ${DEB_BUILD_DIR}/usr/local/
+    - cp -r /usr/local/verapdf ${DEB_BUILD_DIR}/usr/local/
+    # copy & rename deb control file template
+    - cp gitlab-ci/verapdf.control ${DEB_BUILD_DIR}/DEBIAN/control
+    # set package version
+    - sed -i "s#VERSION_PLACEHOLDER#$VERSION-$REVISION#g" ${DEB_BUILD_DIR}/DEBIAN/control
+    # add checksums
+    - pushd ${DEB_BUILD_DIR}
+    - md5sum $(find * -type f -not -path 'DEBIAN/*') > DEBIAN/md5sums
+    - popd
+    # build binary deb package
+    - dpkg-deb --build --root-owner-group ${DEB_BUILD_DIR}/
+  artifacts:
+    paths:
+      # package name: verapdf_[VERSION]-[REVISION]_[ARCHITECTURE].deb
+      - "*.deb"
+
+test-install-debian-job:
+  stage: test-install
+  timeout: 5m
+  image:
+    # HINT: debian base image to simulate an installation target
+    name: "sdvharbor.slub-dresden.de/replication/debian:bookworm-slim"
+  tags:
+    - "docker"
+  script:
+    - apt install -y ./verapdf*.deb
+    - /usr/local/verapdf/verapdf --version | grep '${VERAPDF_VERSION}'
\ No newline at end of file
diff --git a/gitlab-ci/Dockerfile_DEB b/gitlab-ci/Dockerfile_DEB
new file mode 100644
index 0000000000000000000000000000000000000000..455c3478bfcdfd83cf73c58b6536289c32ffa057
--- /dev/null
+++ b/gitlab-ci/Dockerfile_DEB
@@ -0,0 +1,8 @@
+FROM sdvharbor.slub-dresden.de/replication/debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+    apt-get dist-upgrade -y && \
+    apt-get autoremove -y && \
+    apt-get install -y git coreutils sed default-jre wget unzip && \
+    apt-get autoclean -y
diff --git a/gitlab-ci/auto-install.xml b/gitlab-ci/auto-install.xml
new file mode 100644
index 0000000000000000000000000000000000000000..135b530b71b3f815ec959e59c26bf4d97122ad32
--- /dev/null
+++ b/gitlab-ci/auto-install.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<AutomatedInstallation langpack="eng">
+    <com.izforge.izpack.panels.htmlhello.HTMLHelloPanel id="welcome"/>
+    <com.izforge.izpack.panels.target.TargetPanel id="install_dir">
+	<installpath>INSTALL_PATH</installpath>
+    </com.izforge.izpack.panels.target.TargetPanel>
+    <com.izforge.izpack.panels.packs.PacksPanel id="sdk_pack_select">
+        <pack index="0" name="veraPDF GUI" selected="true"/>
+        <pack index="1" name="veraPDF Mac and *nix Scripts" selected="true"/>
+        <pack index="2" name="veraPDF Validation model" selected="true"/>
+        <pack index="3" name="veraPDF Documentation" selected="true"/>
+        <pack index="4" name="veraPDF Sample Plugins" selected="true"/>
+    </com.izforge.izpack.panels.packs.PacksPanel>
+    <com.izforge.izpack.panels.install.InstallPanel id="install"/>
+    <com.izforge.izpack.panels.finish.FinishPanel id="finish"/>
+</AutomatedInstallation>
diff --git a/gitlab-ci/verapdf.control b/gitlab-ci/verapdf.control
new file mode 100644
index 0000000000000000000000000000000000000000..fe667555341133b64026bd142e94521229124a86
--- /dev/null
+++ b/gitlab-ci/verapdf.control
@@ -0,0 +1,9 @@
+Package: verapdf
+Version: VERSION_PLACEHOLDER
+Architecture: all
+Maintainer: SLUBArchiv.digital <langzeitarchiv@slub-dresden.de>
+Description: veraPDF is a purpose-built, open source, file-format validator covering all PDF/A and PDF/UA parts and conformance levels.
+Homepage: https://git.slub-dresden.de/digital-preservation/verapdf_package_build
+Section: main
+Priority: optional
+Depends: default-jre