diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..35fd269
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,45 @@
+stages:
+  - build
+
+variables:
+  DOCKER_TLS_CERTDIR: "/certs"
+  DOCKER_DRIVER: overlay2
+  IMAGE: "$CI_REGISTRY_IMAGE"
+
+build_and_push_image:
+  stage: build
+  image: docker:27
+  services:
+    - name: docker:27-dind
+      command: ["--mtu=1460"]
+  rules:
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH
+  before_script:
+    - docker info
+    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+  script:
+    - docker build --pull -t "$IMAGE:sha-$CI_COMMIT_SHORT_SHA" .
+    - docker push "$IMAGE:sha-$CI_COMMIT_SHORT_SHA"
+
+    # Tag/push "latest" only on default branch
+    - |
+      if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
+        docker tag "$IMAGE:sha-$CI_COMMIT_SHORT_SHA" "$IMAGE:latest"
+        docker push "$IMAGE:latest"
+      fi
+
+    # If this pipeline runs on a Git tag, also push the tag name as an image tag
+    - |
+      if [ -n "$CI_COMMIT_TAG" ]; then
+        docker tag "$IMAGE:sha-$CI_COMMIT_SHORT_SHA" "$IMAGE:$CI_COMMIT_TAG"
+        docker push "$IMAGE:$CI_COMMIT_TAG"
+      fi
+
+    # Optional: export image as GitLab job artifact (tarball)
+    - docker save "$IMAGE:sha-$CI_COMMIT_SHORT_SHA" -o image.tar
+  artifacts:
+    when: always
+    expire_in: 7 days
+    paths:
+      - image.tar
\ No newline at end of file