diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..b1fa910fe
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,14 @@
+FROM node:8
+
+RUN curl https://s3.amazonaws.com/cdncliqz/update/ghostery/moab/moab_8319dab > /bin/moab && \
+    chmod +x /bin/moab
+
+ARG UID
+ARG GID
+RUN groupadd jenkins -g $GID \
+ && useradd -ms /bin/bash jenkins -u $UID -g $GID
+
+USER jenkins
+COPY package.json /home/jenkins/
+COPY package-lock.json /home/jenkins/
+RUN cd /home/jenkins/ && npm install
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 000000000..a243e8640
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,143 @@
+
+properties([
+    parameters([
+        booleanParam(name: 'WITH_CLIQZ_MASTER', defaultValue: false, description: 'Builds with latest Cliqz master')
+    ])
+])
+
+node('docker') {
+    stage ('Checkout') {
+        checkout scm
+    }
+
+    def img
+    def artifacts = []
+    def uploadPath = "cdncliqz/update/ghostery/${env.BRANCH_NAME}"
+
+    stage('Build Docker Image') {
+        img = docker.build('ghostery/build', '--build-arg UID=`id -u` --build-arg GID=`id -g` .')
+        // clean workdir
+        sh 'rm -rf build ghostery-*'
+    }
+
+    stage('Build Extension') {
+        img.inside() {
+            withCache {
+                sh 'rm -rf build'
+                if (params.WITH_CLIQZ_MASTER) {
+                    sh 'npm install --save https://s3.amazonaws.com/cdncliqz/update/edge/ghostery/master/latest.tgz'
+                }
+                // make browser-core noisy
+                sh 'sed -i \'s/global.__DEV__/true/1\' node_modules/browser-core/build/core/console.js'
+                withGithubCredentials {
+                    sh 'moab makezip'
+                }
+                // get the name of the firefox build
+                artifacts.add(sh(returnStdout: true, script: 'ls build/ | grep firefox').trim())
+            }
+        }
+    }
+
+    if (env.BRANCH_NAME != 'android_browser') {
+        stage('Package Chrome') {
+            withGithubCredentials {
+                def chromeArtifact = sh(returnStdout: true, script: 'ls build/ | grep chrome').trim().replace('.zip', '')
+                echo "${chromeArtifact}"
+                sh """#!/bin/bash -l
+                    set -x
+                    set -e
+                    rm -rf ${chromeArtifact}/
+                    mkdir -p ${chromeArtifact}
+                    unzip build/${chromeArtifact}.zip -d ${chromeArtifact}
+                    tools/crxmake.sh ${chromeArtifact}/ ~/.ssh/id_rsa
+                    mv ${chromeArtifact}.crx build/
+                    """
+                artifacts.add("${chromeArtifact}.crx")
+            }
+        }
+    }
+
+    stage('Upload Builds') {
+        withS3Credentials {
+            echo "${env.BRANCH_NAME}/${env.BUILD_NUMBER}"
+            def uploadLocation = "s3://${uploadPath}/"
+            currentBuild.description = uploadLocation
+            artifacts.each {
+                sh "aws s3 cp build/${it} ${uploadLocation}  --acl public-read"
+            }
+        }
+    }
+
+    if (env.BRANCH_NAME == 'develop') {
+        stage('Publish Beta') {
+            artifacts.each {
+                if (it.contains('firefox')) {
+                    // firefox artifact (zip) - sign for cliqz_beta
+                    def artifactUrl = "https://s3.amazonaws.com/${uploadPath}/${it}"
+                    build job: 'addon-repack', parameters: [
+                        string(name: 'XPI_URL', value: artifactUrl),
+                        string(name: 'XPI_SIGN_CREDENTIALS', value: '41572f9c-06aa-46f0-9c3b-b7f4f78e9caa'),
+                        string(name: 'XPI_SIGN_REPO_URL', value: 'git@github.com:cliqz/xpi-sign.git'),
+                        string(name: 'CHANNEL', value: 'browser_beta')
+                    ]
+                } else if (it.contains('chrome')) {
+                    withS3Credentials {
+                        // publish chrome builds, also with 'latest' tag
+                        def publishUrl = 's3://cdncliqz/update/ghostery_beta/chrome';
+                        sh "aws s3 cp build/${it} ${publishUrl}/${it} --acl public-read"
+                        sh "aws s3 cp build/${it} ${publishUrl}/latest.crx --acl public-read"
+                    }
+                }
+            }
+        }
+    }
+}
+
+def withCache(Closure body=null) {
+    def cleanCache = {
+        sh 'rm -fr node_modules'
+    }
+
+    try {
+        cleanCache()
+        // Main dependencies
+        sh 'cp -fr /home/jenkins/node_modules .'
+
+        body()
+    } finally {
+        cleanCache()
+    }
+}
+
+def withGithubCredentials(Closure body) {
+    withCredentials([sshUserPrivateKey(
+            credentialsId: '6739a36f-0b19-4f4d-b6e4-b01d0bc2e175',
+            keyFileVariable: 'GHOSTERY_CI_SSH_KEY')
+            ]) {
+        // initialise git+ssh access using ghostery-ci credentials
+        try {
+            sh '''#!/bin/bash -l
+                set -x
+                set -e
+                mkdir -p ~/.ssh
+                cp $GHOSTERY_CI_SSH_KEY ~/.ssh/id_rsa
+                chmod 600 ~/.ssh/id_rsa
+                ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
+            '''
+            body()
+        } finally {
+            sh 'rm -f ~/.ssh/id_rsa'
+            sh 'rm -f ~/.ssh/known_hosts'
+        }
+    }
+}
+
+def withS3Credentials(Closure body) {
+    withCredentials([[
+            $class: 'UsernamePasswordMultiBinding',
+            credentialsId: '06ec4a34-9d01-46df-9ff8-64c79eda8b14',
+            passwordVariable: 'AWS_SECRET_ACCESS_KEY',
+            usernameVariable: 'AWS_ACCESS_KEY_ID']]) {
+        body()
+    }
+}
\ No newline at end of file