diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9a725acfa098d238900e5c6f0a96044e277c0a9f
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,38 @@
+workflow:
+  rules:
+    - changes:
+      - "*.tf"
+      - "*.yml"
+
+stages:
+  - validate
+  - plan
+  - apply
+
+validate:
+  stage:
+    validate
+  before_script:
+    - mkdir -p /services/wheel-runner/data/member-vm-automation
+    - tofu init
+  script:
+    - tofu validate
+
+plan:
+  stage:
+    plan
+  before_script:
+    - tofu init
+  script:
+    - tofu plan -state /services/wheel-runner/data/member-vm-automation/terraform.tfstate -out /services/wheel-runner/data/member-vm-automation/tf-$CI_PIPELINE_IID.plan
+
+apply:
+  stage:
+    apply
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "main"'
+      when: manual
+  before_script:
+    - tofu init
+  script:
+    - tofu apply -state /services/wheel-runner/data/member-vm-automation/terraform.tfstate /services/wheel-runner/data/member-vm-automation/tf-$CI_PIPELINE_IID.plan