diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..44a5881
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,66 @@
+name: Build IPA with Fake Signing
+
+on:
+    push:
+        branches: [main] # Or your default branch
+    workflow_dispatch: # Allows manual triggering
+
+jobs:
+    build:
+        runs-on: macos-latest # Use the latest macOS runner
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v4
+
+            - name: Install ldid
+              run: brew install ldid
+
+            - name: Select Xcode version
+              run: sudo xcode-select -s /Applications/Xcode_16.2.app
+
+            - name: Build Xcode Archive
+              run: |
+                  xcodebuild archive \
+                    -project StosVPN.xcodeproj \
+                    -scheme StosVPN \
+                    -destination 'generic/platform=iOS' \
+                    -archivePath build/StosVPN.xcarchive \
+                    CODE_SIGN_IDENTITY="" \
+                    CODE_SIGNING_REQUIRED=NO \
+                    CODE_SIGNING_ALLOWED=NO
+
+            - name: Create Payload directory
+              run: mkdir -p Payload
+
+            - name: Copy App to Payload
+              run: cp -R build/StosVPN.xcarchive/Products/Applications/StosVPN.app Payload/StosVPN.app
+
+            - name: Find and Sign App Extension
+              run: |
+                  APPEX_PATH=$(find Payload/StosVPN.app/PlugIns -name "*.appex" | head -n 1)
+                  if [ -z "$APPEX_PATH" ]; then
+                    echo "Error: App Extension (.appex) not found in PlugIns directory."
+                    exit 1
+                  fi
+                  echo "Found App Extension at: $APPEX_PATH"
+                  # Use the specific entitlements for the extension
+                  ldid -S"${GITHUB_WORKSPACE}/TunnelProv/TunnelProv.entitlements" "$APPEX_PATH/$(basename "$APPEX_PATH" .appex)"
+                  echo "Signed App Extension."
+
+            - name: Sign Main App Bundle
+              run: |
+                  APP_BINARY_PATH="Payload/StosVPN.app/StosVPN"
+                  # Use the specific entitlements for the main app
+                  ldid -S"${GITHUB_WORKSPACE}/StosVPN/StosVPN.entitlements" "$APP_BINARY_PATH"
+                  echo "Signed Main App Bundle."
+
+            - name: Create IPA
+              run: |
+                  zip -r ./StosVPN-fakesigned.ipa Payload
+
+            - name: Upload IPA Artifact
+              uses: actions/upload-artifact@v4
+              with:
+                  name: StosVPN-IPA.ipa
+                  path: StosVPN-fakesigned.ipa
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0fa898e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*.ipa
+/build
+
+**/.DS_Store