diff --git a/.github/secrets/decrypt_secrets.sh b/.github/secrets/decrypt_secrets.sh
index 19dfa83dc7..de0fc07f36 100755
--- a/.github/secrets/decrypt_secrets.sh
+++ b/.github/secrets/decrypt_secrets.sh
@@ -7,7 +7,8 @@ gpg --quiet --batch --yes --decrypt --passphrase="$IOS_CERTIFICATE_KEY" --output
 
 mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
 
-cp ./.github/secrets/match_AppStore_comquietmobile.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/718ac015-309f-49b6-9653-f6cf84a6377c.mobileprovision
+UUID=$(security cms -D -i match_AppStore_comquietmobile.mobileprovision | plutil -extract UUID xml1 -o - - | plutil -p - | sed 's/"//g')
+cp ./.github/secrets/match_AppStore_comquietmobile.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$UUID.mobileprovision
 
 
 security create-keychain -p "" build.keychain
@@ -19,3 +20,5 @@ security unlock-keychain -p "" ~/Library/Keychains/build.keychain
 security set-keychain-settings ~/Library/Keychains/build.keychain #this removes autolock
 
 security set-key-partition-list -S apple-tool:,apple: -s -k "" ~/Library/Keychains/build.keychain
+rm -f ./.github/secrets/Certificates.p12
+rm -f ./.github/secrets/match_AppStore_comquietmobile.mobileprovision
diff --git a/.github/workflows/mobile-deploy-ios-test.yml b/.github/workflows/mobile-deploy-ios-test.yml
new file mode 100644
index 0000000000..0957c0ed4f
--- /dev/null
+++ b/.github/workflows/mobile-deploy-ios-test.yml
@@ -0,0 +1,74 @@
+name: Deploy iOS to App Store
+
+on:
+  pull_request:
+
+jobs:
+  build-ios:
+    # needs: detox-ios
+    runs-on: ${{ matrix.os }}
+    if: |
+      startsWith(github.ref, 'refs/tags/@quiet/mobile')
+
+    strategy:
+      matrix:
+        os: [macos-13]
+
+    steps:
+      - name: "Print OS"
+        run: echo ${{ matrix.os }}
+
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          submodules: 'recursive'
+          lfs: true
+
+      - name: Install gpg
+        run: brew install gnupg
+
+      - name: Setup XCode
+        uses: maxim-lobanov/setup-xcode@9a697e2b393340c3cacd97468baa318e4c883d98 # v1.5.1
+        with:
+          xcode-version: '15.2'
+
+      - name: Setup environment
+        uses: ./.github/actions/setup-env
+        with:
+          cachePrefix: "deploy-ios"
+          bootstrap-packages: "@quiet/eslint-config,@quiet/logger,@quiet/common,@quiet/types,@quiet/state-manager,@quiet/backend,@quiet/identity,@quiet/mobile,backend-bundle"
+
+      - name: Install pod dependencies
+        run: |
+          cd ./packages/mobile/ios
+          pod install
+        shell: bash
+
+      - name: Setup provisioning profile
+        run: ./.github/secrets/decrypt_secrets.sh
+        env:
+          IOS_PROFILE_KEY: ${{ secrets.IOS_PROFILE_KEY }}
+          IOS_CERTIFICATE_KEY: ${{ secrets.IOS_CERTIFICATE_KEY }}
+
+      - name: Build
+        run: |
+          cd ./packages/mobile/ios
+          xcodebuild archive \
+            -workspace Quiet.xcworkspace \
+            -scheme Quiet \
+            -configuration Release \
+            -archivePath build/Quiet.xcarchive \
+            PROVISIONING_PROFILE=$UUID \
+            CODE_SIGN_IDENTITY="Apple Distribution: Zbay LLC (CTYKSWN9T4)"
+
+      - name: Export .ipa
+        run: |
+          cd ./packages/mobile/ios
+          xcodebuild \
+            -exportArchive \
+            -archivePath build/Quiet.xcarchive \
+            -exportOptionsPlist ci.plist \
+            -exportPath build/
+
+      - name: Cleanup environment
+        if: always()
+        run: security delete-keychain build.keychain && rm -f ~/Library/MobileDevice/Provisioning\ Profiles/*.mobileprovision