diff --git a/.github/workflows/macos_ci.yml b/.github/workflows/macos_ci.yml
new file mode 100644
--- /dev/null
+++ b/.github/workflows/macos_ci.yml
@@ -0,0 +1,60 @@
+name: macOS Build CI
+
+on:
+  push:
+    branches: [master]
+    paths-ignore:
+      - 'landing/**'
+      - 'docs/**'
+      - 'keyserver/**'
+      - 'native/**'
+      - 'shared/**'
+
+jobs:
+  build:
+    name: Build macOS app
+    runs-on: macos-12
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install Developer certificate
+        env:
+          MACOS_BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_BUILD_CERTIFICATE_BASE64 }}
+          MACOS_BUILD_P12_PASSWORD: ${{ secrets.MACOS_BUILD_P12_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$MACOS_BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$MACOS_BUILD_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+      - name: npm install -g yarn
+        run: npm install -g yarn
+
+      - name: yarn --frozen-lockfile --network-timeout 180000
+        run: yarn --frozen-lockfile --network-timeout 180000
+
+      - name: Build App
+        env:
+          APPLE_USER_NAME: ${{secrets.APPLE_USER_NAME}}
+          APPLE_APP_SPECIFIC_PASSWORD: ${{secrets.APPLE_APP_SPECIFIC_PASSWORD}}
+          TEAM_ID: ${{secrets.TEAM_ID}}
+        working-directory: './desktop'
+        run: yarn make --arch universal
+
+      - name: Clean up keychain
+        if: ${{ always() }}
+        run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
diff --git a/.github/workflows/windows_ci.yml b/.github/workflows/windows_ci.yml
new file mode 100644
--- /dev/null
+++ b/.github/workflows/windows_ci.yml
@@ -0,0 +1,40 @@
+name: Windows build CI
+
+on:
+  push:
+    branches: [master]
+    paths-ignore:
+      - 'landing/**'
+      - 'docs/**'
+      - 'keyserver/**'
+      - 'native/**'
+      - 'shared/**'
+
+jobs:
+  build:
+    name: Build Windows app
+    runs-on: windows-2022
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Yarn
+        run: npm install -g yarn
+
+      - name: yarn --frozen-lockfile --network-timeout 180000
+        run: yarn --frozen-lockfile --network-timeout 180000
+
+      - name: Save WINDOWS_CERTIFICATE_B64 to file
+        env:
+          WINDOWS_CERTIFICATE_B64: ${{secrets.WINDOWS_CERTIFICATE_B64}}
+        run: echo "$env:WINDOWS_CERTIFICATE_B64" > WINDOWS_CERTIFICATE_B64.b64
+
+      - name: Decode Windows certificate
+        run: certutil -decode WINDOWS_CERTIFICATE_B64.b64 windows_certificate.pfx
+
+      - name: Build App
+        env:
+          WINDOWS_CERTIFICATE: ${{github.workspace}}\windows_certificate.pfx
+          WINDOWS_PASSWORD: ${{secrets.WINDOWS_PASSWORD}}
+        working-directory: './desktop'
+        run: yarn make