diff --git a/gitlab-cng-17.5.yaml b/gitlab-cng-17.5.yaml
new file mode 100644
index 00000000000..1791834daec
--- /dev/null
+++ b/gitlab-cng-17.5.yaml
@@ -0,0 +1,477 @@
+# These variables track the tag and expected commit for GitLab components that
+# require manual intervention for updates. Please refer to the variables
+# manifest that aligns with the CNG release tag set in the CNG package version
+# below. The manifest can be found here:
+# - https://gitlab.com/gitlab-org/build/CNG/-/blob/v<PACKAGE VERSION HERE>/ci_files/variables.yml
+# # Additionally, the latest 'gitaly-backup' package (part of gitlab-cng), must be built first.
+vars:
+  # Container registry tags: https://gitlab.com/gitlab-org/container-registry/-/tags
+  registry-commit: 09a142a8a223c6d701c7c2667f83cba00ef04427
+  registry-tag: 4.10.0
+  # ElasticSearch indexer tags: https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer/-/tags
+  indexer-commit: a4aab7fbaa46dc99abe611a2a460c32bedd7fa36
+  indexer-tag: 5.3.0
+  # Exporter tags: https://gitlab.com/gitlab-org/ruby/gems/gitlab-exporter/-/tags
+  exporter-commit: f16670c44a4a26393f780512d3ff669aa74d2cf6
+  exporter-tag: 15.0.0
+  # Logger tags: https://gitlab.com/gitlab-org/cloud-native/gitlab-logger/-/tags
+  logger-commit: 61e76054e898803f7c2408e7e54dfba96a5085fc
+  logger-tag: 3.0.0
+  # Mailroom tags: https://gitlab.com/gitlab-org/ruby/gems/gitlab-mail_room/-/tags
+  mailroom-commit: 1e300f1d571f89713f5448009d70dc8cd467997e
+  mailroom-tag: 0.0.25
+  # Shell tags: https://gitlab.com/gitlab-org/gitlab-shell/-/tags
+  shell-commit: 2ff6909d8c43a78f34b698a863e554a7bc301545
+  shell-tag: 14.39.0
+
+var-transforms:
+  - from: ${{package.version}}
+    match: ^(\d+\.\d+)\.\d+$
+    replace: "$1"
+    to: major-minor-version
+
+package:
+  name: gitlab-cng-17.5
+  # ---Additional updates required--- Review 'vars' section (above), when reviewing version bumps.
+  version: "17.5.1"
+  epoch: 0
+  description: Cloud Native container images per component of GitLab
+  copyright:
+    - license: MIT
+  dependencies:
+    provides:
+      - gitlab-cng=${{package.full-version}}
+
+environment:
+  contents:
+    packages:
+      - bash
+      - build-base
+      - busybox
+      - ca-certificates
+      - ca-certificates-bundle
+      - heimdal-dev
+      - icu-dev
+      - libpq
+      - postgresql-dev
+      - ruby-3.2
+      - ruby-3.2-dev
+      - ruby3.2-bundler
+      - zlib-dev
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://gitlab.com/gitlab-org/build/CNG.git
+      tag: v${{package.version}}
+      expected-commit: 3a52582dee843c44dac00ba9410cfdaedb63fe4d
+
+data:
+  # Used to create all of the *-scripts subpackages from the CNG repo.
+  - name: scripts
+    items:
+      cfssl-self-sign: ./cfssl-self-sign
+      container-registry: ./gitlab-container-registry
+      exporter: ./gitlab-exporter
+      geo-logcursor: ./gitlab-geo-logcursor
+      gitaly: ./gitaly
+      mailroom: ./gitlab-mailroom
+      pages: ./gitlab-pages
+      rails: ./gitlab-rails
+      shell: ./gitlab-shell
+      sidekiq: ./gitlab-sidekiq
+      webservice: ./gitlab-webservice
+      workhorse: ./gitlab-workhorse
+
+subpackages:
+  - range: scripts
+    name: gitlab-${{range.key}}-scripts-${{vars.major-minor-version}}
+    dependencies:
+      provides:
+        - gitlab-${{range.key}}-scripts=${{package.full-version}}
+    pipeline:
+      - runs: |
+          cd ${{range.value}}
+          for x in $(find scripts/ -type f); do
+            mkdir -p ${{targets.subpkgdir}}/$(dirname $x)
+            cp -r $x ${{targets.subpkgdir}}/$x
+          done
+
+  - name: gitlab-toolbox-scripts-${{vars.major-minor-version}}
+    dependencies:
+      provides:
+        - gitlab-toolbox-scripts=${{package.full-version}}
+    pipeline:
+      - runs: |
+          mkdir -p ${{targets.subpkgdir}}/usr/local/bin
+          mkdir -p ${{targets.subpkgdir}}/usr/lib/ruby/vendor_ruby
+          cp -r ./gitlab-toolbox/scripts/bin/* ${{targets.subpkgdir}}/usr/local/bin
+          cp -r ./gitlab-toolbox/scripts/lib/* ${{targets.subpkgdir}}/usr/lib/ruby/vendor_ruby
+
+  - name: gitlab-shell-scripts-compat-${{vars.major-minor-version}}
+    dependencies:
+      provides:
+        - gitlab-shell-scripts-compat=${{package.full-version}}
+    pipeline:
+      - runs: |
+          mkdir -p "${{targets.subpkgdir}}"
+          cp  gitlab-shell/scripts/authorized_keys "${{targets.subpkgdir}}/"
+          chmod 755 "${{targets.subpkgdir}}/authorized_keys"
+
+  - name: gitlab-base-${{vars.major-minor-version}}
+    pipeline:
+      - runs: |
+          cd ./gitlab-base
+          for x in $(find scripts/ -type f); do
+            mkdir -p ${{targets.subpkgdir}}/$(dirname $x)
+            cp -r $x ${{targets.subpkgdir}}/$x
+          done
+    dependencies:
+      provides:
+        - gitlab-base=${{package.full-version}}
+      runtime:
+        - bash
+        - busybox
+        - ca-certificates-bundle
+        - curl
+        - gitlab-logger-${{vars.major-minor-version}}
+        - gomplate
+        - procps
+        - xtail
+        - tini
+        - tini-compat
+
+  - name: gitlab-webservice-config-${{vars.major-minor-version}}
+    pipeline:
+      - runs: |
+          cd ./gitlab-webservice
+          mkdir -p ${{targets.subpkgdir}}/srv/gitlab/config
+          cp configuration/puma.rb ${{targets.subpkgdir}}/srv/gitlab/config
+    dependencies:
+      provides:
+        - gitlab-webservice-config=${{package.full-version}}
+
+  - name: gitlab-certificates-${{vars.major-minor-version}}
+    pipeline:
+      - runs: |
+          cd ./certificates
+          for x in $(find scripts/ -type f); do
+            mkdir -p ${{targets.subpkgdir}}/$(dirname $x)
+            cp -r $x ${{targets.subpkgdir}}/$x
+          done
+          ./scripts/bundle-certificates
+    dependencies:
+      provides:
+        - gitlab-certificates=${{package.full-version}}
+      runtime:
+        - ca-certificates
+    test:
+      pipeline:
+        - name: Test bundle-certificates script
+          runs: |
+            # if bundle-certificates runs correctly, it dereferences symlinks outside of /etc/ssl/certs
+            for f in /etc/ssl/certs/*.pem /etc/ssl/certs/*.crt; do
+              if [ -L "$f" ]; then
+                origin=$(readlink -f "$f")
+                originPath=${origin%/*}
+                if [ "$originPath" != "/etc/ssl/certs" ]; then
+                  echo "Error: $f is a symlink pointing outside of /etc/ssl/certs to $origin"
+                  exit 1
+                fi
+              fi
+            done
+
+  - name: gitlab-container-registry-${{vars.major-minor-version}}
+    description: The GitLab Container Registry originated as a fork of the Docker Distribution Registry, now CNCF Distribution, both distributed under Apache License Version 2.0.
+    dependencies:
+      provides:
+        - gitlab-container-registry=${{package.full-version}}
+    pipeline:
+      - uses: git-checkout
+        with:
+          repository: https://gitlab.com/gitlab-org/container-registry
+          tag: v${{vars.registry-tag}}-gitlab
+          expected-commit: ${{vars.registry-commit}}
+          destination: ./container-registry
+      - working-directory: ./container-registry
+        runs: |
+          mkdir -p "${{targets.contextdir}}"/etc/docker/registry
+      - uses: go/build
+        with:
+          packages: ./cmd/registry
+          output: registry
+          tags: include_oss,include_gcs,continuous_profiler_stackdriver
+          ldflags: -X github.com/docker/distribution/version.Version=${{vars.registry-tag}} -X github.com/docker/distribution/version.Revision=$(git rev-parse HEAD || echo '<unknown>') -X github.com/docker/distribution/version.Package="github.com/docker/distribution" -X github.com/docker/distribution/version.BuildTime=$(date +%F-%T)
+          modroot: ./container-registry
+    test:
+      environment:
+        contents:
+          packages:
+            - crane
+      pipeline:
+        - runs: |
+            #!/bin/bash
+
+            # Create the configuration file
+            tee /etc/docker/registry/config.yml <<EOL
+            # This config file is a basic configuration using filesystem metadata and blob
+            # storage.
+            version: 0.1
+            log:
+              accesslog:
+                disabled: false
+                formatter: text
+              level: info
+              formatter: text
+              fields:
+                service: registry
+            storage:
+              delete:
+                enabled: true
+              filesystem:
+                # Temp dir, rename if you need persistence.
+                # registry/storage/paths.go describes the structure of the data
+                # written to this directory
+                rootdirectory: "/tmp/registry"
+            http:
+              # Registry API will be accessible at localhost:5000
+              addr: :5000
+              debug:
+                addr: :5001
+                prometheus:
+                  enabled: true
+                  path: /metrics
+                pprof:
+                  enabled: true
+            EOL
+
+            # Run the Docker registry with the configuration file
+            registry serve /etc/docker/registry/config.yml &
+            PID=$!
+
+            # Wait for the registry to start
+            sleep 5
+
+            # Test the registry
+            crane catalog localhost:5000
+
+            # copy the image to the registry
+            crane copy alpine:latest localhost:5000/alpine:latest
+
+            # check for the image in the registry
+            crane manifest localhost:5000/alpine:latest
+
+            # Stop the registry
+            kill $PID
+
+  - name: gitlab-container-registry-compat-${{vars.major-minor-version}}
+    dependencies:
+      provides:
+        - gitlab-container-registry-compat=${{package.full-version}}
+    pipeline:
+      - runs: |
+          # https://gitlab.com/gitlab-org/build/CNG/-/blob/master/gitlab-container-registry/scripts/process-wrapper?ref_type=heads#L3
+          mkdir -p "${{targets.contextdir}}"/bin
+          ln -sf /usr/bin/registry "${{targets.contextdir}}"/bin/registry
+
+  - name: gitlab-elasticsearch-indexer-${{vars.major-minor-version}}
+    description: Elasticsearch indexer for GitLab EE, written in Go
+    dependencies:
+      provides:
+        - gitlab-elasticsearch-indexer=${{package.full-version}}
+    pipeline:
+      - uses: git-checkout
+        with:
+          repository: https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer
+          tag: v${{vars.indexer-tag}}
+          expected-commit: ${{vars.indexer-commit}}
+          destination: ./elasticsearch-indexer
+      - uses: go/build
+        with:
+          packages: .
+          output: gitlab-elasticsearch-indexer
+          modroot: ./elasticsearch-indexer
+    test:
+      pipeline:
+        - runs: |
+            gitlab-elasticsearch-indexer --version
+            gitlab-elasticsearch-indexer --help
+
+  - name: gitlab-elasticsearch-indexer-compat-${{vars.major-minor-version}}
+    dependencies:
+      provides:
+        - gitlab-elasticsearch-indexer-compat=${{package.full-version}}
+    pipeline:
+      - runs: |
+          mkdir -p "${{targets.subpkgdir}}/usr/local/bin"
+          ln -sf /usr/bin/gitlab-elasticsearch-indexer ${{targets.subpkgdir}}/usr/local/bin/gitlab-elasticsearch-indexer
+
+  - name: gitlab-exporter-${{vars.major-minor-version}}
+    description: GitLab Exporter is a Prometheus Web exporter.
+    dependencies:
+      provides:
+        - gitlab-exporter=${{package.full-version}}
+      runtime:
+        - jemalloc
+        - ruby-3.2
+        - libpq-16
+        - busybox
+        - ruby3.2-bundler
+    pipeline:
+      - uses: git-checkout
+        with:
+          repository: https://gitlab.com/gitlab-org/gitlab-exporter
+          tag: ${{vars.exporter-tag}}
+          expected-commit: ${{vars.exporter-commit}}
+          destination: ./exporter
+      - uses: ruby/build
+        with:
+          gem: gitlab-exporter
+          dir: ./exporter
+      - working-directory: ./exporter
+        runs: |
+          TARGET_DIR_BIN="${{targets.contextdir}}/usr/bin"
+          TARGET_DIR_INSTALL="${{targets.contextdir}}$(ruby -e 'puts Gem.default_dir')/"
+
+          mkdir -p "${TARGET_DIR_BIN}"
+          mkdir -p "${TARGET_DIR_INSTALL}"
+
+          gem install gitlab-exporter-${{vars.exporter-tag}}.gem \
+            --install-dir ${TARGET_DIR_INSTALL}  \
+            --bindir ${TARGET_DIR_BIN} \
+            --version ${{vars.exporter-tag}} \
+            --no-document \
+            --verbose
+      - uses: ruby/clean
+    test:
+      pipeline:
+        - name: "Test gitlab-exporter"
+          runs: |
+            if ! command -v gitlab-exporter &> /dev/null; then
+              echo "GitLab Exporter is not installed."
+              exit 1
+            fi
+
+  - name: gitlab-logger-${{vars.major-minor-version}}
+    description: GitLab Logger provides a means of wrapping non-structured log files within structure JSON.
+    dependencies:
+      provides:
+        - gitlab-logger=${{package.full-version}}
+    pipeline:
+      - uses: git-checkout
+        with:
+          repository: https://gitlab.com/gitlab-org/cloud-native/gitlab-logger
+          tag: v${{vars.logger-tag}}
+          destination: ./logger
+      - uses: go/build
+        with:
+          packages: ./cmd/gitlab-logger
+          output: gitlab-logger
+          ldflags: -X main.version=${component_version} -X main.buildtime=$(date +%F-%T)
+          modroot: ./logger
+    test:
+      pipeline:
+        - runs: |
+            gitlab-logger -h
+
+  - name: gitlab-logger-compat-${{vars.major-minor-version}}
+    dependencies:
+      provides:
+        - gitlab-logger-compat=${{package.full-version}}
+    pipeline:
+      - runs: |
+          # GitLab helm chart mostly hardcodes multiple executables path to /usr/local/bin/*
+          mkdir -p "${{targets.subpkgdir}}"/usr/local/bin
+          ln -s /usr/bin/gitlab-logger "${{targets.subpkgdir}}"/usr/local/bin/gitlab-logger
+
+  - name: gitlab-mailroom-${{vars.major-minor-version}}
+    description: GitLab mail_room contains some merged functionality that GitLab requires, so this mirror fork is to help us release custom functionality.
+    dependencies:
+      provides:
+        - gitlab-mailroom=${{package.full-version}}
+      runtime:
+        - jemalloc
+        - ruby-3.2
+        - busybox
+        - ruby3.2-webrick
+        - ruby3.2-bundler
+        - ruby3.2-oauth2
+        - ruby3.2-rack
+        - ruby3.2-redis
+        - ruby3.2-redis-namespace
+        - ruby3.2-redis-client
+        - ruby3.2-charlock_holmes
+        - ruby3.2-snaky_hash
+    pipeline:
+      # GitLab-Mail_Room
+      - uses: git-checkout
+        with:
+          repository: https://gitlab.com/gitlab-org/ruby/gems/gitlab-mail_room
+          tag: v${{vars.mailroom-tag}}
+          expected-commit: ${{vars.mailroom-commit}}
+          destination: ./mailroom
+      - uses: ruby/unlock-spec
+      - uses: ruby/build
+        with:
+          gem: mail_room
+          output: mail_room-${{vars.mailroom-tag}}.gem
+          dir: ./mailroom
+      - uses: ruby/install
+        with:
+          gem: mail_room
+          version: ${{vars.mailroom-tag}}
+          dir: ./mailroom
+      - uses: ruby/clean
+
+  - name: gitlab-shell-${{vars.major-minor-version}}
+    description: SSH access for GitLab
+    dependencies:
+      provides:
+        - gitlab-shell=${{package.full-version}}
+      runtime:
+        - openssh
+    pipeline:
+      - uses: git-checkout
+        with:
+          repository: https://gitlab.com/gitlab-org/gitlab-shell
+          tag: v${{vars.shell-tag}}
+          expected-commit: ${{vars.shell-commit}}
+          destination: ./shell
+      - working-directory: ./shell
+        runs: |
+          make build
+
+          BINDIR=${{targets.contextdir}}/srv/gitlab-shell/bin
+          mkdir -p "${BINDIR}"
+
+          install -m755 bin/gitlab-shell-check "${BINDIR}/gitlab-shell-check"
+          install -m755 bin/gitlab-shell "${BINDIR}/gitlab-shell"
+          install -m755 bin/gitlab-shell-authorized-keys-check "${BINDIR}/gitlab-shell-authorized-keys-check"
+          install -m755 bin/gitlab-shell-authorized-principals-check "${BINDIR}/gitlab-shell-authorized-principals-check"
+          install -m755 bin/gitlab-sshd "${BINDIR}/gitlab-sshd"
+
+          mkdir -p ${{targets.contextdir}}/srv/gitlab-shell/
+          cp LICENSE VERSION ${{targets.contextdir}}/srv/gitlab-shell/
+
+          install -d ${{targets.contextdir}}/srv/sshd
+          install -d ${{targets.contextdir}}/etc/ssh
+          install -d ${{targets.contextdir}}/var/log/gitlab-shell
+          touch ${{targets.contextdir}}/var/log/gitlab-shell/gitlab-shell.log
+
+  - name: gitaly-config-${{vars.major-minor-version}}
+    dependencies:
+      provides:
+        - gitaly-config=${{package.full-version}}
+    pipeline:
+      - working-directory: ./gitaly
+        runs: |
+          mkdir -p "${{targets.contextdir}}/etc/gitaly"
+          cp config.toml "${{targets.contextdir}}/etc/gitaly/config.toml.tpl"
+
+update:
+  enabled: true
+  # Requires manual steps when updating
+  manual: true
+  git:
+    strip-prefix: v
+    tag-filter-prefix: v17.5