diff --git a/.github/workflows/Deployment.yml b/.github/workflows/Deployment.yml
new file mode 100644
index 0000000..5f8853d
--- /dev/null
+++ b/.github/workflows/Deployment.yml
@@ -0,0 +1,75 @@
+Name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  # Push image to ECR
+  Push:
+    name: Push image to ECR
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Login to AWS
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: AWS ECR Login
+        uses: aws-actions/amazon-ecr-login@v2
+      - name: Build image
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: ${{ secrets.REPOSITORY }}
+          IMAGE_TAG: ${{ github.sha }}
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+        run: |
+          docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG --build-arg DATABASE_URL=$DATABASE_URL .
+          docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
+
+  # Update Kubernetes
+  Deploy:
+    name: "Deploy image to Kubernetes"
+    runs-on: ubuntu-latest
+    needs:
+      - Push
+    steps:
+      - uses: actions/checkout@v4
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ inputs.region }}
+      - uses: aws-actions/amazon-ecr-login@v2
+        id: ecr-login
+      - name: Authorize runner IP
+        uses: CodeYourFuture/actions/.github/actions/allow-ip@main
+        with:
+          group: ${{ secrets.K8S_SECURITY_GROUP }}
+          port: ${{ secrets.K8S_MASTER_PORT }}
+          region: ${{ inputs.region }}
+      - name: Get config and set KUBECONFIG
+        uses: CodeYourFuture/actions/.github/actions/get-kubeconfig@main
+        id: get-kubeconfig
+        with:
+          gpg-key: ${{ secrets.GPG_KEY }}
+          s3-uri: ${{ secrets.S3_URI }}
+      - name: Update deployment
+        run: |
+          kubectl \
+            --namespace=$NAMESPACE \
+            set image deployment/$DEPLOYMENT \
+            $CONTAINER=$REGISTRY/$REPOSITORY:$IMAGE_TAG
+        env:
+          CONTAINER: london-doorbell
+          DEPLOYMENT: london-doorbell
+          KUBECONFIG: ${{ steps.get-kubeconfig.outputs.kubeconfig }}
+          IMAGE_TAG: ${{ github.sha }}
+          NAMESPACE: production
+          REGISTRY: ${{ steps.ecr-login.outputs.registry }}
+          REPOSITORY: london-doorbell