diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
index d556681..5e58bc7 100644
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@@ -128,6 +128,7 @@ jobs:
 
   test-frontend:
     runs-on: [ci]
+    if: false
     #needs: test-backend
 
     steps:
@@ -139,6 +140,7 @@ jobs:
 
   build-backend:
     runs-on: [ci]
+    if: false
     #needs: [test-backend, test-frontend]
     needs: [test-frontend]
 
@@ -174,6 +176,7 @@ jobs:
 
   build-frontend:
     runs-on: [ci]
+    if: false
     #needs: [test-backend, test-frontend]
     needs: [test-frontend]
 
@@ -205,4 +208,48 @@ jobs:
       - name: Push frontend container image
         run: |
           podman --remote push "$FRONTEND_IMAGE:${{ github.sha }}"
-          podman --remote push "$FRONTEND_IMAGE:latest"
\ No newline at end of file
+          podman --remote push "$FRONTEND_IMAGE:latest"
+
+  deploy-prod:
+    runs-on: [prod]
+    #needs: [build-backend, build-frontend]
+
+    env:
+      CONTAINER_HOST: unix:///run/user/1001/podman/podman.sock
+      XDG_RUNTIME_DIR: /tmp
+      RUN_ID: ${{ github.run_id }}
+      APP_NAME: ${{ github.repository }}
+      REGISTRY_HOST: ${{ secrets.REGISTRY_HOST }}
+      IMAGE_TAG: ${{ github.sha }}
+      POSTGRES_DATABASE_NAME: ${{ secrets.PROD_DB_DATABASE_NAME }}
+      POSTGRES_USERNAME: ${{ secrets.PROD_DB_USERNAME }}
+      POSTGRES_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
+      POSTGRES_PORT: ${{ secrets.PROD_DB_PORT }}
+      PROD_BACKEND_PORT: ${{ secrets.PROD_BACKEND_PORT }}
+      PROD_FRONTEND_PORT: ${{ secrets.PROD_FRONTEND_PORT }}
+      PROD_BACKEND_HOST: ${{ secrets.PROD_BACKEND_HOST }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Login to container registry with PAT
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | podman --remote login \
+            -u "${{ secrets.REGISTRY_USERNAME }}" \
+            --password-stdin \
+            "${{ secrets.REGISTRY_HOST }}"
+
+      - name: Pull production images
+        run: |
+          podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-backend-api-postgres:$IMAGE_TAG"
+          podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-frontend:$IMAGE_TAG"
+
+      - name: Install envsubst
+        run: |
+          apt-get update && apt-get install -y gettext-base
+
+      - name: Deploy production pod
+        run: |
+          # Process the pod template with environment variables
+          envsubst < deploy/prod-pod.yml | podman --remote kube play -
\ No newline at end of file
diff --git a/deploy/prod-pod.yml b/deploy/prod-pod.yml
index fdf598c..a256651 100644
--- a/deploy/prod-pod.yml
+++ b/deploy/prod-pod.yml
@@ -11,7 +11,7 @@ spec:
 
   containers:
   - name: postgres
-    image: ${REGISTRY_HOST}/${APP_NAME}/postgres:${IMAGE_TAG}
+    image: docker.io/postgres:16
     # Security: drop all capabilities, read-only root filesystem except data volume
     securityContext:
       runAsNonRoot: true
@@ -60,7 +60,7 @@ spec:
         cpu: "500m"
 
   - name: backend
-    image: ${REGISTRY_HOST}/${APP_NAME}/backend:${IMAGE_TAG}
+    image: ${REGISTRY_HOST}/${APP_NAME}/sharenet-backend-api-postgres:${IMAGE_TAG}
     # Security: drop all capabilities, read-only root filesystem
     securityContext:
       runAsNonRoot: true
@@ -109,7 +109,7 @@ spec:
         cpu: "250m"
 
   - name: frontend
-    image: ${REGISTRY_HOST}/${APP_NAME}/frontend:${IMAGE_TAG}
+    image: ${REGISTRY_HOST}/${APP_NAME}/sharenet-frontend:${IMAGE_TAG}
     # Security: drop all capabilities, read-only root filesystem
     securityContext:
       runAsNonRoot: true
@@ -142,7 +142,7 @@ spec:
         cpu: "250m"
 
   - name: nginx
-    image: ${REGISTRY_HOST}/${APP_NAME}/nginx:${IMAGE_TAG}
+    image: docker.io/nginx:alpine
     # Security: drop all capabilities, read-only root filesystem
     securityContext:
       readOnlyRootFilesystem: true