diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml
index e884c78..7cba8f8 100644
--- a/.gitea/workflows/test.yml
+++ b/.gitea/workflows/test.yml
@@ -9,6 +9,7 @@ env:
 
 jobs:
   format-and-auto-fix:
+    if: "!contains(github.event.head_commit.message, 'Auto-fix code style')"
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
@@ -48,7 +49,7 @@ jobs:
             git config --global user.name "gitea-actions[bot]"
             git config --global user.email "gitea-actions[bot]@local"
             git add .
-            git commit -m "Auto-fix code style"
+            git commit -m "Auto-fix code style [skip ci]"
             git push
           else
             echo "No formatting changes to commit"
@@ -144,18 +145,28 @@ jobs:
   build-scan-and-push-image:
     needs: test-and-verify
     runs-on: ubuntu-latest
+    outputs:
+      image_tag: ${{ steps.meta.outputs.image_tag }}
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
 
+      - name: Set image tag
+        id: meta
+        run: |
+          SHORT_SHA=$(echo "${{ gitea.sha }}" | cut -c1-7)
+          echo "image_tag=${SHORT_SHA}" >> "$GITHUB_OUTPUT"
+
       - name: Log in to Gitea container registry
         run: |
-          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login https://git.onlionel.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login git.onlionel.com \
+            -u "${{ secrets.REGISTRY_USERNAME }}" \
+            --password-stdin
 
       - name: Build Docker images
         run: |
           docker build --pull -t $IMAGE_NAME:latest .
-          docker build --pull -t $IMAGE_NAME:${{ gitea.sha }} .
+          docker build --pull -t $IMAGE_NAME:${{ steps.meta.outputs.image_tag }} .
 
       - name: Verify Flask is available in container image
         run: |
@@ -182,20 +193,36 @@ jobs:
       - name: Push container images
         run: |
           docker push $IMAGE_NAME:latest
-          docker push $IMAGE_NAME:${{ gitea.sha }}
+          docker push $IMAGE_NAME:${{ steps.meta.outputs.image_tag }}
 
-  deploy-updated-container:
+  deploy-to-k3s:
     needs: build-scan-and-push-image
     runs-on: ubuntu-latest
     steps:
-      - name: Redeploy container over SSH
-        uses: appleboy/ssh-action@master
-        with:
-          host: 10.0.2.109
-          username: ${{ secrets.SSH_USERNAME }}
-          key: ${{ secrets.SSH_PRIVATE_KEY }}
-          script: |
-            cd ~/docker-compose/arcade/
-            docker compose -f docker-compose.stable.yml down
-            docker compose -f docker-compose.ci.yml pull
-            docker compose -f docker-compose.ci.yml up -d
\ No newline at end of file
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Install kubectl
+        run: |
+          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          sudo mv kubectl /usr/local/bin/kubectl
+          kubectl version --client
+
+      - name: Configure kubeconfig
+        run: |
+          mkdir -p ~/.kube
+          echo "${{ secrets.KUBECONFIG_B64 }}" | base64 -d > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Update manifest with image tag
+        run: |
+          sed -i "s|image: .*|image: ${IMAGE_NAME}:${{ needs.build-scan-and-push-image.outputs.image_tag }}|g" arcade.yaml
+
+      - name: Apply Kubernetes manifest
+        run: |
+          kubectl apply -f arcade.yaml
+
+      - name: Wait for rollout
+        run: |
+          kubectl -n devsecops rollout status deployment/arcade --timeout=180s
\ No newline at end of file