diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index d30d012..c001aaa 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -27,3 +27,26 @@ jobs:
         if: github.ref == 'refs/heads/main'
       - run: |
           docker push ghcr.io/${{ github.repository }}/${{ matrix.service }}
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/main'
+    environment:
+      name: production
+      url: https://saerro.harasse.rs
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - id: "auth"
+        uses: "google-github-actions/auth@v1"
+        with:
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+
+      - name: "Set up Cloud SDK"
+        uses: "google-github-actions/setup-gcloud@v1"
+
+      - name: "Deploy"
+        run: |
+          gcloud compute ssh ${{ secrets.VM_NAME }} --zone=us-central1-a --command "cd /opt && sudo docker compose pull && sudo docker compose up -d"