diff --git a/.github/workflows/production.yaml b/.github/workflows/production.yaml
new file mode 100644
index 0000000..4592714
--- /dev/null
+++ b/.github/workflows/production.yaml
@@ -0,0 +1,107 @@
+name: build and deploy (Production)
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  REPOSITORY: ${{ github.repository }}
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      REGISTRY: ${{ env.REGISTRY }}
+      REPOSITORY: ${{ env.REPOSITORY }}
+      IMAGE_TAG: ${{ steps.meta.outputs.tags }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Login to Docker
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.REPOSITORY }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Setup Infisical
+        uses: Infisical/secrets-action@v1.0.6
+        with:
+          client-id: ${{ secrets.INFISICAL_CLIENT_ID }}
+          client-secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
+          env-slug: prod
+          project-slug: 2024-newbies-un-mb
+          domain: ${{ secrets.INFISICAL_DOMAIN }}
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'openjdk'
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Build with Gradle Wrapper
+        run: ./gradlew assemble
+
+      - name: Build, tag, and push image to ghcr.io
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+  deploy:
+    name: Update Git Repository
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          repository: gsainfoteam/icarus-gitops
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          fetch-depth: 0
+
+      - name: Update Kubernetes Manifest
+        env:
+          REGISTRY: ${{ needs.build.outputs.REGISTRY }}
+          REPOSITORY: ${{ needs.build.outputs.REPOSITORY }}
+          IMAGE_TAG: ${{ needs.build.outputs.IMAGE_TAG }}
+        run: |
+          sed -i "s|image:.*|image: $REGISTRY\/$REPOSITORY:$IMAGE_TAG|g" infoteam/service/2024_newbies/prod.yaml
+
+      - name: Commit and Push
+        env:
+          REPOSITORY: ${{ needs.build.outputs.REPOSITORY }}
+          IMAGE_TAG: ${{ needs.build.outputs.IMAGE_TAG }}
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "GitHub Actions"
+          git commit -am "Update image $REPOSITORY:$IMAGE_TAG"
+          git push -u origin master
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..c062166
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,6 @@
+FROM openjdk:21-alpine
+ARG JAR_FILE=build/libs/*.jar
+COPY ${JAR_FILE} app.jar
+ENV TZ=Asia/Seoul
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+ENTRYPOINT ["java", "-jar", "/app.jar"]
\ No newline at end of file