diff --git a/.github/workflows/cd-workflow.yaml b/.github/workflows/cd-workflow.yaml
index 2748493..c3a2475 100644
--- a/.github/workflows/cd-workflow.yaml
+++ b/.github/workflows/cd-workflow.yaml
@@ -5,9 +5,84 @@ on:
 
 
 jobs:
-  placeholder-job:
+  create-and-push-image:
+    permissions:
+      id-token: write
+      contents: read
+    name: "Create and push the Docker image to GAR"
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
 
     steps:
-      - name: hello world
-        run: echo "Hello World"
+      - name: Checkout
+        uses: actions/checkout@v4
+      - id: 'setup-qemu'
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - id: 'docker-buildx-setup'
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          create_credentials_file: true
+          token_format: access_token
+          workload_identity_provider: 'projects/1006240973223/locations/global/workloadIdentityPools/deploy-backstage/providers/github-actions'
+          service_account: 'deploy-backstage@code-idp.iam.gserviceaccount.com'
+      - id: 'login-gar'
+        name: "Login to GAR"
+        uses: docker/login-action@v3
+        with:
+          registry: europe-west10-docker.pgk.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      - id: 'build-and-push'
+        name: 'Build and Push docker Image'
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          tags: europe-west10-docker.pgk.dev/code-idp/backstage-deploy/backstage-image:${{ github.sha }}
+          build-args: |
+            APP_ENV=docker
+  deploy-image:
+    permissions:
+      id-token: write
+      contents: read
+    name: "Create and push the Docker image to GAR"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          create_credentials_file: true
+          workload_identity_provider: 'projects/1006240973223/locations/global/workloadIdentityPools/deploy-backstage/providers/github-actions'
+          service_account: 'deploy-backstage@code-idp.iam.gserviceaccount.com'
+      - id: 'deploy'
+        uses: 'google-github-actions/deploy-cloudrun@v2'
+        with:
+          service: 'backstage-deployment'
+          image: 'europe-west10-docker.pgk.dev/code-idp/backstage-deploy/backstage-image:${{ github.sha }}'
+          env_vars: |
+            key=value
+            POSTGRES_HOST=code-idp:europe-west10-backstage-pg
+            POSTGRES_PORT=5432
+            POSTGRES_USER=postgres
+            BASE_URL=https://example.com #needs to be fixed
+          secrets: |-
+            POSTGRES_PASSWORD=postgres-password:latest
+            GITHUB_TOKEN=GITHUB_TOKEN
+            GOOGLE_CLIENT_ID=aslkdjf
+            GOOGLE_CLIENT_SECRET=fkajsdlf
\ No newline at end of file
diff --git a/app-config.docker.yaml b/app-config.docker.yaml
index 62666c7..d348f4e 100644
--- a/app-config.docker.yaml
+++ b/app-config.docker.yaml
@@ -15,11 +15,15 @@ catalog:
     - type: file
       target: minikube/catalog-info.yaml
 
-
 auth:
-  environment: production
-  providers: 
+  # see https://backstage.io/docs/auth/ to learn about auth providers
+  environment: development
+  providers:
     github:
-      production:
-        clientId:  ${GITHUB_CLIENT_ID} 
+      development:
+        clientId: ${GITHUB_CLIENT_ID}
         clientSecret: ${GITHUB_CLIENT_SECRET}
+    google:
+      development:
+        clientId: ${GOOGLE_CLIENT_ID}
+        clientSecret: ${GOOGLE_CLIENT_SECRET}
\ No newline at end of file
diff --git a/app-config.yaml b/app-config.yaml
index 5f8ab39..f6730a4 100644
--- a/app-config.yaml
+++ b/app-config.yaml
@@ -81,16 +81,16 @@ auth:
         clientId: ${GOOGLE_CLIENT_ID}
         clientSecret: ${GOOGLE_CLIENT_SECRET}
 
-kubernetes:
-  serviceLocatorMethod:
-    type: multiTenant
-  clusterLocatorMethods:
-    - type: config
-      clusters:
-        - url: ${K8S_URL}
-          name: 'k8s'
-          authProvider: serviceAccount
-          skipTLSVerify: false
-          skipMetricsLookup: true
-          serviceAccountToken: ${K8S_ACCOUNT_TOKEN}
-          caData: ${K8S_CA_DATA}
+# kubernetes:
+#   serviceLocatorMethod:
+#     type: multiTenant
+#   clusterLocatorMethods:
+#     - type: config
+#       clusters:
+#         - url: ${K8S_URL}
+#           name: 'k8s'
+#           authProvider: serviceAccount
+#           skipTLSVerify: false
+#           skipMetricsLookup: true
+#           serviceAccountToken: ${K8S_ACCOUNT_TOKEN}
+#           caData: ${K8S_CA_DATA}