diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index f070695..d7bfeb0 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -1,25 +1,48 @@
-on: [push]
+name: Build (develop) / Promote (main)
+on:
+  push:
+    branches: [main]
 
 jobs:
-  build-push:
+  build-and-push-deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
-      - name: Login Harbor
-        run: echo "${{ secrets.HARBOR_PASSWORD }}" | docker login 172.35.0.216 -u ${{ secrets.HARBOR_USERNAME }} --password-stdin
-
-      - name: Build/Push with Tagging
+      - name: Build and Push
         run: |
-          REPO="172.35.0.216/library/vendaweb-portal"
-          VERSION="v${{ gitea.run_number }}"
-          
-          echo "Iniciando build da versão: $VERSION"
-          
-          docker build -t $REPO:$VERSION -t $REPO:latest .
-          
-          docker push $REPO:$VERSION
-          docker push $REPO:latest
+          REGISTRY="git.simplifiquehc.com.br"
+          IMAGE_NAME="$REGISTRY/simplifique/vendaweb-portal"
+          SHA_TAG=$(echo ${{ gitea.sha }} | cut -c1-7)
 
-      - name: Webhook Portainer
-        run: curl -X POST "${{ secrets.PORTAINER_WEBHOOK_FRONT }}"
\ No newline at end of file
+          echo "${{ secrets.K8S }}" | docker login "$REGISTRY" -u "${{ gitea.actor }}" --password-stdin
+
+          docker build -t "$IMAGE_NAME:$SHA_TAG" -t "$IMAGE_NAME:latest" .
+          docker push "$IMAGE_NAME:$SHA_TAG"
+          docker push "$IMAGE_NAME:latest"
+
+      - name: Update Manifest and Push to Git
+        run: |
+          SHA_TAG=$(echo ${{ gitea.sha }} | cut -c1-7)
+          IMAGE_NAME="git.simplifiquehc.com.br/simplifique/vendaweb-portal"
+
+          MANIFEST_FILE="k8s/overlays/prod/deployment-image-digest-patch.yaml"
+
+          sed -i -E "s|^([[:space:]]*image: ${IMAGE_NAME}:).*|\\1${SHA_TAG}|g" "$MANIFEST_FILE"
+
+          if [ -z "${{ secrets.GITEA_TOKEN }}" ]; then
+            echo "Missing secrets.GITEA_TOKEN (needed to push back to repo)"
+            exit 1
+          fi
+
+          git remote set-url origin "https://${{ gitea.actor }}:${{ secrets.GITEA_TOKEN }}@git.simplifiquehc.com.br/simplifique/Vendaweb-portal.git"
+
+          git config user.name "Gitea Action"
+          git config user.email "actions@simplifiquehc.com.br"
+
+          git add "$MANIFEST_FILE"
+          git commit -m "chore: update image tag to $SHA_TAG [skip ci]"
+          git push origin main
diff --git a/k8s/argocd/application-prod.yaml b/k8s/argocd/application-prod.yaml
new file mode 100644
index 0000000..df39a8f
--- /dev/null
+++ b/k8s/argocd/application-prod.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vendaweb-portal-prod
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://git.simplifiquehc.com.br/simplifique/Vendaweb-portal.git
+    targetRevision: main
+    path: k8s/overlays/prod
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: vendawebfront-prod
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    retry:
+      limit: 2
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+    syncOptions:
+      - CreateNamespace=true
+      - PruneLast=true
diff --git a/k8s/base/configmap.yaml b/k8s/base/configmap.yaml
new file mode 100644
index 0000000..d626eb1
--- /dev/null
+++ b/k8s/base/configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vendaweb-portal-config
+data:
+  API_URL: "https://vendaweb-api.example.com"
+  URL_PIX: "https://pix.example.com"
diff --git a/k8s/base/deployment.yaml b/k8s/base/deployment.yaml
new file mode 100644
index 0000000..6577170
--- /dev/null
+++ b/k8s/base/deployment.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vendaweb-portal
+  labels:
+    app: vendaweb-portal
+spec:
+  replicas: 3
+  revisionHistoryLimit: 5
+  minReadySeconds: 10
+  progressDeadlineSeconds: 600
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: vendaweb-portal
+  template:
+    metadata:
+      labels:
+        app: vendaweb-portal
+    spec:
+      imagePullSecrets:
+        - name: gitea-auth
+      terminationGracePeriodSeconds: 30
+      containers:
+        - name: portal
+          image: git.simplifiquehc.com.br/simplifique/vendaweb-portal:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: vendaweb-portal-config
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 20
+            periodSeconds: 10
+            timeoutSeconds: 2
+            failureThreshold: 6
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 2
+            failureThreshold: 6
+          startupProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            timeoutSeconds: 2
+            failureThreshold: 24
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
diff --git a/k8s/base/kustomization.yaml b/k8s/base/kustomization.yaml
new file mode 100644
index 0000000..ab071dc
--- /dev/null
+++ b/k8s/base/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deployment.yaml
+  - service.yaml
+  - configmap.yaml
diff --git a/k8s/base/service.yaml b/k8s/base/service.yaml
new file mode 100644
index 0000000..74fd1c7
--- /dev/null
+++ b/k8s/base/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vendaweb-portal
+  labels:
+    app: vendaweb-portal
+spec:
+  type: ClusterIP
+  selector:
+    app: vendaweb-portal
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
diff --git a/k8s/overlays/prod/deployment-image-digest-patch.yaml b/k8s/overlays/prod/deployment-image-digest-patch.yaml
new file mode 100644
index 0000000..57dbc0e
--- /dev/null
+++ b/k8s/overlays/prod/deployment-image-digest-patch.yaml
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vendaweb-portal
+spec:
+  template:
+    spec:
+      containers:
+        - name: portal
+          image: git.simplifiquehc.com.br/simplifique/vendaweb-portal:latest
diff --git a/k8s/overlays/prod/deployment-prod-patch.yaml b/k8s/overlays/prod/deployment-prod-patch.yaml
new file mode 100644
index 0000000..2aaf850
--- /dev/null
+++ b/k8s/overlays/prod/deployment-prod-patch.yaml
@@ -0,0 +1,6 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vendaweb-portal
+spec:
+  replicas: 15
diff --git a/k8s/overlays/prod/kustomization.yaml b/k8s/overlays/prod/kustomization.yaml
new file mode 100644
index 0000000..d83966f
--- /dev/null
+++ b/k8s/overlays/prod/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: vendawebfront-prod
+
+resources:
+  - ../../base
+
+patches:
+  - path: service-patch.yaml
+  - path: deployment-prod-patch.yaml
+  - path: deployment-image-digest-patch.yaml
diff --git a/k8s/overlays/prod/service-patch.yaml b/k8s/overlays/prod/service-patch.yaml
new file mode 100644
index 0000000..95910bc
--- /dev/null
+++ b/k8s/overlays/prod/service-patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vendaweb-portal
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      nodePort: 30002