diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
new file mode 100644
index 00000000..503634c0
--- /dev/null
+++ b/.github/workflows/build-and-push.yml
@@ -0,0 +1,40 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Sanitize branch name
+        id: branch
+        run: echo "name=$(echo '${{ github.ref_name }}' | sed 's/[^a-zA-Z0-9._-]/-/g')" >> $GITHUB_OUTPUT
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/ddmal/neon:${{ steps.branch.outputs.name }}-latest
+            ghcr.io/ddmal/neon:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.gitignore b/.gitignore
index af78f35e..f20adbbf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@
 /cypress/screenshots
 /cypress/downloads
 
+.idea
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..455e7148
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM node:18-alpine AS builder
+RUN apk add --no-cache git
+ENV NODE_OPTIONS=--openssl-legacy-provider
+WORKDIR /app
+
+COPY package.json yarn.lock ./
+RUN yarn install --frozen-lockfile
+
+COPY . .
+RUN yarn build:prod
+
+FROM nginx:1.25-alpine
+COPY --from=builder /app/deployment/server /usr/share/nginx/html
+COPY k8s/nginx.conf /etc/nginx/conf.d/default.conf
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/k8s/configmap.yaml b/k8s/configmap.yaml
new file mode 100644
index 00000000..0d98336c
--- /dev/null
+++ b/k8s/configmap.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: neon-nginx-conf
+  namespace: neon
+data:
+  default.conf: |
+    server {
+        listen 80;
+        server_name _;
+        root /usr/share/nginx/html;
+        index index.html;
+
+        gzip on;
+        gzip_types text/plain text/css application/javascript application/json image/svg+xml;
+
+        # Cache compiled assets long-term; no-cache for HTML entry points
+        location /Neon-gh/ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+
+        location ~* \.(html|htm)$ {
+            expires -1;
+            add_header Cache-Control "no-cache";
+        }
+
+        location / {
+            try_files $uri $uri/ =404;
+        }
+    }
diff --git a/k8s/deployment.yaml b/k8s/deployment.yaml
new file mode 100644
index 00000000..02b844ee
--- /dev/null
+++ b/k8s/deployment.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: neon
+  namespace: neon
+  labels:
+    app: neon
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: neon
+  template:
+    metadata:
+      labels:
+        app: neon
+    spec:
+      imagePullSecrets:
+        - name: ghcr-pull-secret
+      containers:
+        - name: neon
+          image: ghcr.io/ddmal/neon:develop-latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - name: nginx-conf
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "256Mi"
+              cpu: "200m"
+      volumes:
+        - name: nginx-conf
+          configMap:
+            name: neon-nginx-conf
diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
new file mode 100644
index 00000000..bb089538
--- /dev/null
+++ b/k8s/ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: neon
+  namespace: neon
+spec:
+  rules:
+    - host: neon.simssa.ca
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: neon
+                port:
+                  number: 80
diff --git a/k8s/nginx.conf b/k8s/nginx.conf
new file mode 100644
index 00000000..eebbfd0c
--- /dev/null
+++ b/k8s/nginx.conf
@@ -0,0 +1,24 @@
+server {
+    listen 80;
+    server_name _;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    gzip on;
+    gzip_types text/plain text/css application/javascript application/json image/svg+xml;
+
+    # Cache compiled assets long-term; no-cache for HTML entry points
+    location /Neon-gh/ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.(html|htm)$ {
+        expires -1;
+        add_header Cache-Control "no-cache";
+    }
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}
diff --git a/k8s/service.yaml b/k8s/service.yaml
new file mode 100644
index 00000000..d26799f6
--- /dev/null
+++ b/k8s/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: neon
+  namespace: neon
+spec:
+  type: ClusterIP
+  selector:
+    app: neon
+  ports:
+    - port: 80
+      targetPort: 80