diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e4202a60..c0598b0a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,7 +14,7 @@ env:
   DOCKER_TAG: ${{ github.sha }}
 
 jobs:
-  build-and-push-images:
+  build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
@@ -33,4 +33,22 @@ jobs:
       - run: |
           just push-images ${{ github.sha }}
 
+  deploy:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+      - uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # 1.5.0
+
+      - name: Add the deployment SSH key
+        uses: shimataro/ssh-key-action@3c9b0fc6f2d223b8450b02a0445f526350fc73e0 # 2.3.1
+        with:
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          name: id_rsa
+          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
+
+      - run: |
+          just deploy ${{ github.sha }}
+
 # vim: sw=2 ts=2
diff --git a/justfile b/justfile
index e4916d12..324fb7e4 100644
--- a/justfile
+++ b/justfile
@@ -12,11 +12,11 @@ create-daily:
   touch "${filepath}/${filename}"
   eval "${EDITOR}" "${filepath}/${filename}"
 
-deploy:
+deploy sha:
   rm -fr _deploy
   docker container rm oliverdavies.uk-build || true
 
-  docker image pull ghcr.io/opdavies/oliverdavies.uk-build
+  docker image pull ghcr.io/opdavies/oliverdavies.uk-build:{{ sha }}
   docker container run --entrypoint sh --name oliverdavies.uk-build ghcr.io/opdavies/oliverdavies.uk-build
   docker container cp oliverdavies.uk-build:/app/ _deploy
 
@@ -24,7 +24,7 @@ deploy:
 
   tree -L 2 _deploy
 
-  rsync -r -avhP --delete _deploy/* 104.248.165.137:/srv/oliverdavies.uk
+  rsync -r -avhP --delete _deploy/* opdavies@104.248.165.137:/srv/oliverdavies.uk
 
 build-images sha:
   docker image build \