diff --git a/gitea/workflows/ci.yml b/gitea/workflows/ci.yml
index e69de29..b6e0517 100644
--- a/gitea/workflows/ci.yml
+++ b/gitea/workflows/ci.yml
@@ -0,0 +1,70 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [main]
+
+env:
+  REGISTRY: git.fpmoz.sum.ba
+  IMAGE: git.fpmoz.sum.ba/${{ github.repository }}
+
+jobs:
+
+  # ── JOB 1: Build i Push Docker image ──────────────────
+  build:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout koda
+        uses: actions/checkout@v4
+
+      - name: Login u Gitea registry
+        run: |
+          echo ${{ secrets.REGISTRY_PASS }} | \
+            docker login $REGISTRY \
+            -u ${{ secrets.REGISTRY_USER }} --stdin
+
+      - name: Build i Push image
+        run: |
+          TAG=${{ github.sha }}
+          docker build -t $IMAGE:$TAG -t $IMAGE:latest .
+          docker push $IMAGE:$TAG
+          docker push $IMAGE:latest
+          echo $TAG > tag.txt
+
+      - name: Spremi image tag
+        uses: actions/upload-artifact@v4
+        with:
+          name: image-tag
+          path: tag.txt
+  # ── JOB 2: Deploy na k3s ───────────────────────────────
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout koda
+        uses: actions/checkout@v4
+
+      - name: Preuzmi image tag
+        uses: actions/download-artifact@v4
+        with:
+          name: image-tag
+
+      - name: Postavi kubeconfig
+        run: |
+          mkdir -p ~/.kube
+          echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > ~/.kube/config
+          chmod 600 ~/.kube/config
+
+      - name: Update image tag u manifestu
+        run: |
+          TAG=$(cat tag.txt)
+          sed -i "s|image:.*|image: $IMAGE:$TAG|" k8s/deployment.yaml
+
+      - name: Deploy na k3s
+        run: |
+          kubectl apply -f k8s/
+          kubectl rollout status deployment/hello-cicd \
+            -n student-${{ github.actor }} --timeout=120s
+