diff --git a/.github/workflows/cicd.yaml b/.github/workflows/cicd.yaml
new file mode 100644
index 0000000..b13c88d
--- /dev/null
+++ b/.github/workflows/cicd.yaml
@@ -0,0 +1,116 @@
+name: CI and CD
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  # ==============
+  # CI task
+  # ==============
+  quality-check:
+    name: Quality Scan
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 17
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+      - name: Cache SonarQube packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Gradle packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: ${{ runner.os }}-gradle
+      - name: Build and analyze
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        run: ./gradlew build sonar --info
+
+  build-and-push-docker-image:
+    name: Build docker image and push to repositories
+    runs-on: ubuntu-latest
+    needs: quality-check
+
+    steps:
+      - name: Set up JDK 17
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+
+      - uses: actions/checkout@v4
+
+      - name: Run test
+        run: ./gradlew test
+
+      - name: Setup SHA
+        run: echo "GITHUB_SHA=${GITHUB_SHA}" >> $GITHUB_ENV
+
+      - name: Build the Docker image
+        run: docker build . --file Dockerfile --tag ghcr.io/aorjoa-bootcamp/devops-java-example:${{ env.GITHUB_SHA }}
+
+      - name: Login ghcr.io
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: ${{ github.ref == 'refs/heads/main' }}
+          tags: ${{ env.GITHUB_SHA }}
+
+      - name: Push to GitHub Container Registry
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          tags: |
+            ghcr.io/aorjoa-bootcamp/devops-java-example:${{ env.GITHUB_SHA }}
+          push: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
+  # ==============
+  # CD task
+  # ==============
+  gitops-versioning:
+    runs-on: ubuntu-latest
+    needs: build-and-push-docker-image
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          repository: aorjoa-bootcamp/devops-argocd
+          persist-credentials: false
+          fetch-depth: 0
+      - name: change image tag
+        run: |
+          git --version
+          git config user.name "aorjoa"
+          git config user.email "root@aorjoa.link"
+          sed -i -E "s/ghcr.io\/aorjoa-bootcamp\/devops-java-example.*$/ghcr.io\/aorjoa-bootcamp\/devops-java-example:${GITHUB_SHA}/" kube-gitops/deployment.yml
+          git add kube-gitops/deployment.yml
+          git commit -m "🤖 change docker image version to ${GITHUB_SHA}"
+      - name: push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.PAT }}
+          repository: aorjoa-bootcamp/devops-argocd
+          branch: main
\ No newline at end of file