diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..ccaf293
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,87 @@
+kind: pipeline
+name: default
+type: docker
+
+steps:
+  - name: load_secret
+    image: debian:buster-slim
+    volumes:
+      - name: ssh
+        path: /root/.ssh/
+    environment:
+      SSH_KEY:
+        from_secret: gitea_id_ed25519
+    commands:
+      - mkdir -p $HOME/.ssh/
+      - echo "$SSH_KEY" | base64 -d > $HOME/.ssh/id_ed25519
+
+  - name: build
+    image: kasperhermansen/cuddle:latest
+    pull: always
+    volumes:
+      - name: ssh
+        path: /root/.ssh/
+      - name: dockersock
+        path: /var/run
+    commands:
+      - apk add bash git
+      - git remote set-url origin $DRONE_GIT_SSH_URL
+      - cuddle_cli x setup_ssh
+      - cuddle_cli x start_deployment
+      - cuddle_cli x render_templates
+      - cuddle_cli x build_release
+      - cuddle_cli x push_release
+      - cuddle_cli x deploy_release
+    environment:
+      DOCKER_BUILDKIT: 1
+      DOCKER_USERNAME:
+        from_secret: docker_username
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+      SSH_KEY:
+        from_secret: gitea_id_ed25519
+    depends_on:
+      - "load_secret"
+
+  - name: push_tags
+    image: kasperhermansen/drone-semantic-release:latest
+    pull: always
+    volumes:
+      - name: ssh
+        path: /root/.ssh/
+      - name: dockersock
+        path: /var/run
+    commands:
+      - semantic-release --no-ci
+    environment:
+      DOCKER_BUILDKIT: 1
+      SSH_KEY:
+        from_secret: gitea_id_ed25519
+    depends_on:
+      - build
+
+  - name: send telegram notification
+    image: appleboy/drone-telegram
+    settings:
+      token:
+        from_secret: telegram_token
+      to: 2129601481
+      format: markdown
+    depends_on:
+      - build
+      - push_tags
+    when:
+      status: [failure, success]
+
+services:
+  - name: docker
+    image: docker:dind
+    privileged: true
+    volumes:
+      - name: dockersock
+        path: /var/run
+volumes:
+  - name: ssh
+    temp: {}
+  - name: dockersock
+    temp: {}
diff --git a/.gitignore b/.gitignore
index c87c9b3..aa8f035 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,4 @@ yarn-error.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+.cuddle/
diff --git a/.releaserc.yml b/.releaserc.yml
new file mode 100644
index 0000000..eb429a2
--- /dev/null
+++ b/.releaserc.yml
@@ -0,0 +1,8 @@
+branches:
+  - "main"
+
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - "@semantic-release/changelog"
+  - "@semantic-release/git"
diff --git a/prod.docker-compose.yml b/prod.docker-compose.yml
deleted file mode 100644
index 187d919..0000000
--- a/prod.docker-compose.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-version: "3"
-
-services:
-  rawpotion-man:
-    build:
-      context: .
-      dockerfile: scripts/docker/prod.Dockerfile
-    restart: unless-stopped
-    ports:
-      - 3000:3000
diff --git a/scripts/build_release.sh b/scripts/build_release.sh
new file mode 100755
index 0000000..e194e7a
--- /dev/null
+++ b/scripts/build_release.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+set -e 
+
+base_tag=$REGISTRY/$SERVICE
+tag="$base_tag:${COMMIT_SHA:0:10}"
+latest_tag="$base_tag:latest"
+
+if [[ -n $DEBUG ]] 
+then
+  echo "debug:"
+  echo "  REGISTRY: $REGISTRY"
+  echo "  SERVICE: $SERVICE"
+  echo "  COMMIT_SHA: $COMMIT_SHA"
+  echo "  TMP: $TMP"
+fi
+
+echo "docker: logging in"
+docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+
+export DOCKER_BUILDKIT=1
+
+function pull_target {
+  target=$1
+  echo "pulling $target"
+  latest_target_tag="$base_tag-$target:latest"
+
+  docker pull $latest_target_tag
+}
+
+function build_target {
+  target=$1
+  echo "building $target"
+  latest_target_tag="$base_tag-$target:latest"
+
+  docker build \
+    --target "$target" \
+    --tag "$latest_target_tag" \
+    --build-arg BUILDKIT_INLINE_CACHE=1 \
+    --cache-from $latest_target_tag \
+    --file "$TMP/build_release.Dockerfile" .
+}
+
+pull_target "deps" &
+pull_target "builder" &
+wait
+
+build_target "deps"
+build_target "builder"
+
+docker build \
+  -t "$tag" \
+  --cache-from "$base_tag-deps:latest" \
+  --cache-from "$base_tag-builder:latest" \
+  --build-arg BUILDKIT_INLINE_CACHE=1 \
+  --cache-from $latest_tag \
+  -f "$TMP/build_release.Dockerfile" .
+docker tag "$tag" "$latest_tag"
+
diff --git a/scripts/deploy_release.sh b/scripts/deploy_release.sh
new file mode 100755
index 0000000..250eac4
--- /dev/null
+++ b/scripts/deploy_release.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+echo "deploying image"
+deploymentrepo="$TMP/deployments"
+
+cd $deploymentrepo
+
+git add . && git commit -m "Added release $SERVICE: ${COMMIT_SHA:0:10}" && git pull && git push
diff --git a/scripts/docker/prod.Dockerfile b/scripts/docker/prod.Dockerfile
deleted file mode 100644
index 5bdccce..0000000
--- a/scripts/docker/prod.Dockerfile
+++ /dev/null
@@ -1,63 +0,0 @@
-# Step 1. Rebuild the source code only when needed
-FROM node:18-alpine AS builder
-
-WORKDIR /app
-
-# Install dependencies based on the preferred package manager
-COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
-# Omit --production flag for TypeScript devDependencies
-RUN \
-  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
-  elif [ -f package-lock.json ]; then npm ci; \
-  elif [ -f pnpm-lock.yaml ]; then yarn global add pnpm && pnpm i; \
-  else echo "Lockfile not found." && exit 1; \
-  fi
-
-
-COPY src ./src
-COPY public ./public
-COPY posts ./posts
-COPY next.config.js .
-COPY tsconfig.json .
-
-# Environment variables must be present at build time
-# https://github.com/vercel/next.js/discussions/14030
-ARG ENV_VARIABLE
-ENV ENV_VARIABLE=${ENV_VARIABLE}
-ARG NEXT_PUBLIC_ENV_VARIABLE
-ENV NEXT_PUBLIC_ENV_VARIABLE=${NEXT_PUBLIC_ENV_VARIABLE}
-
-# Uncomment the following line to disable telemetry at build time
-# ENV NEXT_TELEMETRY_DISABLED 1
-
-RUN yarn build
-
-# Step 2. Production image, copy all the files and run next
-FROM node:18-alpine AS runner
-
-WORKDIR /app
-
-# Don't run production as root
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
-USER nextjs
-
-COPY --from=builder /app/public ./public
-
-# Automatically leverage output traces to reduce image size
-# https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
-COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
-COPY --from=builder --chown=nextjs:nodejs /app/posts ./posts
-
-# Environment variables must be redefined at run time
-ARG ENV_VARIABLE
-ENV ENV_VARIABLE=${ENV_VARIABLE}
-ARG NEXT_PUBLIC_ENV_VARIABLE
-ENV NEXT_PUBLIC_ENV_VARIABLE=${NEXT_PUBLIC_ENV_VARIABLE}
-
-# Uncomment the following line to disable telemetry at run time
-# ENV NEXT_TELEMETRY_DISABLED 1
-
-CMD node server.js
-
diff --git a/scripts/download.sh b/scripts/download.sh
new file mode 100755
index 0000000..bb7760a
--- /dev/null
+++ b/scripts/download.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e
+
+pnpm i
diff --git a/scripts/generate_graphql.sh b/scripts/generate_graphql.sh
new file mode 100755
index 0000000..524eb13
--- /dev/null
+++ b/scripts/generate_graphql.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -e
+
+cuddle_cli x download
+
+pnpm run generate:graphql
+pnpm run format:graphql
+
+git diff src/lib/graphql/generated.ts
diff --git a/scripts/push_release.sh b/scripts/push_release.sh
new file mode 100755
index 0000000..c06bc74
--- /dev/null
+++ b/scripts/push_release.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+set -e 
+
+base_tag="$REGISTRY/$SERVICE"
+tag="$base_tag:${COMMIT_SHA:0:10}"
+latest_tag="$base_tag:latest"
+
+if [[ -n $DEBUG ]] 
+then
+  echo "debug:"
+  echo "  REGISTRY: $REGISTRY"
+  echo "  SERVICE: $SERVICE"
+  echo "  COMMIT_SHA: $COMMIT_SHA"
+  echo "  TMP: $TMP"
+fi
+
+echo "docker: logging in"
+docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+
+export DOCKER_BUILDKIT=1
+
+function push_target {
+  target=$1
+  echo "pushing $target"
+  latest_target_tag="$base_tag-$target:latest"
+  docker push "$latest_target_tag"
+}
+
+function push_main_target {
+  echo "docker: pushing image $tag"
+  docker push "$tag"
+  docker push "$latest_tag"
+}
+
+push_target "deps" &
+push_target "builder" &
+push_main_target &
+wait
+
diff --git a/scripts/render_templates.sh b/scripts/render_templates.sh
new file mode 100755
index 0000000..31317d1
--- /dev/null
+++ b/scripts/render_templates.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+tag="$REGISTRY/$SERVICE:${COMMIT_SHA:0:10}"
+deploymentrepo="$TMP/deployments"
+
+CUDDLE_FETCH_POLICY=never cuddle_cli render_template \
+  --template-file "$TMP/docker-compose.deploy_release.yml.tmpl" \
+  --dest "$deploymentrepo/$SERVICE/docker-compose.yml" \
+  --extra-var "image=$tag"
diff --git a/scripts/setup_ssh.sh b/scripts/setup_ssh.sh
new file mode 100755
index 0000000..ae86915
--- /dev/null
+++ b/scripts/setup_ssh.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+if [ ! -d ~/.ssh ]; then
+  mkdir -p ~/.ssh
+  chmod 700 ~/.ssh
+fi
+
+if [ -n "$SSH_KEY" ]; then
+    SSH_KEY_ID="$HOME/.ssh/id_ed25519"
+    echo $SSH_KEY | base64 -d  > $SSH_KEY_ID
+
+    chmod 600 $SSH_KEY_ID
+
+    cat >$HOME/.ssh/config <<EOL
+Host git.front.kjuulh.io
+  IdentityFile ${SSH_KEY_ID}
+  IdentitiesOnly yes
+  UserKnownHostsFile=/dev/null
+  StrictHostKeyChecking no
+EOL
+
+fi
diff --git a/scripts/start_deployment.sh b/scripts/start_deployment.sh
new file mode 100755
index 0000000..6f97f32
--- /dev/null
+++ b/scripts/start_deployment.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+echo "Starting deployment"
+
+deploymentrepo="$TMP/deployments"
+
+[ -d $deploymentrepo ] && rm -rf $deploymentrepo 
+
+git clone "$DEPLOYMENTS" $deploymentrepo
+[ ! -d $deploymentrepo ] && echo "deployments could not be cloned aborting" && exit 1
+
+echo "$deploymentrepo"
+
+mkdir -p "$deploymentrepo/$SERVICE"
+
diff --git a/templates/build_release.Dockerfile b/templates/build_release.Dockerfile
new file mode 100644
index 0000000..e0c11a7
--- /dev/null
+++ b/templates/build_release.Dockerfile
@@ -0,0 +1,56 @@
+# Install dependencies only when needed
+FROM node:16-alpine AS deps
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+RUN yarn global add pnpm
+WORKDIR /app
+
+# Install dependencies based on the preferred package manager
+COPY package.json pnpm-lock.yaml* ./
+RUN pnpm i
+
+
+# Rebuild the source code only when needed
+FROM node:16-alpine AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# Next.js collects completely anonymous telemetry data about general usage.
+# Learn more here: https://nextjs.org/telemetry
+# Uncomment the following line in case you want to disable telemetry during the build.
+# ENV NEXT_TELEMETRY_DISABLED 1
+
+RUN yarn build
+
+# If using npm comment out above and use below instead
+# RUN npm run build
+
+# Production image, copy all the files and run next
+FROM node:16-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV production
+# Uncomment the following line in case you want to disable telemetry during runtime.
+# ENV NEXT_TELEMETRY_DISABLED 1
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# You only need to copy next.config.js if you are NOT using the default configuration
+# COPY --from=builder /app/next.config.js ./
+COPY --from=builder /app/public ./public
+COPY --from=builder /app/package.json ./package.json
+
+# Automatically leverage output traces to reduce image size
+# https://nextjs.org/docs/advanced-features/output-file-tracing
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+
+ENV PORT 3000
+
+CMD ["node", "server.js"]
diff --git a/templates/build_release.Dockerfile.dockerignore b/templates/build_release.Dockerfile.dockerignore
new file mode 100644
index 0000000..90b990a
--- /dev/null
+++ b/templates/build_release.Dockerfile.dockerignore
@@ -0,0 +1,7 @@
+.next/
+.git/
+.cuddle/
+node_modules/
+scripts/
+.drone.yml
+.releaserc.yml
diff --git a/templates/docker-compose.deploy_release.yml.tmpl b/templates/docker-compose.deploy_release.yml.tmpl
new file mode 100644
index 0000000..c1335f9
--- /dev/null
+++ b/templates/docker-compose.deploy_release.yml.tmpl
@@ -0,0 +1,9 @@
+version: '3.7'
+
+services:
+  {{ service }}:
+    image: {{ image }}
+    ports:
+      - {{ port }}
+    env_file: ".env"
+    restart: always