diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index d0b5312..44284f3 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -3,12 +3,19 @@ on:
     branches:
       - '*'
 jobs:
-  build:
+  build_website:
+    permissions:
+      # these permissions are needed to authenticate with gcloud
+      contents: 'read'
+      id-token: 'write'
+    env:
+      IMAGE_NAME: lichturm-website
+      IMAGE_TAG: prod
     runs-on: ubuntu-latest
     steps:
 
       - name: Checkout Repo
-        uses: actions/checkout@master
+        uses: actions/checkout@v4
 
       - name: Build Website
       # TODO: pick a version?
@@ -23,14 +30,18 @@ jobs:
           name: website
           path: './public'
 
+      #https://github.com/google-github-actions/auth
       - name: Google Auth
         id: auth
         uses: 'google-github-actions/auth@v2'
         with:
           token_format: 'access_token'
-          project_id: ${{ env.PROJECT_ID }}
-          service_account: ${{ env.SERVICE_ACCOUNT }}
-          workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ secrets.PROJECT_ID }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          #project_id: bob
+          #service_account: 123
+          #workload_identity_provider: xyz
 
       - name: Docker Auth
         id: docker-auth
@@ -38,25 +49,26 @@ jobs:
         with:
           username: 'oauth2accesstoken'
           password: '${{ steps.auth.outputs.access_token }}'
-          registry: '${{ env.CONTAINER_REGISTRY_URL }}-docker.pkg.dev'
+          registry: '${{ secrets.CONTAINER_REGISTRY_URL }}-docker.pkg.dev'
 
       - name: Build and Push Container
         run: |-
-          docker build -t "${{ env.AR_URL }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" ./
-          docker push "${{ env.AR_URL }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
+          docker buildx build -t "bobobobo/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} ."
+          docker push "${{ secrets.CONTAINER_REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
 
-      # upload to s3
-      - name: Install s3cmd
-        run: |
-          pip install s3cmd
-      - name: Configure s3cmd
-        run: |
-          echo "[default]" > ~/.s3cfg
-          echo "access_key = ${{ secrets.S3_KEY_ID }}" >> ~/.s3cfg
-          echo "secret_key = ${{ secrets.S3_SECRET_KEY }}" >> ~/.s3cfg
-          echo "host_base = fsn1.your-objectstorage.com" >> ~/.s3cfg
-          echo "host_bucket = %(bucket)s.fsn1.your-objectstorage.com" >> ~/.s3cfg
-      - name: Upload files to Hetzner S3
-        # with this configuration, the bucket should be specified as e.g. "s3://bucket1"
-        run: |
-          s3cmd sync ./public ${{ secrets.S3_BUCKET }} --delete-removed
+#      - name: Install s3cmd
+#        run: |
+#          pip install s3cmd
+#
+#      - name: Configure s3cmd
+#        run: |
+#          echo "[default]" > ~/.s3cfg
+#          echo "access_key = ${{ secrets.S3_KEY_ID }}" >> ~/.s3cfg
+#          echo "secret_key = ${{ secrets.S3_SECRET_KEY }}" >> ~/.s3cfg
+#          echo "host_base = fsn1.your-objectstorage.com" >> ~/.s3cfg
+#          echo "host_bucket = %(bucket)s.fsn1.your-objectstorage.com" >> ~/.s3cfg
+#
+#      - name: Upload files to Hetzner S3
+#        # with this configuration, the bucket should be specified as e.g. "s3://bucket1"
+#        run: |
+#          s3cmd sync ./public ${{ secrets.S3_BUCKET }} --delete-removed