diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 10f03be..9027f81 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   build-and-deploy:
-    runs-on: ubuntu-latest # Use the label matching your Gitea runner
+    runs-on: prod # Use the label matching your Gitea runner
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -24,14 +24,45 @@ jobs:
         with:
           maven-version: '3.9.9'
 
+      - name: compile with Maven
+        run: mvn compile -file pom.xml
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }
+
+      # Trivy Scan
+      - name: Trivy Scan
+        run: docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest image actions-app:${{ github.sha}}
+        
       - name: Build with Maven
         run: mvn -B package --file pom.xml
 
-      - name: Deploy to Docker
+      - name: Log in to Nexus Repository
+        uses: docker/login-action@v2
+        with:
+          registry: nexus.example.com:16002
+          username: ${{ secrets.NEXUS_USERNAME }}
+          password: ${{ secrets.NEXUS_PASSWORD }}   
+
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: nexus.example.com:16002/myproject/app:${{ github.sha }}  
+
+      - name: Build Docker image 
         run: |
           # Assuming Docker is installed and configured on runner or server
           # Build docker image
           docker build -t my-java-app:latest .
+
+   
+
           # Stop previous container if running
           docker stop my-java-app || true
           docker rm my-java-app || true