diff --git a/.woodpecker.yml b/.woodpecker.yml
index 541eef8..01bc6cc 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -3,36 +3,8 @@ kind: pipeline
 type: docker
 name: build-and-deploy
 
-workspace:
-  base: /woodpecker
-  path: src
-
-clone:
-  depth: 50
-
-volumes:
-  - name: docker-sock
-    host:
-      path: /var/run/docker.sock
-
 steps:
-  - name: build-and-push
-    image: docker:24.0-cli
-    privileged: true
-    volumes:
-      - name: docker-sock
-        path: /var/run/docker.sock
-    commands:
-      - set -eu
-      - REG=us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
-      - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
-      - docker buildx create --use --name woodpecker || true
-      - for svc in server1 server2 server3 nginx; do docker buildx build -f Dockerfile.${svc} -t ${REG}/${svc}:${TAG} --push .; done
-    when:
-      event: [push, manual]
-      branch: [master]
-
-  - name: ssh-deploy
+  ssh-deploy:
     image: google/cloud-sdk:latest
     entrypoint:
       - bash
@@ -47,23 +19,30 @@ steps:
 
         gcloud secrets versions access latest --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519;
         chmod 600 ~/.ssh/id_ed25519;
-        echo "🔑  SSH prerequisites installed";
+        echo "🔑 SSH prerequisites installed";
 
-        IMG_TAG=$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev | tr -d '\n');
-        echo "📦  IMG_TAG=${IMG_TAG}";
+        echo "📦 CI_COMMIT_SHA: ${CI_COMMIT_SHA:-unset}";
+        TAG="${CI_COMMIT_SHA:-}";
+        if [ -z "$TAG" ]; then echo "❌ CI_COMMIT_SHA is blank. Aborting."; exit 1; fi;
+        TAG=$(echo "$TAG" | head -c 8);
+        echo "🚀 Deploying tag ${TAG} to staging";
 
         ssh -o StrictHostKeyChecking=yes -i ~/.ssh/id_ed25519 jcoakley@10.128.0.12 \
-        "set -euo pipefail; \
-         export IMG_TAG=${IMG_TAG}; \
+        "export IMG_TAG=${TAG}; \
          cd /home/jcoakley/aptiva-staging-app; \
-         echo 'Pulling containers for tag ${IMG_TAG}'; \
+         echo 'IMG_TAG = ${IMG_TAG}'; \
+         echo '→ Pulling containers'; \
          docker compose pull; \
-         echo 'Re-creating services'; \
+         echo '→ Recreating services'; \
          docker compose up -d --force-recreate --remove-orphans; \
-         echo '✅  Staging stack refreshed with tag ${IMG_TAG}'"
+         echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
     secrets:
       - STAGING_SSH_KEY
       - STAGING_KNOWN_HOSTS
-    when:
-      event:
-        - push
+
+environment:
+  CI_COMMIT_SHA: ${CI_COMMIT_SHA}
+
+when:
+  event:
+    - push