diff --git a/.github/workflows/_update_terraform.yml b/.github/workflows/_update_terraform.yml
new file mode 100644
index 00000000..10ed7d80
--- /dev/null
+++ b/.github/workflows/_update_terraform.yml
@@ -0,0 +1,60 @@
+name: Update Terraform
+on:
+  workflow_call:
+    secrets:
+      PERSONAL_ACCESS_TOKEN:
+        required: true
+    inputs:
+      image_tag:
+        description: Tag for the image for docker/ghcr registries
+        required: true
+        type: string
+      deployment_environment:
+        description: The terraform target environment
+        required: true
+        type: string
+        default: staging
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    env:
+      GIT_SHA: ${{ github.sha }}
+      GIT_TAG: ${{ inputs.image_tag }}
+    steps:
+      - name: Checkout terraform config repo
+        uses: actions/checkout@v4
+        with:
+          # public repo with terraform configuration
+          repository: 'datacite/mastino'
+          persist-credentials: false
+      - name: Setup dokerize and template parameters
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          wget https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz
+          tar -xzvf dockerize-linux-amd64-v0.6.0.tar.gz
+          rm dockerize-linux-amd64-v0.6.0.tar.gz
+
+      - name: Conditionally update staging environment
+        if: ${{ (inputs.deployment_environment == 'staging') }}
+        run: |
+          ./dockerize -template stage/services/levriero/_levriero.auto.tfvars.tmpl:stage/services/levriero/_levriero.auto.tfvars
+          git add stage/services/levriero/_levriero.auto.tfvars
+          git commit -m "Adding levriero git variables for commit ${{ github.sha }}"
+
+      - name: Conditionally update production/test environments
+        if: ${{ (inputs.deployment_environment == 'production') }}
+        run: |
+          ./dockerize -template prod-eu-west/services/levriero/_levriero.auto.tfvars.tmpl:prod-eu-west/services/levriero/_levriero.auto.tfvars
+          ./dockerize -template test/services/levriero/_levriero.auto.tfvars.tmpl:test/services/levriero/_levriero.auto.tfvars
+
+          git add prod-eu-west/services/levriero/_levriero.auto.tfvars
+          git add test/services/levriero/_levriero.auto.tfvars
+          git commit -m "Adding levriero git variables for tag ${{ inputs.image_tag }}"
+      - name: Push changes
+        uses: ad-m/github-push-action@v0.6.0
+        with:
+          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          repository: 'datacite/mastino'
+          branch: 'refs/heads/master'
+          tags: false
diff --git a/.github/workflows/branch_to_staging.yml b/.github/workflows/branch_to_staging.yml
new file mode 100644
index 00000000..91b044f6
--- /dev/null
+++ b/.github/workflows/branch_to_staging.yml
@@ -0,0 +1,21 @@
+name: Build/Deploy Branch to Staging
+on:
+  workflow_dispatch:
+jobs:
+  test:
+    uses: ./.github/workflows/parallel_ci.yml
+    secrets: inherit
+  call_build_and_push:
+    needs: test
+    uses: ./.github/workflows/build.yml
+    with:
+      image_name: ${{ github.repository }}
+      image_tag: ${{ github.ref_name }}
+    secrets: inherit
+  deploy:
+    needs: [test, call_build_and_push]
+    uses: ./.github/workflows/_update_terraform.yml
+    with:
+      image_tag: ${{ github.ref_name }}
+      deployment_environment: staging
+    secrets: inherit
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000..6379bd89
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,54 @@
+name: Build and Tag
+on:
+  workflow_call:
+    secrets:
+      DOCKERHUB_USERNAME:
+        required: true
+      DOCKERHUB_TOKEN:
+        required: true
+    inputs:
+      image_name:
+        description: The name of the image for docker/ghcr registries
+        required: true
+        type: string
+      image_tag:
+        description: Tag for the image for docker/ghcr registries
+        required: true
+        type: string
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and Push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ${{ inputs.image_name }}:${{ inputs.image_tag }}
+            ghcr.io/${{ inputs.image_name }}:${{ inputs.image_tag }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache