diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index d8b439d..460db89 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -4,34 +4,79 @@ on:
   push:
     branches:
       - placeholder
+      - android-fix-wip
+      - main
+      - ci-fix
   workflow_dispatch:
 
+permissions:
+  id-token: write
+
+env:
+  AZURE_CORE_OUTPUT: none
+
 jobs:
-  build-and-deploy:
+  build:
     runs-on: ubuntu-latest
-    environment:
-      name: 'Production'
-
+    environment: Production
     steps:
       - uses: actions/checkout@v2
 
-      - name: Login via Azure CLI
-        uses: azure/login@v1
+      - name: Log in to Azure
+        uses: azure/login@v2
         with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
+          client-id: ${{ secrets.CLIENT_ID }}
+          tenant-id: ${{ secrets.TENANT_ID }}
+          allow-no-subscriptions: true
 
       - name: Docker login to ACR
-        uses: azure/docker-login@v1
+        run: az acr login --name ${{ secrets.REGISTRY_NAME }}
+
+      - name: Set up Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          context: app
+          push: true
+          tags: ${{ secrets.REGISTRY_NAME }}.azurecr.io/kiltiskamera/backend:${{ github.sha }}
+          cache-from: type=gha,ref=${{ github.ref_name }}
+          cache-to: type=gha,mode=max
+          allow: |
+            network.host
+          network: host
+
+      - name: Azure logout
+        run: |
+          az logout
+
+  deploy:
+    runs-on: ubuntu-latest
+    environment: production
+    needs: build
+    steps:
+      - uses: actions/checkout@v2
+      - name: Log in to Azure
+        uses: Azure/login@v2
         with:
-          login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
+          client-id: ${{ secrets.CLIENT_ID }}
+          tenant-id: ${{ secrets.TENANT_ID }}
+          allow-no-subscriptions: true
+
+      - name: Docker login to ACR
+        run: az acr login --name ${{ secrets.REGISTRY_NAME }}
 
-      - name: Build and push
+      # Would like to use azure/webapps-deploy but it doesn't seem to work with OIDC.
+      - name: Deploy from ACR
         run: |
-          docker build . -t ${{ secrets.REGISTRY_LOGIN_SERVER }}/kiltiskamera/kamera
-          docker push ${{ secrets.REGISTRY_LOGIN_SERVER }}/kiltiskamera/kamera
-    
+          az webapp config container set \
+            --container-image-name ${{ secrets.REGISTRY_NAME }}.azurecr.io/kiltiskamera/backend:${{ github.sha }} \
+            --container-registry-url https://${{ secrets.REGISTRY_NAME }}.azurecr.io \
+            --subscription ${{ secrets.SUBSCRIPTION }} \
+            --resource-group kiltiskamera_group \
+            --name kiltiskamera
+
       - name: Azure logout
         run: |
-          az logout
\ No newline at end of file
+          az logout