diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index a53c28c..6b331e3 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,24 +1,26 @@
+name: deploy-gitea-gce
 on:
   workflow_dispatch:
-    inputs:
-      app:
-        description: 'App to deploy'
-        required: true
-        type: choice
-        options: [gitea, runner]
+permissions:
+  contents: read
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    env:
-      FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
-      GITEA_APP_NAME: ${{ vars.FLY_APP_NAME }}
-      RUNNER_APP_NAME: ${{ vars.RUNNER_APP_NAME }}
-      GITEA_URL: ${{ vars.GITEA_URL }}
-      GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets.GITEA_RUNNER_REGISTRATION_TOKEN }}
     steps:
       - uses: actions/checkout@v4
-      - uses: superfly/flyctl-actions/setup-flyctl@master
-      - if: github.event.inputs.app == 'gitea'
-        run: flyctl apps create "${GITEA_APP_NAME:?FLY_APP_NAME var not set}" --org personal || true; flyctl volumes create gitea_data --size 1 --region lax -a "$GITEA_APP_NAME" --yes || true; flyctl secrets set -a "$GITEA_APP_NAME" --stage "GITEA__server__DOMAIN=${GITEA_URL:?GITEA_URL var not set}" "GITEA__server__ROOT_URL=https://${GITEA_URL}"; flyctl deploy --remote-only -c fly.toml -a "$GITEA_APP_NAME"
-      - if: github.event.inputs.app == 'runner'
-        run: flyctl apps create "${RUNNER_APP_NAME:?RUNNER_APP_NAME var not set}" --org personal || true; flyctl volumes create runner_data --size 1 --region lax -a "$RUNNER_APP_NAME" --yes || true; flyctl secrets set -a "$RUNNER_APP_NAME" --stage "GITEA_INSTANCE_URL=https://${GITEA_URL:?GITEA_URL var not set}" "GITEA_RUNNER_REGISTRATION_TOKEN=${GITEA_RUNNER_REGISTRATION_TOKEN:?GITEA_RUNNER_REGISTRATION_TOKEN secret not set}"; flyctl deploy --remote-only -c runner/fly.toml -a "$RUNNER_APP_NAME"
+      - name: Extract project_id
+        id: pj
+        run: |
+          echo "pid=$(jq -r .project_id <<< '${{ secrets.GCP_SA_KEY_JSON }}')" >> $GITHUB_OUTPUT
+      - uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY_JSON }}
+      - uses: hashicorp/setup-terraform@v3
+      - name: Terraform Init
+        working-directory: terraform
+        run: terraform init
+      - name: Terraform Apply
+        working-directory: terraform
+        env:
+          TF_VAR_project_id: ${{ steps.pj.outputs.pid }}
+        run: terraform apply -auto-approve
\ No newline at end of file