diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
new file mode 100644
index 0000000..3f94b11
--- /dev/null
+++ b/.gitea/workflows/deploy.yaml
@@ -0,0 +1,90 @@
+name: 构建并部署前端到测试环境
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - test
+
+env:
+  REGISTRY: registry.boss160.cn
+  IMAGE_NAME: registry.boss160.cn/junhong/cmp-admin-web
+  DEPLOY_DIR: /opt/junhong_cmp_web
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 检出代码
+        run: |
+          export PATH="$HOME/.nix-profile/bin:/usr/local/bin:/usr/bin:/bin:$PATH"
+          export GIT_SSL_NO_VERIFY=1
+          git clone https://git.boss160.cn/luo/one-pipe-system.git .
+          git checkout ${{ github.sha }}
+
+      - name: 设置镜像标签
+        id: tag
+        run: |
+          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
+            echo "tag=latest" >> $GITHUB_OUTPUT
+          elif [ "${{ github.ref }}" = "refs/heads/dev" ]; then
+            echo "tag=dev" >> $GITHUB_OUTPUT
+          elif [ "${{ github.ref }}" = "refs/heads/test" ]; then
+            echo "tag=test" >> $GITHUB_OUTPUT
+          else
+            echo "tag=unknown" >> $GITHUB_OUTPUT
+          fi
+
+      - name: 登录 Docker Registry
+        run: |
+          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login "${{ env.REGISTRY }}" --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+
+      - name: 构建前端镜像
+        run: |
+          docker build -t ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} .
+          docker tag ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} ${{ env.IMAGE_NAME }}:${{ github.sha }}
+
+      - name: 推送镜像到 Registry
+        run: |
+          docker push ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}
+          docker push ${{ env.IMAGE_NAME }}:${{ github.sha }}
+
+      - name: 部署到本地（仅 main 分支）
+        if: github.ref == 'refs/heads/main'
+        run: |
+          # 确保部署目录存在
+          mkdir -p ${{ env.DEPLOY_DIR }}
+
+          echo "当前工作目录: $(pwd)"
+          echo "当前目录内容:"
+          ls -la
+
+          # 更新 docker-compose.prod.yml
+          echo "更新部署配置文件..."
+          cp -v docker-compose.prod.yml ${{ env.DEPLOY_DIR }}/
+
+          cd ${{ env.DEPLOY_DIR }}
+
+          echo "拉取最新镜像..."
+          docker compose -f docker-compose.prod.yml pull
+
+          echo "重启服务..."
+          docker compose -f docker-compose.prod.yml up -d
+
+          echo "等待服务启动..."
+          sleep 5
+
+          echo "部署完成！"
+          docker compose -f docker-compose.prod.yml ps
+
+      - name: 构建结果通知
+        if: always()
+        run: |
+          if [ "${{ job.status }}" = "success" ]; then
+            echo "构建成功: ${{ steps.tag.outputs.tag }}"
+            echo "镜像标签: ${{ github.sha }}"
+          else
+            echo "构建失败"
+          fi
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..0c7e083
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,60 @@
+# ================================
+# 阶段 1: 构建阶段
+# ================================
+FROM --platform=linux/amd64 node:20-alpine AS builder
+
+# 使用阿里云镜像源加速
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
+
+# 设置工作目录
+WORKDIR /build
+
+# 安装 pnpm
+RUN corepack enable && corepack prepare pnpm@latest --activate
+
+# 设置 npm 镜像源
+RUN pnpm config set registry https://registry.npmmirror.com
+
+# 复制 package.json 和 pnpm-lock.yaml（利用 Docker 缓存）
+COPY package.json pnpm-lock.yaml ./
+
+# 安装依赖
+RUN pnpm install --frozen-lockfile
+
+# 复制源代码
+COPY . .
+
+# 构建生产版本
+RUN pnpm build
+
+# ================================
+# 阶段 2: 运行阶段
+# ================================
+FROM --platform=linux/amd64 nginx:alpine
+
+# 使用阿里云镜像源加速
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
+
+# 设置时区
+RUN apk add --no-cache tzdata && \
+    cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
+    echo "Asia/Shanghai" > /etc/timezone
+
+# 删除默认 nginx 配置
+RUN rm -rf /etc/nginx/conf.d/default.conf
+
+# 复制自定义 nginx 配置
+COPY docker/nginx.conf /etc/nginx/conf.d/default.conf
+
+# 从构建阶段复制构建产物
+COPY --from=builder /build/dist /usr/share/nginx/html
+
+# 暴露端口
+EXPOSE 80
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:80/health || exit 1
+
+# 启动 nginx
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
new file mode 100644
index 0000000..aae950b
--- /dev/null
+++ b/docker-compose.prod.yml
@@ -0,0 +1,26 @@
+version: '3.8'
+
+services:
+  web:
+    image: registry.boss160.cn/junhong/cmp-admin-web:latest
+    container_name: junhong-cmp-web
+    restart: unless-stopped
+    ports:
+      - '3001:80'
+    networks:
+      - junhong-network
+    healthcheck:
+      test: ['CMD', 'wget', '--no-verbose', '--tries=1', '--spider', 'http://127.0.0.1:80/health']
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 5s
+    logging:
+      driver: 'json-file'
+      options:
+        max-size: '10m'
+        max-file: '3'
+
+networks:
+  junhong-network:
+    driver: bridge
diff --git a/docker/nginx.conf b/docker/nginx.conf
new file mode 100644
index 0000000..94468c2
--- /dev/null
+++ b/docker/nginx.conf
@@ -0,0 +1,31 @@
+server {
+    listen 80;
+    server_name localhost;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_proxied any;
+    gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/xml;
+    gzip_comp_level 6;
+
+    location /health {
+        access_log off;
+        return 200 'OK';
+        add_header Content-Type text/plain;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+    }
+
+    error_page 404 /index.html;
+}