diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml
index e49a229..775091e 100644
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@@ -1,24 +1,46 @@
-# Build and Publish Docker image
-# Secrets required in Woodpecker: gitea_registry_username, gitea_package_token, discord_webhook_url
-# Project must be set to "Trusted" in Woodpecker for the Docker build step (privileged).
+# Build and Publish Docker image (uses host Docker socket, same pattern as mifi-ventures/landing)
+# Secrets required in Woodpecker: registry_username, registry_password, discord_webhook_url
 when:
   branch: main
   event: push
 
 steps:
-  - name: Build and Publish Docker Image
-    image: woodpeckerci/plugin-docker-buildx:latest
-    privileged: true
-    settings:
-      repo: git.mifi.dev/mifi-holdings/mail-autoconfig
-      registry: git.mifi.dev
-      auto_tag: true
-      logins:
-        - registry: git.mifi.dev
-          username:
-            from_secret: gitea_registry_username
-          password:
-            from_secret: gitea_package_token
+  - name: Docker image build
+    image: docker:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - set -e
+      - echo "=== Building Docker image ==="
+      - 'echo "Commit SHA: ${CI_COMMIT_SHA:0:8}"'
+      - |
+        docker build \
+          --tag git.mifi.dev/mifi-holdings/mail-autoconfig:${CI_COMMIT_SHA} \
+          --tag git.mifi.dev/mifi-holdings/mail-autoconfig:latest \
+          --label "git.commit=${CI_COMMIT_SHA}" \
+          --label "git.branch=${CI_COMMIT_BRANCH}" \
+          .
+
+  - name: Push to registry
+    image: docker:latest
+    environment:
+      REGISTRY_URL: git.mifi.dev
+      REGISTRY_REPO: git.mifi.dev/mifi-holdings/mail-autoconfig
+      REGISTRY_USERNAME:
+        from_secret: gitea_registry_username
+      REGISTRY_PASSWORD:
+        from_secret: gitea_package_token
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    depends_on:
+      - Docker image build
+    commands:
+      - set -e
+      - echo "=== Pushing to registry ==="
+      - echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" -u "$REGISTRY_USERNAME" --password-stdin
+      - docker push $REGISTRY_REPO:${CI_COMMIT_SHA}
+      - docker push $REGISTRY_REPO:latest
+      - echo "✓ Images pushed successfully"
 
   - name: Send Deploy Status Notification
     image: curlimages/curl