diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index ee38336ce..2c556641a 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -4,18 +4,15 @@ on:
   push:
     branches:
     - main
+    - gov_paas
   pull_request:
 
-concurrency: 'Beta - Production'
+concurrency: 'sandbox'
 
 defaults:
   run:
     shell: bash
 
-env:
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
 jobs:
 
   test:
@@ -73,65 +70,32 @@ jobs:
         run: |
           bundle exec rake
 
+
+
   deploy:
     name: Deploy
+
     runs-on: ubuntu-latest
-    environment: 'Beta - Production'
-    if: github.ref == 'refs/heads/main'
-    needs:
-      - test
-    timeout-minutes: 30
-    env:
-      AWS_REGION: eu-west-2
-      ECR_REPOSITORY: container-repository
-      ECS_SERVICE: app
-      ECS_CLUSTER: ecs-cluster
-      CONTAINER_NAME: app  # set this to the name of the container in the containerDefinitions section of your task definition
 
     steps:
-    - name: Checkout
+    - name: Checkout code
       uses: actions/checkout@v2
 
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
-        aws-region: ${{ env.AWS_REGION }}
-
-    - name: Login to Amazon ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v1
-
-    - name: Build, tag, and push the image to Amazon ECR
-      id: build-image
+    - name: Install cf client
       env:
-        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-        ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }}
-        IMAGE_TAG: ${{ github.sha }}
+        CF_CLI_VERSION: 7.0.0-beta.30
       run: |
-        # Build a docker container and push it to ECR
-        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
-        echo "Pushing image to ECR..."
-        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-        echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
-
-    - name: Download task definition
+        curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${CF_CLI_VERSION}" | tar -zx -C /tmp
+        sudo cp /tmp/cf7 /usr/local/bin/cf7
+    - name: Deploy
+      env:
+        CF_USERNAME: ${{ secrets.CF_USERNAME }}
+        CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
+        CF_API_ENDPOINT: ${{ secrets.CF_API_ENDPOINT }}
+        CF_SPACE: ${{ secrets.CF_SPACE }}
+        CF_ORG: ${{ secrets.CF_ORG }}
       run: |
-        aws ecs describe-task-definition --task-definition app --query taskDefinition > task-definition.json
-
-    - name: Fill in the new image ID in the Amazon ECS task definition
-      id: task-def
-      uses: aws-actions/amazon-ecs-render-task-definition@v1
-      with:
-        task-definition: task-definition.json
-        container-name: ${{ env.CONTAINER_NAME }}
-        image: ${{ steps.build-image.outputs.image }}
-
-    - name: Deploy Amazon ECS task definition
-      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-      with:
-        task-definition: ${{ steps.task-def.outputs.task-definition }}
-        service: ${{ env.ECS_SERVICE }}
-        cluster: ${{ env.ECS_CLUSTER }}
-        wait-for-service-stability: true
+        cf7 api $CF_API_ENDPOINT
+        cf7 auth
+        cf7 target -o $CF_ORG -s $CF_SPACE
+        cf7 push --strategy rolling