diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4a29e4d1e91fd17aa5f2f189ae23dd85d781d206..db39d906424061d26f8c6be3448c2de5f20feddb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -93,7 +93,7 @@ docker-bench-security:
             - pica-etherpad/*
             - pica-dokuwiki/*
 
-deployment-pica01-test: 
+deployment-test: 
     stage: deployment
     before_script:
         - apk update
@@ -129,3 +129,42 @@ deployment-pica01-test:
             - pica-etherpad/*
             - pica-dokuwiki/*
 
+deployment-prod: 
+    stage: deployment
+    before_script:
+        - apk update
+        - apk add wget py-pip git iproute2
+        - pip install docker-compose        
+        - chmod +x get-modified-image.sh 
+        - export MODIFIED_IMAGE_FULL=$(./get-modified-image.sh)
+        - export MODIFIED_IMAGE=$(echo $MODIFIED_IMAGE_FULL | cut -d ':' -f1)
+        - export CURRENT_CONTAINER_ID=$(docker container ls -a | grep pica-dokuwiki| cut -d ' ' -f1)
+        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
+        - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
+        - docker logout $REGISTRY
+        - echo $REGISTRY_PROD_PASSWORD | docker login $REGISTRY_PROD -u $REGISTRY_PROD_USERNAME --password-stdin
+        - docker tag $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest  $REGISTRY_PROD/$MODIFIED_IMAGE_FULL
+        - docker push $REGISTRY_PROD/$MODIFIED_IMAGE_FULL
+        - docker logout $REGISTRY_PROD
+        - export REMOTE_HOSTNAME=pica01
+        - export DOCKER_HOST=tcp://$REMOTE_HOSTNAME.picasoft.net:2376
+        - export DOCKER_TLS_VERIFY=1
+        - export DOCKER_CERT_PATH=/tmp/certs
+        - mkdir -p $DOCKER_CERT_PATH
+        - echo "$PROD_DOCKER_CA_CERT" > $DOCKER_CERT_PATH/ca.pem
+        - echo "$PROD_DOCKER_CLIENT_CERT" > $DOCKER_CERT_PATH/cert.pem
+        - echo "$PROD_DOCKER_CLIENT_KEY" > $DOCKER_CERT_PATH/key.pem
+    script:   
+        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
+        - docker pull $REGISTRY/$MODIFIED_IMAGE_FULL
+        - docker logout $REGISTRY
+        - cd pica-etherpad
+        - docker-compose up -d --force-recreate --remove-orphans $(cat docker-compose.yml | grep $MODIFIED_IMAGE -B1 | head -n1 | cut -d ':' -f1)
+    after_script:
+        - rm -rf $DOCKER_CERT_PATH
+    tags: [build]
+    only:
+        changes:
+            - pica-etherpad/*
+    when: manual
+
diff --git a/pica-etherpad/clair-whitelist.yml b/pica-etherpad/clair-whitelist.yml
index aaf17312887d48dbf29dd356e22daf073a0f812e..c6e65fe7cd089113a87d82ed8f78c9b63cb66683 100644
--- a/pica-etherpad/clair-whitelist.yml
+++ b/pica-etherpad/clair-whitelist.yml
@@ -12,4 +12,4 @@ generalwhitelist:
     CVE-2018-1000001: glibc -> Pas de contre mesure
     CVE-2017-1000408: glibc -> Pas de contre mesure
     CVE-2018-6954: systemd -> Pas de contre mesure
-    CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure 
\ No newline at end of file
+    CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure
\ No newline at end of file