diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..9e92da5
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,104 @@
+name: CI/CD - Build, Test, and Deploy
+
+on:
+    pull_request:
+        branches:
+            - main
+            - dev
+    push:
+        branches:
+            - main
+            - dev
+    workflow_dispatch:
+
+permissions:
+    id-token: write
+    contents: read
+
+env:
+    AWS_REGION: ap-northeast-2
+    ECR_REPOSITORY: first-ticket/program-service
+    GITHUB_USER: ${{ secrets.GH_USER }}
+    GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+
+jobs:
+    build-and-test:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v6
+
+            - name: Set up JDK 21
+              uses: actions/setup-java@v5
+              with:
+                  java-version: '21'
+                  distribution: 'temurin'
+
+            - name: Set up Gradle
+              uses: gradle/actions/setup-gradle@v6
+
+            - name: Grant execute permission to gradlew
+              run: chmod +x gradlew
+
+            - name: Build & Test
+              run: ./gradlew build --no-daemon
+
+            - name: Upload test report (on failure)
+              if: failure()
+              uses: actions/upload-artifact@v5
+              with:
+                  name: test-report
+                  path: build/reports/tests/
+                  retention-days: 7
+
+    push-to-ecr:
+        needs: build-and-test
+        if: |
+            github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v6
+
+            - name: Configure AWS credentials (OIDC)
+              uses: aws-actions/configure-aws-credentials@v6
+              with:
+                  role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+                  aws-region: ${{ env.AWS_REGION }}
+
+            - name: Login to Amazon ECR
+              id: ecr-login
+              uses: aws-actions/amazon-ecr-login@v2
+
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+
+            - name: Build, tag, and push image to ECR
+              env:
+                  REGISTRY: ${{ steps.ecr-login.outputs.registry }}
+                  IMAGE_TAG: ${{ github.sha }}
+              run: |
+                  docker buildx build --platform linux/amd64 \
+                    --build-arg GITHUB_USER=${{ secrets.GH_USER }} \
+                    --secret id=github_token,env=GITHUB_TOKEN \
+                    -t $REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
+                    -t $REGISTRY/$ECR_REPOSITORY:latest \
+                    --push \
+                    .
+
+            - name: Show pushed image
+              run: |
+                  echo "✅ Pushed: $ECR_REPOSITORY:${{ github.sha }}"
+                  echo "✅ Pushed: $ECR_REPOSITORY:latest"
+
+            - name: Download task definition
+              run: |
+                  aws ecs describe-task-definition --task-definition program-service \
+                    --query taskDefinition > task-definition.json
+
+            - name: Deploy to ECS
+              uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+              with:
+                  task-definition: task-definition.json
+                  service: program-service
+                  cluster: first-ticket-cluster
+                  wait-for-service-stability: false
diff --git a/Dockerfile b/Dockerfile
index 1ff21fd..2227423 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,6 +9,7 @@ WORKDIR /app
 COPY gradlew .
 COPY gradle gradle
 COPY build.gradle settings.gradle ./
+RUN chmod +x gradlew
 
 # 2. 의존성 미리 다운로드
 ARG GITHUB_USER
@@ -44,7 +45,7 @@ COPY --from=builder --chown=spring:spring /app/application/ ./
 # [중요] 7. 런타임 환경에 .env 파일 주입
 # docker-compose에서 env_file을 사용하더라도,
 # 애플리케이션 내부에서 직접 파일을 읽는 설정을 위해 복사해두는 것이 안전합니다.
-COPY --chown=spring:spring .env .env
+#COPY --chown=spring:spring .env .env
 
 USER spring
 
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index b5f131e..f4bc9ed 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -17,6 +17,11 @@ spring:
             discovery:
                 enabled: true
                 service-id: config-server
+        inetutils:
+            preferred-networks:
+                - 10\.
+                - 172\.
+                - 192\.168\.
 
     profiles:
         active: local  # 기본 로컬 실행
diff --git a/src/test/java/com/firstticket/programservice/ProgramserviceApplicationTests.java b/src/test/java/com/firstticket/programservice/ProgramserviceApplicationTests.java
deleted file mode 100644
index bef091d..0000000
--- a/src/test/java/com/firstticket/programservice/ProgramserviceApplicationTests.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package com.firstticket.programservice;
-
-import org.junit.jupiter.api.Test;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.context.ActiveProfiles;
-
-@ActiveProfiles("test")
-@SpringBootTest
-class ProgramserviceApplicationTests {
-
-    @Test
-    void contextLoads() {
-    }
-
-}