diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0449ae4..4672ae4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: Build Docker Image
+name: Build and Deploy
 
 on:
   workflow_dispatch:
@@ -9,18 +9,55 @@ on:
   release:
     types: [created]
 
-
 jobs:
+  # Update lockfile for Dependabot PRs
+  update-lockfile:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/')
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+      
+      - uses: oven-sh/setup-bun@v1
+      
+      - name: Install and update lockfile
+        run: bun install
+      
+      - name: Commit and push updated lockfile
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add bun.lock
+          git commit -m "chore: update lockfile (auto-fix for Dependabot PR)" || exit 0
+          git push
+
+  # Build and push Docker image
   build:
     runs-on: ubuntu-latest
-
+    needs: [update-lockfile]
+    # Run this job if:
+    # 1. This is NOT a PR (like push to main or release)
+    # 2. OR this is a PR but NOT from Dependabot
+    # 3. OR this is a Dependabot PR AND the update-lockfile job completed successfully
+    if: |
+      github.event_name != 'pull_request' || 
+      (github.event_name == 'pull_request' && !startsWith(github.head_ref, 'dependabot/')) ||
+      (github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/') && needs.update-lockfile.result == 'success')
+    
     permissions:
       contents: read
       packages: write
-
+    
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/') && github.head_ref || '' }}
 
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
diff --git a/.github/workflows/update-lockfile.yml b/.github/workflows/update-lockfile.yml
deleted file mode 100644
index 1ba69e4..0000000
--- a/.github/workflows/update-lockfile.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: Update Bun Lockfile
-
-on:
-  pull_request:
-    paths:
-      - 'package.json'
-
-jobs:
-  fix-lockfile:
-    runs-on: ubuntu-latest
-    if: startsWith(github.head_ref, 'dependabot/')
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
-      - uses: oven-sh/setup-bun@v1
-      - name: Install and update lockfile
-        run: |
-          bun install
-      - name: Commit and push updated lockfile
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git add bun.lock
-          git commit -m "chore: update lockfile (auto-fix for Dependabot PR)" || exit 0
-          git push
\ No newline at end of file