diff --git a/.github/workflows/nextjs-prod-CI.yml b/.github/workflows/nextjs-prod-CI.yml
index 43795c20..7a537544 100644
--- a/.github/workflows/nextjs-prod-CI.yml
+++ b/.github/workflows/nextjs-prod-CI.yml
@@ -20,10 +20,25 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          npm ci
+          npm install -g npm@latest
+
+      - name: Lint
+        run: npm run lint
+
       - name: Get latest tag
         id: get_latest_tag
         run: |
@@ -52,26 +67,30 @@ jobs:
           git tag ${{ steps.bump_version.outputs.NEW_TAG }}
           git push https://$PAT@github.com/${{ github.repository }}.git ${{ steps.bump_version.outputs.NEW_TAG }}
 
-      - name: Set up environment variables
-        run: |
-          echo "NEXT_PUBLIC_SERVER_URL=${{ secrets.NEXT_PUBLIC_SERVER_URL }}" >> .env.local
-          echo "ACCESS_KEY=${{ secrets.ACCESS_KEY }}" >> .env.local
-          echo "ACCESS_SECRET_KEY=${{ secrets.ACCESS_SECRET_KEY }}" >> .env.local
-          echo "NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}" >> .env.local
-          echo "NEXTAUTH_URL=${{ secrets.NEXTAUTH_URL }}" >> .env.local
-
-      - name: Build the Docker image
-        run: |
-          docker build -t ${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }} --platform linux/amd64 .
-          docker tag ${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }} ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to KCR
-        run: |
-          echo "${{ secrets.ACCESS_SECRET_KEY }}" | docker login ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev -u "${{ secrets.ACCESS_KEY }}" --password-stdin
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev
+          username: ${{ secrets.ACCESS_KEY }}
+          password: ${{ secrets.ACCESS_SECRET_KEY }}
 
-      - name: Push to KCR
-        run: |
-          docker push ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }}
+            ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            NEXT_PUBLIC_SERVER_URL=${{ secrets.NEXT_PUBLIC_SERVER_URL }}
+            NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}
+            NEXTAUTH_URL=${{ secrets.NEXTAUTH_URL }}
 
       - name: Create Release
         uses: actions/create-release@v1
@@ -81,4 +100,4 @@ jobs:
           tag_name: ${{ steps.bump_version.outputs.NEW_TAG }}
           release_name: Release ${{ steps.bump_version.outputs.NEW_TAG }}
           draft: false
-          prerelease: false
+          prerelease: false
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index f4b20992..31a085fb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,10 @@
-# Base image
+# Build stage
 FROM node:18-alpine AS builder
 
 # Set working directory
 WORKDIR /app
 
-# Copy package.json and package-lock.json
+# Copy package files
 COPY package.json package-lock.json* ./
 
 # Install dependencies
@@ -13,29 +13,43 @@ RUN npm ci
 # Copy the rest of the application code
 COPY . .
 
+# Install sharp for improved image optimization
+RUN npm install sharp
+
 # Build the Next.js application
 RUN npm run build
 
-# Start a new stage for a smaller production image
-FROM node:18-alpine
+# Production stage
+FROM node:18-alpine AS runner
 
+# Set working directory
 WORKDIR /app
 
-# Copy package.json and package-lock.json
-COPY package.json package-lock.json* ./
+# Set node environment to production
+ENV NODE_ENV production
 
-# Install only production dependencies
-RUN npm ci --only=production
+# Add a non-root user
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
 
-# Copy the built app from the previous stage
-COPY --from=builder /app/.next ./.next
+# Copy necessary files from build stage
+COPY --from=builder /app/next.config.mjs ./
 COPY --from=builder /app/public ./public
+COPY --from=builder /app/package.json ./package.json
+
+# Copy the built app
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+# Set the correct permission for prerender cache
+RUN mkdir .next
+RUN chown nextjs:nodejs .next
 
-# Copy next.config.mjs
-COPY --from=builder /app/next.config.mjs ./next.config.mjs
+# Switch to non-root user
+USER nextjs
 
 # Expose the port the app runs on
 EXPOSE 3000
 
 # Start the application
-CMD ["npm", "start", "--", "-p", "3000"]
\ No newline at end of file
+CMD ["node", "server.js"]
\ No newline at end of file