diff --git a/CI-CD.-.md b/CI-CD.-.md
new file mode 100644
index 0000000..e0aaee7
--- /dev/null
+++ b/CI-CD.-.md
@@ -0,0 +1,78 @@
+# 🚀 CI/CD Pipeline
+
+The Gitea Actions pipeline (`.gitea/workflows/cicd.yml`) is fully automated.
+
+---
+
+## Triggers
+
+| Event | What happens |
+|-------|-------------|
+| Push to `main` | Lint check + Docker build tagged `:latest` |
+| Pull Request | Lint check only |
+| Git Tag `v*` | Full release: Docker build with version tag + PyPI publish |
+| Gitea Release | Docker image description updated automatically |
+
+---
+
+## Jobs
+
+### 1. Lint (`ruff`)
+Runs on every push and PR. Checks all Python files in `src/` with `ruff check`.
+
+### 2. Docker Build (Multi-Arch)
+Builds `linux/amd64` and `linux/arm64` images simultaneously using QEMU and Docker-in-Docker.
+
+**Tags applied:**
+- Push to `main` → `:latest`
+- Git tag `v1.2.3` → `:v1.2.3` + `:latest`
+
+**Registry:** `git.hnrx.net/hnrx/strava-mcp-server`
+
+### 3. PyPI Publish
+Triggered only on Git tags matching `v*`. Builds and uploads the package to PyPI using `uv build` + `uv publish`.
+
+**Package name:** `strava-mcp-server-hnrx`
+
+---
+
+## Required Secrets
+
+Configure these in **Gitea → Repository Settings → Secrets**:
+
+| Secret | Used by |
+|--------|---------|
+| `REGISTRY_USER` | Docker login |
+| `REGISTRY_PASSWORD` | Docker login |
+| `PYPI_TOKEN` | PyPI publishing |
+| `S3_BUCKET` | Website deployment |
+| `S3_ACCESS_KEY` | Website deployment |
+| `S3_SECRET_KEY` | Website deployment |
+| `S3_ENDPOINT` | Website deployment |
+
+---
+
+## Website Deployment
+
+The landing page (`/website`) is automatically synced to an S3 bucket on every push to `main` via `.gitea/workflows/deploy-website.yaml`.
+
+**Live URL:** https://strava-mcp.web.s3.hnrx.net
+
+---
+
+## Creating a Release
+
+1. Push all changes to `main`
+2. Create a Git tag:
+   ```bash
+   git tag v0.2.0
+   git push origin v0.2.0
+   ```
+3. Create a Release in Gitea (the CI/CD pipeline uses this as trigger)
+4. The pipeline automatically:
+   - Builds and pushes the Docker image with the version tag
+   - Publishes the new version to PyPI
+
+---
+
+*Back to [Home](Home)*