diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
new file mode 100644
index 0000000..f8f7104
--- /dev/null
+++ b/.github/workflows/maven-build.yml
@@ -0,0 +1,68 @@
+name: Maven Deploy
+
+
+# A build where the docker image(s) is (are) created by a maven plugin
+#
+
+on:
+  workflow_call:
+
+
+env:
+  REGISTRY: 917951871879.dkr.ecr.eu-west-1.amazonaws.com
+  IMAGE_NAME: ${{ github.event.repository.name }}
+
+
+jobs:
+  maven-deploy:
+    runs-on: ubuntu-24.04
+    env:
+      TZ:  'Europe/Amsterdam'
+      MAVEN_ARGS: '--no-transfer-progress'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: AWS Credentials
+        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
+        with:
+          aws-region: eu-west-1
+          role-to-assume: arn:aws:iam::917951871879:role/GitHubActionsBgOrg
+      - name: Get CodeArtifact Authorization Token
+        run: |
+          codeartifact_auth_token=$(aws codeartifact  get-authorization-token --domain nisv-ateam --domain-owner 917951871879 --region eu-west-1 --query authorizationToken --output text)
+          echo "::add-mask::$codeartifact_auth_token"
+          echo "CODEARTIFACT_AUTH_TOKEN=$codeartifact_auth_token" >> "$GITHUB_ENV"
+
+      - name: Set up JDK
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+        with:
+          distribution: 'temurin'
+          java-version-file: '.java-version'
+          cache: 'maven'
+      - name: ECR Login
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+      - name: Set Maven settings.xml # This seems, odd, setup-java can do this
+        run: echo "${{ vars.MAVEN_CODE_ARTIFACT_SETTINGS }}" | base64 --decode > ~/.m2/settings.xml
+      - name: Maven install
+        run: |
+          mvn -B -U clean install -fae
+      # docker ls only interesting if the build actually happens using docker. E.g. if the build uses jib, the doocker image will be directly pushed to ecr, and not even show up here
+      - name: Docker image ls
+        run: |
+           docker image ls
+      - name: Deploy
+        # This will actually to commit stuff to k8s-workloads repo. I think it is odd, I just want to trigger a rollout
+        env:
+          GH_TOKEN: ${{ secrets.GH_PAT }}
+        run: |
+
+          gh workflow run update-maven-projects-image-tag.yml \
+           -r main \
+           -R github.com/beeldengeluid/k8s-workloads \
+           -f project=${{ github.event.repository.name }} \
+           -f environments=tst \
+           -f image_tag_prefix='lat' \
+           -f image_tag=est
+
+
+