diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index 1528538..a92bb2c 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -231,39 +231,42 @@ jobs:
               fi
             "
 
-          # 3. Docker Images bauen (docker compose liest vom Host-Dateisystem)
+          # 3. Build + Deploy via Helper-Container mit Docker-Socket + Deploy-Dir
+          # docker compose muss die YAML-Dateien lesen koennen, daher
+          # alles in einem Container mit beiden Mounts ausfuehren.
           echo ""
-          echo "=== Building Docker Images ==="
-          docker compose -f "${DEPLOY_DIR}/docker-compose.yml" \
-            -f "${DEPLOY_DIR}/docker-compose.hetzner.yml" \
-            --project-directory "${DEPLOY_DIR}" \
-            build --parallel \
-            admin-compliance \
-            backend-compliance \
-            ai-compliance-sdk \
-            developer-portal
+          echo "=== Building + Deploying ==="
+          docker run --rm \
+            -v /var/run/docker.sock:/var/run/docker.sock \
+            -v "${DEPLOY_DIR}:${DEPLOY_DIR}" \
+            -w "${DEPLOY_DIR}" \
+            docker:27-cli \
+            sh -c "
+              COMPOSE_FILES='-f docker-compose.yml -f docker-compose.hetzner.yml'
 
-          # 4. Container neu starten
-          echo ""
-          echo "=== Deploying ==="
-          docker compose -f "${DEPLOY_DIR}/docker-compose.yml" \
-            -f "${DEPLOY_DIR}/docker-compose.hetzner.yml" \
-            --project-directory "${DEPLOY_DIR}" \
-            up -d --remove-orphans \
-            admin-compliance \
-            backend-compliance \
-            ai-compliance-sdk \
-            developer-portal
+              echo '=== Building Docker Images ==='
+              docker compose \${COMPOSE_FILES} build --parallel \
+                admin-compliance \
+                backend-compliance \
+                ai-compliance-sdk \
+                developer-portal
 
-          # 5. Health Checks
-          echo ""
-          echo "=== Health Checks ==="
-          sleep 10
+              echo ''
+              echo '=== Starting containers ==='
+              docker compose \${COMPOSE_FILES} up -d --remove-orphans \
+                admin-compliance \
+                backend-compliance \
+                ai-compliance-sdk \
+                developer-portal
 
-          for svc in bp-compliance-admin bp-compliance-backend bp-compliance-ai-sdk bp-compliance-developer-portal; do
-            STATUS=$(docker inspect --format='{{.State.Status}}' "${svc}" 2>/dev/null || echo "not found")
-            echo "${svc}: ${STATUS}"
-          done
+              echo ''
+              echo '=== Health Checks ==='
+              sleep 10
+              for svc in bp-compliance-admin bp-compliance-backend bp-compliance-ai-sdk bp-compliance-developer-portal; do
+                STATUS=\$(docker inspect --format='{{.State.Status}}' \"\${svc}\" 2>/dev/null || echo 'not found')
+                echo \"\${svc}: \${STATUS}\"
+              done
+            "
 
           echo ""
           echo "=== Deploy abgeschlossen: ${SHORT_SHA} ==="