diff --git a/.github/workflows/deploy-dev-from-branch.yml b/.github/workflows/deploy-dev-from-branch.yml
index 9434562d..11960b69 100644
--- a/.github/workflows/deploy-dev-from-branch.yml
+++ b/.github/workflows/deploy-dev-from-branch.yml
@@ -17,10 +17,15 @@ jobs:
     if: ${{ inputs.run-tests }}
     uses: "./.github/workflows/reusable-tests.yml"
 
-  deploy-dev:
-    needs: code-tests
+  build:
     if: ${{ always() && !failure() && !cancelled() }} # don't skip if tests are skipped
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+    uses: "./.github/workflows/reusable-build.yml"
+    secrets:
+      slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+
+  deploy-dev:
+    needs: build
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
     with:
       env: "dev"
     secrets:
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index cdf9eb82..71909387 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -13,9 +13,15 @@ jobs:
     if: ${{ needs.code-tests.outputs.datahub-client-path == 'true' }}
     uses: "./.github/workflows/reusable-publish-datahub-client.yml"
 
-  deploy-prod:
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+  build:
     needs: code-tests
+    uses: "./.github/workflows/reusable-build.yml"
+    secrets:
+      slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+
+  deploy-prod:
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
+    needs: build
     with:
       env: "prod"
     secrets:
diff --git a/.github/workflows/deploy-staged.yml b/.github/workflows/deploy-staged.yml
index dd3ae4be..749fe3a9 100644
--- a/.github/workflows/deploy-staged.yml
+++ b/.github/workflows/deploy-staged.yml
@@ -8,9 +8,15 @@ jobs:
   code-tests:
     uses: "./.github/workflows/reusable-tests.yml"
 
-  deploy-test:
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+  build:
     needs: code-tests
+    uses: "./.github/workflows/reusable-build.yml"
+    secrets:
+      slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+
+  deploy-test:
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
+    needs: build
     with:
       env: "test"
     secrets:
@@ -25,7 +31,7 @@ jobs:
       azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
 
   deploy-preprod:
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
+    uses: "./.github/workflows/reusable-push-and-deploy.yml"
     needs: deploy-test
     with:
       env: "preprod"
diff --git a/.github/workflows/deploy-to-dev.yml b/.github/workflows/deploy-to-dev.yml
deleted file mode 100644
index 1118c432..00000000
--- a/.github/workflows/deploy-to-dev.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-name: Deploy (with tests) to dev
-# based on https://jacobian.org/til/github-actions-poetry/
-
-on:
-  pull_request:
-      types: [opened, synchronize, reopened]
-
-concurrency:
-  group: ${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  tests:
-    uses: "./.github/workflows/reusable-tests.yml"
-
-  # Deploys to the 'dev' frontend unless pushed to main
-  deploy-to-dev:
-    needs: [tests]
-    uses: "./.github/workflows/reusable-build-and-deploy.yml"
-    with:
-      env: "dev"
-    secrets:
-      kube_namespace: ${{ secrets.KUBE_NAMESPACE }}
-      kube_cert: ${{ secrets.KUBE_CERT }}
-      kube_cluster: ${{ secrets.KUBE_CLUSTER }}
-      kube_token: ${{ secrets.KUBE_TOKEN }}
-      ecr_role_to_assume: ${{ secrets.DEV_ECR_ROLE_TO_ASSUME }}
-      secret_key: ${{ secrets.SECRET_KEY }}
-      catalogue_token: ${{ secrets.CATALOGUE_TOKEN }}
-      slack_alert_webhook: ${{ secrets.SLACK_ALERT_WEBHOOK }}
-      azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
new file mode 100644
index 00000000..28559ac4
--- /dev/null
+++ b/.github/workflows/reusable-build.yml
@@ -0,0 +1,43 @@
+name: Build image and export artifact
+
+on:
+  workflow_call:
+    secrets:
+      slack_alert_webhook:
+        description: "used to post alerts to slack channel"
+        required: true
+
+jobs:
+  build-and-export:
+    name: Build and export docker image artifact # https://docs.docker.com/build/ci/github-actions/share-image-jobs/
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # This is required for requesting the JWT
+      contents: read # This is required for actions/checkout
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and export
+        uses: docker/build-push-action@v6
+        env:
+          IMAGE_TAG: ${{ github.sha }}
+        with:
+          tags: fmd-image:${IMAGE_TAG}
+          outputs: type=docker,dest=/tmp/fmd-image.tar
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: fmd-image
+          path: /tmp/fmd-image.tar
+
+      - name: Slack failure notification
+        if: ${{ failure() && github.ref == 'refs/heads/main' }}
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        with:
+          payload: |
+            {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]}
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_ALERT_WEBHOOK }}
+          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
diff --git a/.github/workflows/reusable-build-and-deploy.yml b/.github/workflows/reusable-push-and-deploy.yml
similarity index 93%
rename from .github/workflows/reusable-build-and-deploy.yml
rename to .github/workflows/reusable-push-and-deploy.yml
index f3d82320..c0323f54 100644
--- a/.github/workflows/reusable-build-and-deploy.yml
+++ b/.github/workflows/reusable-push-and-deploy.yml
@@ -1,4 +1,4 @@
-name: Build and Deploy
+name: Push and Deploy
 
 on:
   workflow_call:
@@ -37,8 +37,8 @@ on:
         required: true
 
 jobs:
-  build-and-push:
-    name: Build and push Docker image to CP namespace ECR
+  push:
+    name: Push Docker image to CP namespace ECR
     environment: ${{ inputs.env }}
     runs-on: ubuntu-latest
     permissions:
@@ -67,11 +67,19 @@ jobs:
         run: |
           echo "image_path=${REGISTRY}/${REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
 
-      - name: Build Docker image
-        id: build-docker-image
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: fmd-image
+          path: /tmp
+
+      - name: Re-tag docker image
+        id: retag-image
         env:
           IMAGE_PATH: ${{ steps.image-path.outputs.image_path }}
-        run: docker build -t ${IMAGE_PATH} .
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker tag fmd-image:${IMAGE_TAG} ${image_path}
 
       - name: Push Docker image to ECR
         id: push-docker-image-to-ecr
@@ -81,7 +89,7 @@ jobs:
 
   deploy:
     name: Deploy Helm chart into Cloud Platform
-    needs: build-and-push
+    needs: push
     environment: ${{ inputs.env }}
     runs-on: ubuntu-latest
     permissions: