diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
index 69c4ec5..bb39bf8 100644
--- a/.forgejo/workflows/deploy.yaml
+++ b/.forgejo/workflows/deploy.yaml
@@ -28,6 +28,7 @@ jobs:
 
       - name: Set up Docker Buildx
         run: |
+          # Limpeza e criação robusta do builder
           docker buildx rm local-builder || true
           docker buildx create --name local-builder --driver docker-container
           docker buildx use local-builder
@@ -45,7 +46,7 @@ jobs:
           push: true
           builder: local-builder
           provenance: false
-          sbom: false # Ajuste essencial para evitar erro 401/403 no Forgejo
+          sbom: false
           tags: |
             ${{ env.REGISTRY }}/bohessefm/gohorsejobs:latest
             ${{ env.REGISTRY }}/bohessefm/gohorsejobs:${{ github.sha }}
@@ -58,7 +59,7 @@ jobs:
           push: true
           builder: local-builder
           provenance: false
-          sbom: false # Ajuste essencial para evitar erro 401/403 no Forgejo
+          sbom: false
           tags: |
             ${{ env.REGISTRY }}/bohessefm/backoffice:latest
             ${{ env.REGISTRY }}/bohessefm/backoffice:${{ github.sha }}
@@ -88,9 +89,10 @@ jobs:
           chmod 600 $HOME/.kube/config
           export KUBECONFIG=$HOME/.kube/config
 
+          # Garante o namespace
           kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
 
-          # Gerencia os Secrets de Variáveis
+          # Segredos de ambiente
           kubectl -n gohorsejobsdev delete secret backend-secrets --ignore-not-found
           kubectl -n gohorsejobsdev create secret generic backend-secrets \
             --from-literal=MTU='${{ vars.MTU }}' \
@@ -111,7 +113,7 @@ jobs:
             --from-literal=AMQP_URL='${{ vars.AMQP_URL }}' \
             --from-literal=DATABASE_URL='${{ vars.DATABASE_URL }}'
 
-          # Gerencia o Secret de Autenticação da Imagem (Crucial para o K3s baixar a imagem)
+          # Secret de autenticação para o K3s conseguir baixar a imagem
           kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \
             --docker-server=pipe.gohorsejobs.com \
             --docker-username=bohessefm \
@@ -120,8 +122,10 @@ jobs:
 
           kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "forgejo-registry"}]}' -n gohorsejobsdev
 
+          # Deploy dos manifestos
           kubectl apply -f k8s/dev/ -n gohorsejobsdev
 
+          # Reinicia os pods para garantir a nova imagem e segredos
           kubectl rollout restart deployment/gohorse-backend-dev -n gohorsejobsdev || true
           kubectl rollout restart deployment/gohorse-backoffice-dev -n gohorsejobsdev || true