diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 44c8ab6..a020389 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -11,14 +11,19 @@ on:
         default: true
         type: boolean
 
+# Un solo deploy a la vez — si llega uno nuevo, cancela el anterior
+concurrency:
+  group: deploy-production
+  cancel-in-progress: true
+
 env:
   REGISTRY: ghcr.io
   BACKEND_IMAGE: ghcr.io/${{ github.repository }}/backend
   FRONTEND_IMAGE: ghcr.io/${{ github.repository }}/frontend
 
 jobs:
-  build:
-    name: Build & Push Images
+  build-backend:
+    name: Build Backend
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -43,19 +48,40 @@ jobs:
         with:
           context: ./back
           push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=backend
+          cache-to: type=gha,mode=max,scope=backend
           tags: |
             ${{ env.BACKEND_IMAGE }}:latest
             ${{ env.BACKEND_IMAGE }}:${{ github.sha }}
 
+  build-frontend:
+    name: Build Frontend
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build & push frontend
         uses: docker/build-push-action@v5
         with:
           context: ./front
           push: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=gha,scope=frontend
+          cache-to: type=gha,mode=max,scope=frontend
           build-args: |
             VITE_API_URL=/api
           tags: |
@@ -64,7 +90,7 @@ jobs:
 
   deploy:
     name: Deploy to VPS
-    needs: build
+    needs: [build-backend, build-frontend]
     if: ${{ github.event_name == 'push' || inputs.deploy }}
     runs-on: ubuntu-latest
 
@@ -81,7 +107,7 @@ jobs:
             cd ${{ secrets.VPS_PROJECT_PATH }}
 
             # Sincronizar archivos del host con el repo (sin conflictos)
-            git fetch origin main && git reset --hard origin/main 
+            git fetch origin main && git reset --hard origin/main
 
             # Login al registry
             echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
@@ -93,6 +119,16 @@ jobs:
             # Reiniciar servicios
             docker compose --env-file .env.prod -f docker-compose.prod.yml up -d --force-recreate backend frontend nginx
 
+            # Esperar que el backend este listo antes de migrar (max 60 segundos)
+            echo "Esperando backend..."
+            for i in $(seq 1 30); do
+              if docker exec admision_prod_backend php artisan --version > /dev/null 2>&1; then
+                echo "Backend listo"
+                break
+              fi
+              sleep 2
+            done
+
             # Ejecutar migraciones si hay pendientes
             docker exec admision_prod_backend php artisan migrate --force
 
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index aad3778..faa3617 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -25,6 +25,12 @@ services:
     depends_on:
       mysql:
         condition: service_healthy
+    healthcheck:
+      test: ["CMD", "php", "-r", "exit(0);"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
     networks:
       - admision_net