diff --git a/.github/workflows/deploy-network.yml b/.github/workflows/deploy-network.yml
index f788d58a9ed8..fbe634adef15 100644
--- a/.github/workflows/deploy-network.yml
+++ b/.github/workflows/deploy-network.yml
@@ -30,6 +30,10 @@ on:
         required: false
         type: boolean
         default: false
+      source_tag:
+        description: "Source tag that triggered this deploy"
+        required: false
+        type: string
   workflow_dispatch:
     inputs:
       network:
@@ -59,6 +63,10 @@ on:
         required: false
         type: boolean
         default: false
+      source_tag:
+        description: "Source tag that triggered this deploy"
+        required: false
+        type: string
 
 concurrency:
   group: deploy-network-${{ inputs.network }}-${{ inputs.namespace || inputs.network }}-${{ inputs.semver }}-${{ github.ref || github.ref_name }}
@@ -184,6 +192,22 @@ jobs:
             echo "cluster=" >> $GITHUB_OUTPUT
           fi
 
+      - name: Step summary
+        if: always()
+        run: |
+          {
+            echo "## Deploy Network"
+            echo ""
+            echo "| Item | Value |"
+            echo "|------|-------|"
+            echo "| Network | \`${{ inputs.network }}\` |"
+            echo "| Semver | \`${{ inputs.semver }}\` |"
+            echo "| Ref | \`${{ steps.checkout-ref.outputs.ref }}\` |"
+            if [[ -n "${{ inputs.source_tag }}" ]]; then
+              echo "| Source Tag | [\`${{ inputs.source_tag }}\`](https://github.com/${{ github.repository }}/releases/tag/${{ inputs.source_tag }}) |"
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"
+
       - name: Notify Slack on failure
         if: failure()
         env:
diff --git a/.github/workflows/deploy-staging-public.yml b/.github/workflows/deploy-staging-public.yml
new file mode 100644
index 000000000000..3979017bf698
--- /dev/null
+++ b/.github/workflows/deploy-staging-public.yml
@@ -0,0 +1,94 @@
+name: Deploy to staging-public
+
+on:
+  push:
+    branches:
+      - v4
+  workflow_dispatch: {}
+
+concurrency:
+  group: deploy-staging-public
+  cancel-in-progress: true
+
+env:
+  GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+
+jobs:
+  determine-tag:
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.poll-tag.outputs.tag }}
+      semver: ${{ steps.poll-tag.outputs.semver }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: Read version from manifest
+        id: manifest
+        run: |
+          VERSION=$(jq -r '."."' .release-please-manifest.json)
+          echo "version=$VERSION"
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Poll for tag at HEAD
+        id: poll-tag
+        run: |
+          # wait for tag to be pushed (either RC or stable release)
+          VERSION="${{ steps.manifest.outputs.version }}"
+          HEAD_SHA=$(git rev-parse HEAD)
+          MAX_ATTEMPTS=60
+          echo "Looking for tag matching v${VERSION} or v${VERSION}-rc.* at HEAD ($HEAD_SHA)"
+
+          for i in $(seq 1 $MAX_ATTEMPTS); do
+            git fetch --tags --force
+
+            TAG=$(git tag --points-at HEAD | grep -E "^v${VERSION}(-rc\.[0-9]+)?$" | sort -V | tail -n 1 || true)
+
+            if [ -n "$TAG" ]; then
+              echo "Found tag: $TAG"
+              SEMVER="${VERSION}"
+              echo "tag=$TAG" >> $GITHUB_OUTPUT
+              echo "semver=$SEMVER" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+
+            echo "Attempt $i/$MAX_ATTEMPTS: No matching tag yet, waiting 10s..."
+            sleep 10
+          done
+
+          echo "Error: No tag found for v${VERSION} at HEAD after 10 minutes"
+          exit 1
+
+  wait-for-ci3:
+    needs: determine-tag
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 1
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Wait for CI3
+        run: spartan/scripts/wait_for_ci3.ts "${{ needs.determine-tag.outputs.tag }}"
+
+  deploy:
+    needs: [determine-tag, wait-for-ci3]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger deploy-network on next branch
+        run: |
+          echo "Triggering deploy-network for staging-public with semver=${{ needs.determine-tag.outputs.semver }}"
+          gh workflow run deploy-network.yml \
+            --repo "${{ github.repository }}" \
+            --ref next \
+            -f network=staging-public \
+            -f semver="${{ needs.determine-tag.outputs.semver }}" \
+            -f source_tag="${{ needs.determine-tag.outputs.tag }}"
diff --git a/spartan/environments/staging-public.env b/spartan/environments/staging-public.env
index a8a591d0d35c..35ec3b1db6fb 100644
--- a/spartan/environments/staging-public.env
+++ b/spartan/environments/staging-public.env
@@ -14,17 +14,16 @@ ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
 OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET
 VERIFY_CONTRACTS=true
 ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET
-DEPLOY_INTERNAL_BOOTNODE=false
+DEPLOY_INTERNAL_BOOTNODE=true
 SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-staging-public}
 BLOB_BUCKET_DIRECTORY=${BLOB_BUCKET_DIRECTORY:-staging-public/blobs}
 R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET
 R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET
-PROVER_FAILED_PROOF_STORE=gs://aztec-develop/staging-public/failed-proofs
 TEST_ACCOUNTS=false
 SPONSORED_FPC=true
+
 SEQ_MIN_TX_PER_BLOCK=0
-SEQ_MAX_TX_PER_BLOCK=1
-PROVER_REPLICAS=4
+SEQ_MAX_TX_PER_BLOCK=4
 
 CREATE_ROLLUP_CONTRACTS=${CREATE_ROLLUP_CONTRACTS:-false}
 P2P_TX_POOL_DELETE_TXS_AFTER_REORG=true
@@ -33,7 +32,11 @@ VALIDATOR_REPLICAS=5
 VALIDATORS_PER_NODE=16
 PUBLISHERS_PER_VALIDATOR_KEY=2
 VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX=5000
+VALIDATOR_HA_REPLICAS=1
+VALIDATOR_RESOURCE_PROFILE="prod-spot"
 
+PROVER_FAILED_PROOF_STORE=gs://aztec-develop/staging-public/failed-proofs
+PROVER_REPLICAS=4
 PUBLISHERS_PER_PROVER=2
 PROVER_PUBLISHER_MNEMONIC_START_INDEX=8000
 
diff --git a/spartan/terraform/deploy-aztec-infra/main.tf b/spartan/terraform/deploy-aztec-infra/main.tf
index 8c4bfad2df82..b00d4f8447f6 100644
--- a/spartan/terraform/deploy-aztec-infra/main.tf
+++ b/spartan/terraform/deploy-aztec-infra/main.tf
@@ -111,10 +111,19 @@ locals {
     "global.otelCollectorEndpoint"                             = var.OTEL_COLLECTOR_ENDPOINT
     "global.sponsoredFPC"                                      = var.SPONSORED_FPC
     "global.testAccounts"                                      = var.TEST_ACCOUNTS
-    "global.l1ConsensusHostApiKeys"                            = length(var.L1_CONSENSUS_HOST_API_KEYS) > 0 ? join(",", var.L1_CONSENSUS_HOST_API_KEYS) : null
-    "global.l1ConsensusHostApiKeyHeaders"                      = length(var.L1_CONSENSUS_HOST_API_KEY_HEADERS) > 0 ? join(",", var.L1_CONSENSUS_HOST_API_KEY_HEADERS) : null
   }
 
+  common_inline_values = yamlencode({
+    global = merge(
+      length(var.L1_CONSENSUS_HOST_API_KEYS) > 0 ? {
+        l1ConsensusHostApiKeys = join(",", var.L1_CONSENSUS_HOST_API_KEYS)
+      } : {},
+      length(var.L1_CONSENSUS_HOST_API_KEY_HEADERS) > 0 ? {
+        l1ConsensusHostApiKeyHeaders = join(",", var.L1_CONSENSUS_HOST_API_KEY_HEADERS)
+      } : {}
+    )
+  })
+
   common_list_settings = {
     "global.l1ExecutionUrls" = var.L1_RPC_URLS
     "global.l1ConsensusUrls" = var.L1_CONSENSUS_HOST_URLS
@@ -682,6 +691,7 @@ resource "helm_release" "releases" {
 
   values = concat(
     [for v in each.value.values : file("./values/${v}")],
+    [local.common_inline_values],
     lookup(each.value, "inline_values", [])
   )