diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..860a8fb
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+# Set update schedule for GitHub Actions
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every day 
+      interval: "daily"
diff --git a/.github/workflows/ci-check-gomod-alt.yml b/.github/workflows/ci-check-gomod-alt.yml
new file mode 100644
index 0000000..c8c467f
--- /dev/null
+++ b/.github/workflows/ci-check-gomod-alt.yml
@@ -0,0 +1,13 @@
+# alternative workflow to ensure that the required status checks on the PR are handled
+# see https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks
+name: ci-check-gomod # same name
+on:
+  pull_request:
+    paths-ignore:
+      - 'go.mod'
+jobs:
+  gomodreplacements:
+    name: go.mod replacements
+    runs-on: ubuntu-20.04
+    steps:
+      - run: 'echo "No check required" '
diff --git a/.github/workflows/ci-check-gomod.yml b/.github/workflows/ci-check-gomod.yml
new file mode 100644
index 0000000..5f2e595
--- /dev/null
+++ b/.github/workflows/ci-check-gomod.yml
@@ -0,0 +1,22 @@
+name: ci-check-gomod
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'go.mod'
+
+jobs:
+  gomodreplacements:
+    name: go.mod replacements
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: check
+      run: |
+        if [[ -n "$(grep 'replace github.com/kubesaw/.*' go.mod || true)" ]]; then
+          echo "forbidden replacement in go.mod"
+          exit 1
+        fi
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
new file mode 100644
index 0000000..40aefe7
--- /dev/null
+++ b/.github/workflows/workflow.yml
@@ -0,0 +1,86 @@
+name: ci-build
+on:
+  push:
+    branches:
+      - master
+    tags-ignore:
+      - '*.*'
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+    name: Test on ${{ matrix.os }}
+
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: 1.20.x
+
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Cache dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles ('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+
+    - name: Build
+      run: |
+        make build
+
+    - name: Test
+      run: |
+        make test-with-coverage
+    - name: Upload code coverage
+      uses: codecov/codecov-action@v4
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
+        files: ./out/coverage/coverage.txt
+        flags: unittests # optional
+        fail_ci_if_error: true # optional (default = false)
+        verbose: true # optional (default = false)
+
+  golangci:
+    name: GolangCI Lint
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: 1.20.x
+        
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Lint
+      uses: golangci/golangci-lint-action@v4
+      with:
+        version: v1.56.2
+        skip-pkg-cache: true
+        skip-build-cache: true
+        args: --config=./.golangci.yml --verbose
+        
+  yammlint:
+    name: YAML Lint
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Install yamllint
+      run: pip install yamllint
+
+    - name: Lint YAML files
+      run: yamllint -c .yamllint ./