diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml
new file mode 100644
index 0000000..516cf9b
--- /dev/null
+++ b/.github/workflows/build_docker.yml
@@ -0,0 +1,64 @@
+---
+name: Build and publish a 🛢️ container
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  setup-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Source checkout
+        uses: actions/checkout@v4
+
+      - id: set-matrix
+        run: echo "matrix=$(cat build_versions.json | jq -c)" >> $GITHUB_OUTPUT
+
+  build-and-push-container:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: setup-matrix
+    strategy:
+      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+    steps:
+      - name: Build R10K ${{ matrix.rubygem_r10k }} container
+        uses: voxpupuli/gha-build-and-publish-a-container@v2
+        with:
+          registry_password: ${{ secrets.GITHUB_TOKEN }}
+          build_args: |
+            RUBYGEM_R10K=${{ matrix.rubygem_r10k }}
+            APK_GIT=${{ matrix.apk_git }}
+          build_arch: linux/amd64,linux/arm64
+          docker_username: voxpupulibot
+          docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
+          build_context: .
+          buildfile: Dockerfile
+          tags: |
+            ghcr.io/voxpupuli/r10k:${{ matrix.rubygem_r10k }}-${{ github.ref_name }}
+            ghcr.io/voxpupuli/r10k:${{ matrix.rubygem_r10k }}-latest
+            ghcr.io/voxpupuli/r10k:latest
+            docker.io/voxpupuli/r10k:${{ matrix.rubygem_r10k }}-${{ github.ref_name }}
+            docker.io/voxpupuli/r10k:${{ matrix.rubygem_r10k }}-latest
+            docker.io/voxpupuli/r10k:latest
+
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: voxpupulibot
+          password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
+
+      - name: Update Docker Hub Description for shortname
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: voxpupulibot
+          password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
+          repository: voxpupuli/r10k
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..26adb5f
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,80 @@
+---
+name: CI🚦
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  setup-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Source checkout
+        uses: actions/checkout@v4
+
+      - id: set-matrix
+        run: echo "matrix=$(jq -c . build_versions.json)" >> $GITHUB_OUTPUT
+
+  # general_ci:
+  #   uses: voxpupuli/crafty/.github/workflows/general_ci.yaml@main
+  #   with:
+  #     shellcheck_scan_dir: '.'
+
+  build_test_container:
+    name: 'Build test container'
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+      pull-requests: write
+    needs: setup-matrix
+    strategy:
+      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          tags: 'ci/r10k:${{ matrix.rubygem_r10k }}'
+          context: .
+          push: false
+          build-args: |
+            RUBYGEM_R10K=${{ matrix.rubygem_r10k }}
+            APK_GIT=${{ matrix.apk_git }}
+
+  tests:
+    needs:
+      # - general_ci
+      - build_test_container
+    runs-on: ubuntu-latest
+    name: Test suite
+    steps:
+      - run: echo Test suite completed
+
+  dependabot:
+    permissions:
+      contents: write
+    name: 'Dependabot auto-merge'
+    needs:
+      - tests
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2.2.0
+        with:
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
+
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..b73e4ea
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,17 @@
+# How to contribute
+
+PRs are very welcome!
+
+## Adding code
+
+- Create a fork
+- Create a branch
+- Do your thing
+- [Please sign all your commits](https://docs.github.com/de/authentication/managing-commit-signature-verification)
+- Create a PR
+  - Reference issues if applicable
+
+## Found a bug?
+
+- Please open an issue
+- If you are able to fix it you also can open a PR (see above)
diff --git a/Dockerfile b/Dockerfile
index bf050fc..ffe037d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,7 @@
 FROM alpine:3.20
 
-ARG VERSION="4.1.0"
+ARG APK_GIT=2.45.2-r0
+ARG RUBYGEM_R10K=5.0.0
 
 LABEL org.label-schema.maintainer="Voxpupuli Team <voxpupuli@groups.io>" \
       org.label-schema.vendor="Voxpupuli" \
@@ -10,7 +11,7 @@ LABEL org.label-schema.maintainer="Voxpupuli Team <voxpupuli@groups.io>" \
       org.label-schema.vcs-url="https://github.com/voxpupuli/container-r10k" \
       org.label-schema.schema-version="1.0" \
       org.label-schema.dockerfile="/Dockerfile" \
-      org.label-schema.version="$VERSION"
+      org.label-schema.version="$RUBYGEM_R10K"
 
 # in alpine 3.20 "ping" is the group of id 999
 RUN adduser -G ping -D -u 999 puppet
@@ -19,16 +20,16 @@ RUN apk update \
     && apk upgrade \
     && apk add --no-cache \
       gcc \
-      git \
+      git=${APK_GIT} \
+      libssh2 \
       make \
       musl-dev \
       openssh-client \
       ruby \
       ruby-dev \
-      ruby-rugged \
-      libssh2-1
+      ruby-rugged
 
-RUN gem install --no-doc r10k:"$VERSION"
+RUN gem install --no-doc r10k:"$RUBYGEM_R10K"
 
 USER puppet
 WORKDIR /home/puppet
diff --git a/README.md b/README.md
index 10ca490..4fb0013 100644
--- a/README.md
+++ b/README.md
@@ -7,3 +7,38 @@
 ## Introduction
 
 This container should be used to deploy code with r10k. It has the r10k gem and all dependencies installed.
+
+## Version Schema
+
+The version schema has the following layout:
+
+```text
+<r10k.major>.<r10k.minor>.<r10k.patch>-v<container.major>.<container.minor>.<container.patch>
+<r10k.major>.<r10k.minor>.<r10k.patch>-latest
+latest
+```
+
+Example usage:
+
+```shell
+docker pull ghcr.io/voxpupuli/r10k:4.1.0-v1.2.3
+docker pull ghcr.io/voxpupuli/r10k:4.1.0-latest
+docker pull ghcr.io/voxpupuli/r10k:latest
+```
+
+| Name | Description |
+| --- | --- |
+| r10k.major    | Describes the contained major r10k version |
+| r10k.minor    | Describes the contained minor r10k version |
+| r10k.patch    | Describes the contained patch r10k version |
+| container.major | Describes breaking changes without backward compatibility |
+| container.minor | Describes new features or refactoring with backward compatibility |
+| container.patch | Describes if minor changes or bugfixes have been implemented |
+
+## How to release?
+
+see [RELEASE.md](RELEASE.md)
+
+## How to contribute?
+
+see [CONTRIBUTING.md](CONTRIBUTING.md)
diff --git a/build_versions.json b/build_versions.json
new file mode 100644
index 0000000..781fdb0
--- /dev/null
+++ b/build_versions.json
@@ -0,0 +1,8 @@
+{
+  "include": [
+    {
+      "rubygem_r10k": "5.0.0",
+      "apk_git": "2.45.2-r0"
+    }
+  ]
+}