diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000..3099112
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+- package-ecosystem: terraform
+  directory: "/"
+  schedule:
+    interval: daily
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
new file mode 100644
index 0000000..589e918
--- /dev/null
+++ b/.github/workflows/pre-commit.yml
@@ -0,0 +1,29 @@
+name: pre-commit
+on:
+  push:
+    branches: ["*"]
+jobs:
+  pre-commit:
+    permissions: read-all
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/antonbabenko/pre-commit-terraform:v1.86.0
+    steps:
+      - name: Install job dependencies
+        run: apk add tar git
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache
+          key: pre-commit
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Ensure cache directories
+        run: |
+          mkdir -p ~/.cache/pip
+          mkdir -p ~/.cache/pre-commit
+      - name: Run pre-commit-hooks
+        run: |
+          git config --global --add safe.directory $PWD
+          pre-commit run --all-files --color=always --show-diff-on-failure
diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
new file mode 100644
index 0000000..396ba51
--- /dev/null
+++ b/.github/workflows/semantic-release.yml
@@ -0,0 +1,43 @@
+name: semantic-release
+on:
+  workflow_run:
+    workflows: [pre-commit]
+    types: [completed]
+    branches: [master]
+jobs:
+  semantic-release:
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+    runs-on: ubuntu-latest
+    container:
+      image: node:lts-alpine3.19
+    env:
+      NPM_CACHE_DIR: ~/.cache/npm
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: Install job dependencies
+        run: apk add tar git
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache
+          key: semantic-release
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install semantic-release and plugins
+        run: npm install --cache $NPM_CACHE_DIR
+          semantic-release
+          @semantic-release/github
+          @semantic-release/changelog
+          @semantic-release/git
+          @semantic-release/exec
+          conventional-changelog-conventionalcommits
+      - name: Run semantic-release
+        run: |
+          git config --global --add safe.directory $PWD
+          npx semantic-release