diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 0000000..90af9bc
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>fedora-infra/shared:renovate-config"]
+}
diff --git a/.github/workflows/label-when-deployed.yml b/.github/workflows/label-when-deployed.yml
new file mode 100644
index 0000000..b72ac1b
--- /dev/null
+++ b/.github/workflows/label-when-deployed.yml
@@ -0,0 +1,27 @@
+name: Apply labels when deployed
+
+on:
+  push:
+    branches:
+      - staging
+      - stable
+      - main
+
+jobs:
+  label:
+    name: Apply labels
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Staging deployment
+        uses: fedora-infra/label-when-in-branch@v1
+        with:
+          token: ${{'{{'}} secrets.GITHUB_TOKEN {{'}}'}}
+          branch: staging
+          label: deployed:staging
+      - name: Production deployment
+        uses: fedora-infra/label-when-in-branch@v1
+        with:
+          token: ${{'{{'}} secrets.GITHUB_TOKEN {{'}}'}}
+          branch: stable
+          label: deployed:prod
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..e84e17e
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,203 @@
+name: Test & Build
+
+on:
+  push:
+    branches:
+      - stable
+      - develop
+      - main
+    tags:
+  pull_request:
+    branches:
+      - stable
+      - develop
+      - main
+
+jobs:
+
+  checks:
+    name: Checks
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y pre-commit git libpq-devel krb5-devel
+          pip install poetry
+
+      - name: Mark the working directory as safe for Git
+        run: git config --global --add safe.directory $PWD
+
+      - name: Install the project
+        run: poetry install
+
+      - name: Run pre-commit checks
+        run: pre-commit run --all-files
+
+
+  licenses:
+    name: Licenses
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y libpq-devel krb5-devel
+          pip install poetry
+
+      - name: Run the licenses check
+        run: tox -e licenses
+
+
+  docs:
+    name: Documentation
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y libpq-devel krb5-devel
+          pip install poetry>=1.2
+
+      - name: Build the docs
+        run: tox -e docs
+
+      # - name: Save the docs
+      #   uses: actions/upload-artifact@v2
+      #   with:
+      #     name: docs
+      #     path: {{ cookiecutter.pkg_name }}/docs/_build/html
+
+
+  unit-tests:
+    name: Unit tests
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y libpq-devel krb5-devel
+          pip install poetry>=1.2
+
+      - name: Mark the working directory as safe for Git
+        run: git config --global --add safe.directory $PWD
+
+      - name: Run the tests
+        run: tox -e ${{ matrix.pyver }}-unit
+
+    strategy:
+      matrix:
+        pyver:
+          - py38
+          - py39
+          - py310
+          - py311
+
+
+  # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+    needs:
+      - checks
+      - licenses
+      - docs
+      - unit-tests
+    outputs:
+      release-notes: ${{ steps.extract-changelog.outputs.markdown }}
+
+    steps:
+
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install pypa/build
+        run: python3 -m pip install build --user
+
+      - name: Build a binary wheel and a source tarball
+        run: python3 -m build
+
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Extract changelog section
+        id: extract-changelog
+        uses: sean0x42/markdown-extract@v2
+        with:
+          file: docs/release_notes.md
+          pattern: 'Version\s+\[[[:word:].-]+\]\(.*\)'
+          no-print-matched-heading: true
+      - name: Show the changelog
+        env:
+          CHANGELOG: ${{ steps.extract-changelog.outputs.markdown }}
+        run: echo "$CHANGELOG"
+
+
+  publish-to-pypi:
+    name: Publish to PyPI 🚀
+    if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'rc')  # only publish to PyPI on final tag pushes
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/webhook-to-fedora-messaging
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+
+  github-release:
+    name: Create a GitHub Release 📢
+    needs:
+      - publish-to-pypi
+      # The "build" dep is redundant but needed to access the changelog
+      - build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Sign the dists with Sigstore
+        uses: sigstore/gh-action-sigstore-python@v2.1.1
+        with:
+          inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dist/*
+          fail_on_unmatched_files: true
+          body: ${{ needs.build.outputs.release-notes }}
diff --git a/.gitignore b/.gitignore
index 68bc17f..4dc0601 100644
--- a/.gitignore
+++ b/.gitignore
@@ -70,6 +70,7 @@ instance/
 
 # Sphinx documentation
 docs/_build/
+docs/_source/
 
 # PyBuilder
 .pybuilder/
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..132d4d4
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,37 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+
+repos:
+  # Generic hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+
+  # https://black.readthedocs.io/en/stable/integrations/source_version_control.html
+  - repo: https://github.com/psf/black
+    rev: 24.4.2
+    hooks:
+      - id: black
+
+  # Ruff
+  - repo: https://github.com/charliermarsh/ruff-pre-commit
+    # Ruff version.
+    rev: v0.5.0
+    hooks:
+      - id: ruff
+
+  - repo: https://github.com/myint/rstcheck
+    rev: v6.2.1
+    hooks:
+      - id: rstcheck
+        additional_dependencies: [sphinx, toml, myst-parser]
+
+  # License headers
+  - repo: https://github.com/fsfe/reuse-tool
+    rev: v3.0.2
+    hooks:
+      - id: reuse
diff --git a/.reuse/dep5 b/.reuse/dep5
new file mode 100644
index 0000000..d52f148
--- /dev/null
+++ b/.reuse/dep5
@@ -0,0 +1,17 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Contact: Fedora Infrastructure <admin@fedoraproject.org>
+Source: https://github.com/fedora-infra/webhook-to-fedora-messaging
+
+# Sample paragraph, commented out:
+#
+# Files: src/*
+# Copyright: $YEAR $NAME <$CONTACT>
+# License: ...
+
+Files: *.yaml *.yml *.md *.toml .gitignore *.ini *.cfg Vagrantfile .s2i/* .github/* devel/ansible/* docs/*
+Copyright: 2024 Contributors to the Fedora Project
+License: GPL-3.0-or-later
+
+Files: poetry.lock
+Copyright: None, autogenerated
+License: GPL-3.0-or-later
diff --git a/pyproject.toml b/pyproject.toml
index 71d7496..4614b47 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -9,7 +9,7 @@ authors = [
   "Fedora Infrastructure <admin@fedoraproject.org>"
 ]
 keywords = [
-  "fedora", 
+  "fedora",
   "amqp"
 ]
 
diff --git a/tox.ini b/tox.ini
index a6c5342..2309801 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,21 +1,17 @@
 [tox]
-envlist = checks,licenses,docs,{py36,py37,py38,py39,py310}-unit-sqla{1,2}
+envlist = checks,licenses,docs,{py39,py310,py311,py312}-unit
 isolated_build = true
 
 [testenv]
 passenv = HOME
 sitepackages = false
 skip_install = true
+set_env =
+    W2FM_APPCONFIG=config.toml.example
 allowlist_externals =
     poetry
 commands_pre =
     poetry install --all-extras
-
-    sqla1: poetry run pip install sqlalchemy<2.0.0
-    sqla2: poetry run pip install sqlalchemy>=2.0.0
-set_env =
-    SQLALCHEMY_WARN_20 = 1
-
 commands =
     unit: poetry run pytest -vv --cov --cov-report=html --cov-report=xml --cov-report=term-missing tests {posargs}