diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..ef4cb6e
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+.pre-commit-config.yaml
+.github/
+trivy.*
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..f9dafbb
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "feat: "
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "chore(ci): "
+    open-pull-requests-limit: 10
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..8f441c6
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,42 @@
+name: Release
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+    tags:
+      - '*'
+
+jobs:
+  release-container:
+    uses: radiorabe/actions/.github/workflows/release-container.yaml@v0.20.3
+    with:
+      image: ghcr.io/radiorabe/mariadb
+      name: mariadb
+      display-name: RaBe MariaDB in UBI9
+      tags: minimal rhel9 ubi9 rabe mariadb
+      cosign-base-image-only: true
+  mkdocs:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: none
+      checks: none
+      contents: write # for pushing gh-pages branch
+      deployments: none
+      issues: none
+      packages: none
+      pull-requests: none
+      repository-projects: none
+      security-events: none
+      statuses: none
+      id-token: none
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - run: pip install mkdocs mkdocs-material mkdocs-gen-files mkdocs-literate-nav mkdocs-section-index
+      - run: mkdocs build
+      - run: mkdocs gh-deploy
+        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml
new file mode 100644
index 0000000..eac39e4
--- /dev/null
+++ b/.github/workflows/schedule.yaml
@@ -0,0 +1,12 @@
+name: Scheduled tasks
+
+on:
+  schedule:
+    - cron:  '13 12 * * *'
+  workflow_dispatch:
+
+jobs:
+  call-workflow:
+    uses: radiorabe/actions/.github/workflows/schedule-trivy.yaml@v0.20.3
+    with:
+      image-ref: 'ghcr.io/radiorabe/mariadb:latest'
diff --git a/.github/workflows/semantic-release.yaml b/.github/workflows/semantic-release.yaml
new file mode 100644
index 0000000..331b423
--- /dev/null
+++ b/.github/workflows/semantic-release.yaml
@@ -0,0 +1,13 @@
+name: Semantic Release
+
+on:
+  push:
+    branches:
+      - main
+      - release/*
+
+jobs:
+  call-workflow:
+    uses: radiorabe/actions/.github/workflows/semantic-release.yaml@v0.20.3
+    secrets:
+      RABE_ITREAKTION_GITHUB_TOKEN: ${{ secrets.RABE_ITREAKTION_GITHUB_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..dd325a8
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,15 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+        exclude: ^src/api/client.js$
+      - id: end-of-file-fixer
+        exclude: ^src/api/client.js$
+      - id: check-symlinks
+      - id: check-merge-conflict
+      - id: check-case-conflict
+      - id: detect-aws-credentials
+        args:
+          - --allow-missing-credentials
+      - id: detect-private-key
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..163f1ee
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,107 @@
+FROM quay.io/sclorg/mariadb-105-c9s:20240117 AS upstream
+FROM ghcr.io/radiorabe/ubi9-minimal:0.6.3 AS build
+
+ENV MYSQL_VERSION=10.5 \
+    APP_DATA=/opt/app-root/src \
+    CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/mysql \
+    STI_SCRIPTS_PATH=/usr/libexec/s2i \
+    HOME=/var/lib/mysql
+
+COPY mariadb.repo /etc/yum.repos.d/
+
+RUN    mkdir -p /mnt/rootfs \
+    && microdnf install -y \
+       --releasever 9 \
+       --installroot /mnt/rootfs \
+       --noplugins \
+       --config /etc/dnf/dnf.conf \
+       --setopt install_weak_deps=0 --nodocs \
+       --setopt cachedir=/var/cache/dnf \
+       --setopt reposdir=/etc/yum.repos.d \
+       --setopt varsdir=/etc/yum.repos.d \
+         policycoreutils \
+         rsync \
+         tar \
+         gettext \
+         hostname \
+         bind-utils \
+         groff-base
+
+# Install a s2i like server, put using Oracles RPMs
+# We can switch back to using what RedHat deeps as stable/supported
+# once our deployments catch up to being more modern.
+RUN    chroot /mnt/rootfs groupadd --system --gid 27 mysql \
+    && chroot /mnt/rootfs useradd \
+         --no-create-home \
+         --no-user-group \
+         --shell /sbin/nologin \
+         --uid 27 \
+         --gid 27 \
+         --system \
+           mysql \
+    && rpm --root /mnt/rootfs --import https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB \
+    && rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey) \
+    && microdnf install -y \
+       --releasever 9 \
+       --installroot /mnt/rootfs \
+       --noplugins \
+       --config /etc/dnf/dnf.conf \
+       --setopt install_weak_deps=0 --nodocs \
+       --setopt cachedir=/var/cache/dnf \
+       --setopt reposdir=/etc/yum.repos.d \
+       --setopt varsdir=/etc/yum.repos.d \
+         MariaDB-server \
+         MariaDB-client
+
+RUN    cp \
+         /etc/pki/ca-trust/source/anchors/rabe-ca.crt \
+         /mnt/rootfs/etc/pki/ca-trust/source/anchors/ \
+    && update-ca-trust \
+    && rm \
+         /mnt/rootfs/usr/bin/gsoelim \
+         /mnt/rootfs/usr/sbin/rcmysql \
+         /mnt/rootfs/usr/bin/soelim \
+         /mnt/rootfs/usr/bin/zsoelim \
+    && chmod -f a-s \
+         /mnt/rootfs/usr/bin/* \
+         /mnt/rootfs/usr/sbin/* \
+         /mnt/rootfs/usr/libexec/*/* \
+    && rm -rf \
+         /mnt/rootfs/var/cache/* \
+         /mnt/rootfs/var/log/dnf* \
+         /mnt/rootfs/var/log/yum.*
+
+COPY --from=upstream /usr/libexec/fix-permissions /usr/libexec/container-setup /mnt/rootfs/usr/libexec/
+COPY --from=upstream /bin/cgroup-limits /bin/run-mysqld /bin/container-entrypoint /mnt/rootfs/bin/
+COPY --from=upstream /etc/my.cnf /mnt/rootfs/etc/
+COPY --from=upstream ${STI_SCRIPTS_PATH} /mnt/rootfs/${STI_SCRIPTS_PATH}
+COPY --from=upstream ${CONTAINER_SCRIPTS_PATH} /mnt/rootfs/${CONTAINER_SCRIPTS_PATH}
+
+RUN    chroot /mnt/rootfs ln -s /bin/mariadb-install-db /bin/mysql_install_db \
+    && chroot /mnt/rootfs ln -s /bin/mariadb-admin /bin/mysqladmin \
+    && chroot /mnt/rootfs ln -s /bin/mariadb-upgrade /bin/mysql_upgrade \
+    && chroot /mnt/rootfs ln -s /bin/mariadb /bin/mysql \
+    && chroot /mnt/rootfs ln -s /sbin/mariadbd /usr/libexec/mysqld \
+    && rm -rf /mnt/rootfs/var/lib/mysql
+
+FROM scratch as app
+
+ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/mysql \
+    STI_SCRIPTS_PATH=/usr/libexec/s2i \
+    APP_DATA=/opt/app-root/src \
+    MYSQL_PREFIX=/usr \
+    MYSQL_VERSION=11.2
+
+ENV STI_SCRIPTS_URL=image://${STI_SCRIPTS_PATH}
+
+COPY --from=build /mnt/rootfs/ /
+
+RUN    mkdir -p /var/lib/mysql/data && chown -R mysql.0 /var/lib/mysql \
+    && test "$(id mysql)" = "uid=27(mysql) gid=27(mysql) groups=27(mysql)" \
+    && rm -rf /etc/my.cnf.d/* \
+    && /usr/libexec/container-setup
+
+USER 27
+
+ENTRYPOINT ["container-entrypoint"]
+CMD ["run-mysqld"]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..50b2bd7
--- /dev/null
+++ b/README.md
@@ -0,0 +1,39 @@
+# RaBe nginx Image
+
+[MariaDB](https://mariadb.org) container image based on [RaBe UBI9 Minimal](https://github.com/radiorabe/container-image-ubi9-minimal).
+
+## Usage
+
+Run it as you please.
+
+## Release Management
+
+The CI/CD setup uses semantic commit messages following the [conventional commits standard](https://www.conventionalcommits.org/en/v1.0.0/).
+The workflow is based on the [RaBe shared actions](https://radiorabe.github.io/actions/)
+and uses [go-semantic-commit](https://go-semantic-release.xyz/)
+to create new releases.
+
+The commit message should be structured as follows:
+
+```
+<type>[optional scope]: <description>
+
+[optional body]
+
+[optional footer(s)]
+```
+
+The commit contains the following structural elements, to communicate intent to the consumers of your library:
+
+1. **fix:** a commit of the type `fix` patches gets released with a PATCH version bump
+1. **feat:** a commit of the type `feat` gets released as a MINOR version bump
+1. **BREAKING CHANGE:** a commit that has a footer `BREAKING CHANGE:` gets released as a MAJOR version bump
+1. types other than `fix:` and `feat:` are allowed and don't trigger a release
+
+If a commit does not contain a conventional commit style message you can fix
+it during the squash and merge operation on the PR.
+
+## Build Process
+
+The CI/CD setup uses [Docker build-push Action](https://github.com/docker/build-push-action)
+ to publish container images. The workflow is based on the [RaBe shared actions](https://radiorabe.github.io/actions/).
diff --git a/catalog-info.yaml b/catalog-info.yaml
new file mode 100644
index 0000000..ada80a3
--- /dev/null
+++ b/catalog-info.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: mariadb
+  description: MariaDB in UBI9 Minimal
+  annotations:
+    backstage.io/techdocs-ref: dir:.
+    github.com/project-slug: radiorabe/container-image-mariadb
+  links:
+    - url: https://mariadb.com/kb/en/documentation/
+      title: MariaDB Server Documentation
+spec:
+  type: container
+  lifecycle: experimental
+  owner: it-reaktion
+  dependsOn:
+    - component:default/rabe-ubi9-minimal
diff --git a/docs/css/style.css b/docs/css/style.css
new file mode 100644
index 0000000..18a4c32
--- /dev/null
+++ b/docs/css/style.css
@@ -0,0 +1,10 @@
+/* set primary color */
+:root {
+  --md-primary-fg-color:        #00C9BF;
+  --md-accent-fg-color:         #00C9BF;
+}
+
+/* make code selectable on main */
+.highlight .o {
+    user-select: none;
+}
diff --git a/docs/gen_ref_pages.py b/docs/gen_ref_pages.py
new file mode 100644
index 0000000..d2e0a19
--- /dev/null
+++ b/docs/gen_ref_pages.py
@@ -0,0 +1,12 @@
+"""Generate the code reference pages and navigation.
+
+From https://mkdocstrings.github.io/recipes/
+"""
+
+from pathlib import Path
+
+import mkdocs_gen_files
+
+readme = Path("README.md").open("r")
+with mkdocs_gen_files.open("index.md", "w", encoding="utf-8") as index_file:
+    index_file.writelines(readme.read())
diff --git a/mariadb.repo b/mariadb.repo
new file mode 100644
index 0000000..874fdc5
--- /dev/null
+++ b/mariadb.repo
@@ -0,0 +1,4 @@
+[mariadb]
+name = MariaDB
+baseurl = https://rpm.mariadb.org/11.2/centos/$releasever/$basearch
+gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
diff --git a/mkdocs.yml b/mkdocs.yml
new file mode 100644
index 0000000..a2f4efd
--- /dev/null
+++ b/mkdocs.yml
@@ -0,0 +1,47 @@
+site_name: RaBe MariaDB Container Image
+repo_url: https://github.com/radiorabe/container-image-mariadb
+repo_name: radiorabe/container-image-mariadb
+
+theme:
+  name: "material"
+  palette:
+    # Palette toggle for dark mode
+    - scheme: slate
+      toggle:
+        icon: material/brightness-4
+        name: Switch to light mode
+    # Palette toggle for light mode
+    - scheme: default
+      toggle:
+        icon: material/brightness-7
+        name: Switch to dark mode
+  icon:
+    repo: fontawesome/brands/git-alt
+  features:
+    - content.code.copy
+    - content.code.annotate
+    - toc.integrate
+
+markdown_extensions:
+- pymdownx.highlight:
+    anchor_linenums: true
+- pymdownx.inlinehilite
+- pymdownx.snippets
+- pymdownx.superfences
+
+extra_css:
+- css/style.css
+
+plugins:
+- search
+- gen-files:
+    scripts:
+    - docs/gen_ref_pages.py
+- literate-nav
+- section-index
+
+nav:
+  - README: index.md
+
+watch:
+  - README.md