diff --git a/.github/workflows/autoupdate.yaml b/.github/workflows/autoupdate.yaml
new file mode 100644
index 0000000..10c079c
--- /dev/null
+++ b/.github/workflows/autoupdate.yaml
@@ -0,0 +1,20 @@
+name: Autoupdate go.mod and go.sum
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 3 * * *"
+
+permissions:
+  contents: write
+  actions: write
+  pull-requests: write
+  security-events: write
+
+jobs:
+  autoupdate:
+    uses: lukaszraczylo/shared-actions/.github/workflows/go-autoupdate.yaml@main
+    with:
+      go-version: ">=1.25"
+      release-workflow: "release.yaml"
+    secrets: inherit
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5fdccf9..931376d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,4 +1,4 @@
-name: CI
+name: Pull Request
 
 on:
   pull_request:
@@ -6,102 +6,18 @@ on:
       - main
   push:
     branches:
-      - main
-    paths-ignore:
-      - "**.md"
-      - "docs/**"
-      - "examples/**"
+      - "**"
+      - "!main"
 
 permissions:
-  contents: read
+  contents: write
+  actions: write
+  pull-requests: write
+  security-events: write
 
 jobs:
-  test:
-    name: Test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.25"
-          cache: true
-
-      - name: Go mod tidy
-        run: go mod tidy && git diff --exit-code
-
-      - name: Go mod verify
-        run: go mod verify
-
-      - name: Format check
-        run: |
-          go fmt ./...
-          git diff --exit-code
-
-      - name: Vet
-        run: go vet ./...
-
-      - name: Test
-        run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
-
-      - name: Upload coverage
-        uses: codecov/codecov-action@v4
-        with:
-          file: ./coverage.out
-          flags: unittests
-          name: codecov-kubemirror
-
-  lint:
-    name: Lint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.25"
-          cache: true
-
-      - name: Install staticcheck
-        run: go install honnef.co/go/tools/cmd/staticcheck@latest
-
-      - name: Install gosec
-        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
-
-      - name: Install deadcode
-        run: go install golang.org/x/tools/cmd/deadcode@latest
-
-      - name: Run staticcheck
-        run: staticcheck ./...
-
-      - name: Run gosec
-        run: gosec -exclude=G115 ./...
-
-      - name: Run deadcode
-        run: deadcode ./...
-
-  bench:
-    name: Benchmark
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.25"
-          cache: true
-
-      - name: Run benchmarks
-        run: go test -race -bench=. -benchmem ./... | tee benchmark.txt
-
-      - name: Upload benchmark results
-        uses: actions/upload-artifact@v4
-        with:
-          name: benchmark-results
-          path: benchmark.txt
+  pr-checks:
+    uses: lukaszraczylo/shared-actions/.github/workflows/go-pr.yaml@main
+    with:
+      go-version: ">=1.25"
+    secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 4ee6639..5d4a96c 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -13,36 +13,10 @@ permissions:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.25"
-          cache: true
-
-      - name: Install cosign
-        uses: sigstore/cosign-installer@v3
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
-        with:
-          version: latest
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    uses: lukaszraczylo/shared-actions/.github/workflows/go-release.yaml@main
+    with:
+      go-version: ">=1.25"
+    secrets: inherit
 
   publish-helm-chart:
     needs: release
@@ -65,7 +39,12 @@ jobs:
           GH_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
           RELEASE_VERSION: ${{ steps.version.outputs.version }}
         run: |
-          gh api repos/lukaszraczylo/helm-charts/dispatches             -f event_type=release-chart             -f client_payload[chart_name]=kubemirror             -f client_payload[version]="$RELEASE_VERSION"             -f client_payload[source_repo]=lukaszraczylo/kubemirror             -f client_payload[chart_path]=charts/kubemirror
+          gh api repos/lukaszraczylo/helm-charts/dispatches \
+            -f event_type=release-chart \
+            -f client_payload[chart_name]=kubemirror \
+            -f client_payload[version]="$RELEASE_VERSION" \
+            -f client_payload[source_repo]=lukaszraczylo/kubemirror \
+            -f client_payload[chart_path]=charts/kubemirror
 
   publish-website:
     needs: release