diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..228d23a
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: maven
+    registries: "*"
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "NA:"
+    groups:
+      maven-non-breaking-changes:
+        update-types:
+          - 'minor'
+          - 'patch'
+  - package-ecosystem: docker
+    registries: "*"
+    directory: "/"
+    schedule:
+      interval: weekly
+    commit-message:
+      prefix: "NA:"
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..9d9e028
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,58 @@
+name: Build and Publish Application Image
+
+on:
+  push:
+    tags:
+      - 'ehealthid-relying-party/v[0-9]+.[0-9]+.[0-9]+-[a-z]+.[0-9]+'
+
+jobs:
+  deploy:
+    env:
+      DOCKER_REPO: 'europe-docker.pkg.dev/oviva-pkg/ovi/'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Get version
+        id: version
+        run: |
+          echo "parsing version from ref '$GITHUB_REF'"
+          VERSION=$(echo "$GITHUB_REF" | sed -e 's|.*/ehealthid-relying-party/v\(.*\)|\1|g')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+      - name: Update Version
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          echo "updating version to '$VERSION'"
+          make update-version "VERSION=$VERSION"
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          token_format: access_token
+          workload_identity_provider: projects/155692196363/locations/global/workloadIdentityPools/github-actions-sa/providers/github-actions-sa
+          service_account: gh-wi-main-registry-writer-gh@github-actions-sa.iam.gserviceaccount.com
+      - name: Login to Google Artifact Registry
+        uses: docker/login-action@v2
+        with:
+          registry: europe-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Build and push Image
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          make dist RELEASE_TAG=v$VERSION
+    permissions:
+      contents: read
+      id-token: write
\ No newline at end of file
diff --git a/.github/workflows/spotless.yml b/.github/workflows/spotless.yml
index e59d6f0..cf49635 100644
--- a/.github/workflows/spotless.yml
+++ b/.github/workflows/spotless.yml
@@ -6,24 +6,18 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
-    env:
-      MAVEN_USERNAME: continuousintegration-oviva
-      MAVEN_PASSWORD: ${{ secrets.MAVEN_REPO_TOKEN }}
     permissions:
       contents: read
       packages: read
       checks: write
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: 'temurin'
-          server-id: github
-          server-username: MAVEN_USERNAME
-          server-password: MAVEN_PASSWORD
           cache: 'maven'
       - name: run spotless
         id: spotless
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
index dfb213d..0d79f58 100644
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -11,22 +11,16 @@ on:
 
 jobs:
   test:
-    env:
-      MAVEN_USERNAME: continuousintegration-oviva
-      MAVEN_PASSWORD: ${{ secrets.MAVEN_REPO_TOKEN }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Setup Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
-          java-version: 17
+          java-version: 21
           distribution: 'temurin'
-          server-id: github
-          server-username: MAVEN_USERNAME
-          server-password: MAVEN_PASSWORD
           cache: 'maven'
       - name: Cache SonarCloud packages
         uses: actions/cache@v3
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..88bdf31
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,29 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3
+
+LABEL org.opencontainers.image.source="https://github.com/oviva-ag/ehealthid-relying-party"
+
+ARG JAVA_PACKAGE=java-21-openjdk-headless
+ARG RUN_JAVA_VERSION=1.3.8
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
+
+# Install java and the run-java script
+# Also set up permissions for user `1001`
+RUN microdnf -y install ca-certificates ${JAVA_PACKAGE} \
+    && microdnf -y update \
+    && microdnf clean all \
+    && mkdir /deployments \
+    && chown 1001 /deployments \
+    && chmod "g+rwX" /deployments \
+    && chown 1001:root /deployments \
+    && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
+    && chown 1001 /deployments/run-java.sh \
+    && chmod 540 /deployments/run-java.sh \
+    && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security \
+    && echo "securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN,DRBG:SUN" >> /etc/alternatives/jre/conf/security/java.security
+
+COPY --chown=1001 ehealthid-rp/target/ehealthid-rp-jar-with-dependencies.jar /deployments/
+
+USER 1001
+
+ENTRYPOINT [ "/deployments/run-java.sh" ]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..9e2e877
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,29 @@
+
+MVN=./mvnw
+IMAGE_NAME=ehealthid-relying-party
+VERSION?=$(shell $(MVN) -q -Dexec.executable=echo -Dexec.args='$${project.version}' --non-recursive exec:exec)
+export DOCKER_REPO?=europe-docker.pkg.dev/oviva-pkg/ovi/
+GIT_COMMIT=`git rev-parse HEAD`
+
+.PHONY: update-version test unit-test integration-test setup dist build clean install docker
+
+build:
+	@$(MVN) -T 8 $(MAVEN_CLI_OPTS) -am package
+
+clean:
+	@$(MVN) -T 8 $(MAVEN_CLI_OPTS) -am clean
+
+test:
+	@$(MVN) -B verify
+
+update-version:
+	@$(MVN) -B versions:set "-DnewVersion=$(VERSION)"
+
+docker: build
+	@docker build -t $(IMAGE_NAME):v$(VERSION) .
+
+dist: build
+ifndef RELEASE_TAG
+	$(error RELEASE_TAG is not set)
+endif
+	docker buildx build --push --platform linux/amd64,linux/arm64 --label git-commit=$(GIT_COMMIT) --tag "$(DOCKER_REPO)$(IMAGE_NAME):$(RELEASE_TAG)" .