diff --git a/ .gitea/workflows/build.yml b/ .gitea/workflows/build.yml
new file mode 100644
index 0000000..cd7851f
--- /dev/null
+++ b/ .gitea/workflows/build.yml	
@@ -0,0 +1,152 @@
+name: Docker Build and Push
+
+on:
+  push:
+    branches:
+      - main
+      - staging
+    tags:
+      - 'v*'
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+      - 'Dockerfile'
+      - 'Dockerfile.*'
+      - '.dockerignore'
+      - '.gitea/workflows/build.yml'
+
+jobs:
+  build-and-push-branches:
+    runs-on: ubuntu-latest
+    if: github.ref_type == 'branch'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: git.fossy.my.id
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Set version variables
+        id: vars
+        run: |
+          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
+            echo "VERSION=dev-main" >> $GITHUB_OUTPUT
+          else
+            echo "VERSION=dev-staging" >> $GITHUB_OUTPUT
+          fi
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
+
+      - name: Build and push Docker image for main
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:latest
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ steps.vars.outputs.VERSION }}
+            BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.vars.outputs.COMMIT }}
+        if: github.ref == 'refs/heads/main'
+
+      - name: Build and push Docker image for staging
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:staging
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ steps.vars.outputs.VERSION }}
+            BUILD_DATE=${{ steps.vars.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.vars.outputs.COMMIT }}
+        if: github.ref == 'refs/heads/staging'
+
+  build-and-push-tags:
+    runs-on: ubuntu-latest
+    if: github.ref_type == 'tag' && startsWith(github.ref, 'refs/tags/v')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: git.fossy.my.id
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract version and determine release type
+        id: version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/v}
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "COMMIT=${{ github.sha }}" >> $GITHUB_OUTPUT
+          
+          if echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$'; then
+            MAJOR=$(echo "$VERSION" | cut -d. -f1)
+            MINOR=$(echo "$VERSION" | cut -d. -f2)
+          
+            echo "MAJOR=$MAJOR" >> $GITHUB_OUTPUT
+            echo "MINOR=$MINOR" >> $GITHUB_OUTPUT
+          
+            if echo "$VERSION" | grep -q '-'; then
+              echo "IS_PRERELEASE=true" >> $GITHUB_OUTPUT
+              echo "ADDITIONAL_TAG=staging" >> $GITHUB_OUTPUT
+            else
+              echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT
+              echo "ADDITIONAL_TAG=latest" >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "Invalid version format: $VERSION"
+            exit 1
+          fi
+
+      - name: Build and push Docker image for release
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:v${{ steps.version.outputs.VERSION }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:v${{ steps.version.outputs.MAJOR }}.${{ steps.version.outputs.MINOR }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:v${{ steps.version.outputs.MAJOR }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:${{ steps.version.outputs.ADDITIONAL_TAG }}
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ steps.version.outputs.VERSION }}
+            BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.version.outputs.COMMIT }}
+        if: steps.version.outputs.IS_PRERELEASE == 'false'
+
+      - name: Build and push Docker image for pre-release
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:v${{ steps.version.outputs.VERSION }}
+            git.fossy.my.id/${{ secrets.DOCKER_USERNAME }}/tunnel-please-controller:${{ steps.version.outputs.ADDITIONAL_TAG }}
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            VERSION=${{ steps.version.outputs.VERSION }}
+            BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
+            COMMIT=${{ steps.version.outputs.COMMIT }}
+        if: steps.version.outputs.IS_PRERELEASE == 'true'
diff --git a/ .gitea/workflows/renovate.yml b/ .gitea/workflows/renovate.yml
new file mode 100644
index 0000000..7cbb9d2
--- /dev/null
+++ b/ .gitea/workflows/renovate.yml	
@@ -0,0 +1,21 @@
+name: renovate
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+  push:
+    branches:
+      - main
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    container: git.fossy.my.id/renovate-clanker/renovate:latest
+    steps:
+      - uses: actions/checkout@v6
+      - run: renovate
+        env:
+          RENOVATE_CONFIG_FILE: ${{ gitea.workspace }}/renovate-config.js
+          LOG_LEVEL: "debug"
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          GITHUB_COM_TOKEN: ${{ secrets.COM_TOKEN }}
\ No newline at end of file
diff --git a/renovate-config.js b/renovate-config.js
new file mode 100644
index 0000000..212cb36
--- /dev/null
+++ b/renovate-config.js
@@ -0,0 +1,8 @@
+module.exports = {
+    "endpoint": "https://git.fossy.my.id/api/v1",
+    "gitAuthor": "Renovate-Clanker <renovate-bot@fossy.my.id>",
+    "platform": "gitea",
+    "onboardingConfigFileName": "renovate.json",
+    "autodiscover": true,
+    "optimizeForDisabled": true,
+};
\ No newline at end of file
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..6a252b5
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,16 @@
+{
+  "extends": [
+    "config:recommended"
+  ],
+  "packageRules": [
+    {
+      "matchUpdateTypes": [
+        "minor",
+        "patch",
+        "pin",
+        "digest"
+      ],
+      "automerge": true,
+    }
+  ]
+}