diff --git a/.github/dockerhub_login.bash b/.github/dockerhub_login.bash
new file mode 100755
index 0000000..e3a9fe1
--- /dev/null
+++ b/.github/dockerhub_login.bash
@@ -0,0 +1,32 @@
+#!/bin/bash
+# http://redsymbol.net/articles/unofficial-bash-strict-mode/
+set -euo pipefail
+IFS=$'\n\t'
+
+# check needed variables are defined
+if [ ! -v DOCKER_USERNAME ] ||\
+    [ ! -v DOCKER_PASSWORD ] ||\
+    [ ! -v DOCKER_REGISTRY ]; then
+    echo "## ERROR: Please define the environs (DOCKER_USERNAME, DOCKER_PASSWORD, DOCKER_REGISTRY) in your CI settings!"
+    exit 1
+fi
+
+# check script needed variables
+if [ ! -v OWNER ]; then
+    echo "## ERROR: incorrect usage of CI. OWNER (e.g. dockerhub organization like {{ cookiecutter.default_docker_registry }} or user private name) not defined!"
+    exit 1
+fi
+
+# only upstream is allowed to push to {{ cookiecutter.default_docker_registry }} repo
+if [ "${OWNER,,}" != "{{ cookiecutter.default_docker_registry }}" ] &&\
+    { [ ! -v DOCKER_REGISTRY ] || [ -z "${DOCKER_REGISTRY}" ] || [ "$DOCKER_REGISTRY" = "{{ cookiecutter.default_docker_registry }}" ]; }; then
+    echo "## ERROR: it is not allowed to push to the main dockerhub repository from a fork!"
+    echo "## Please adapt your CI-defined environs (DOCKER_USERNAME, DOCKER_PASSWORD, DOCKER_REGISTRY)"
+    exit 1
+fi
+
+# these variable must be available securely from the CI
+echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+
+echo "logged into dockerhub successfully, ready to push"
+exit 0
diff --git a/.github/show_system_versions.bash b/.github/show_system_versions.bash
new file mode 100755
index 0000000..c2a3b86
--- /dev/null
+++ b/.github/show_system_versions.bash
@@ -0,0 +1,31 @@
+#!/bin/bash
+# http://redsymbol.net/articles/unofficial-bash-strict-mode/
+set -euo pipefail
+IFS=$'\n\t'
+
+echo "------------------------------ environs -----------------------------------"
+env
+
+echo "------------------------------ uname -----------------------------------"
+uname -a
+lsb_release -a
+
+echo "------------------------------ python -----------------------------------"
+if command -v python; then
+    python --version
+fi
+
+echo "------------------------------ python3 -----------------------------------"
+if command -v python3; then
+    python3 --version
+fi
+
+echo "------------------------------ docker -----------------------------------"
+if command -v docker; then
+    docker version
+fi
+
+echo "------------------------------ docker-compose -----------------------------------"
+if command -v docker-compose; then
+    docker-compose version
+fi
diff --git a/.github/workflows/build-test-publish.yml b/.github/workflows/build-test-publish.yml
new file mode 100644
index 0000000..d91900b
--- /dev/null
+++ b/.github/workflows/build-test-publish.yml
@@ -0,0 +1,53 @@
+name: Github-CI Push/PR dummy
+
+on:
+  push:
+  pull_request:
+
+env:
+  # secrets can be set in settings/secrets on github
+  DOCKER_REGISTRY: {{ "${{ secrets.DOCKER_REGISTRY }}" }}
+  DOCKER_USERNAME: {{ "${{ secrets.DOCKER_USERNAME }}" }}
+  DOCKER_PASSWORD: {{ "${{ secrets.DOCKER_PASSWORD }}" }}
+
+jobs:
+  build:
+    name: building dummy
+    runs-on: {{ "${{ matrix.os }}" }}
+    strategy:
+      matrix:
+        python: [3.9]
+        os: [ubuntu-22.04]
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v3
+      - name: setup python environment
+        uses: actions/setup-python@v4
+        with:
+          python-version: {{ "${{ matrix.python }}" }}
+      - name: show versions
+        run: ./.github/show_system_versions.bash
+      - name: set owner variable
+        run: echo "OWNER=${GITHUB_REPOSITORY%/*}" >> $GITHUB_ENV
+      - name: set docker image tag
+        if: github.ref != 'refs/heads/master'
+        run: echo "DOCKER_IMAGE_TAG=${GITHUB_REF##*/}" >> $GITHUB_ENV
+      - name: get current image if available
+        run: make pull-latest || true
+      - name: build
+        run: |
+          make VERSION
+          make build
+          make info-build
+      - name: test
+        run: make tests
+      # - if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+      #   name: push
+      #   run: |
+      #     ./.github/dockerhub_login.bash
+      #     make push
+      # - if: github.event_name == 'push' && github.ref != 'refs/heads/master'
+      #   name: push
+      #   run: |
+      #     ./.github/dockerhub_login.bash
+      #     make push-version
diff --git a/.github/workflows/check-image.yml b/.github/workflows/check-image.yml
new file mode 100644
index 0000000..0aed71b
--- /dev/null
+++ b/.github/workflows/check-image.yml
@@ -0,0 +1,24 @@
+name: Build and check image
+
+on: [push, pull_request]
+
+jobs:
+  verify-image-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo content
+        uses: actions/checkout@v2
+      - name: ooil version
+        uses: docker://itisfoundation/ci-service-integration-library:v1.0.4
+        with:
+          args: ooil --version
+      - name: Assemble docker compose spec
+        uses: docker://itisfoundation/ci-service-integration-library:v1.0.4
+        with:
+          args: ooil compose
+      - name: Build all images if multiple
+        uses: docker://itisfoundation/ci-service-integration-library:v1.0.4
+        with:
+          args: docker compose build
+      - name: test
+        run: make tests