diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
deleted file mode 100644
index f970d5d4..00000000
--- a/.github/workflows/build.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: Test & Build
-
-on:
-  pull_request:
-    branches:
-      - main
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: "0"
-      - name: Build Images
-        run: make build
-      - name: Test API
-        run: make up test-api
diff --git a/.github/workflows/partials/build-push-images.yml b/.github/workflows/partials/build-push-images.yml
new file mode 100644
index 00000000..ae690aa8
--- /dev/null
+++ b/.github/workflows/partials/build-push-images.yml
@@ -0,0 +1,90 @@
+name: "[Job] Docker Build, Scan and Push to ECR"
+
+on:
+  workflow_call:
+    inputs:
+      docker_tag:
+        description: "Tag for docker image"
+        required: true
+        type: string
+      checkout_tag:
+        description: "Ref or tag to checkout"
+        default: ${{ github.ref }}
+        required: false
+        type: string
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  id-token: write
+  contents: write
+  security-events: write
+  pull-requests: read
+
+jobs:
+  docker_build_scan_push:
+    strategy:
+      matrix:
+        include:
+          - ecr_repository: lpa-store/lambda/api-create
+            dir: create
+    runs-on: ubuntu-latest
+    name: ${{ matrix.ecr_repository }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.checkout_tag }}
+      - name: Build ${{ matrix.ecr_repository }} Image
+        id: build_image
+        run: |
+          docker build -f ./lambda/Dockerfile -t ${{ matrix.ecr_repository }} --build-arg DIR=${{ matrix.dir }} .
+      - name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }}
+        id: trivy_scan
+        uses: aquasecurity/trivy-action@0.12.0
+        with:
+          image-ref: ${{ matrix.ecr_repository }}:latest
+          severity: "HIGH,CRITICAL"
+          format: "sarif"
+          output: "trivy-results.sarif"
+      - name: Upload Trivy scan results to GitHub Security tab for ${{ matrix.ecr_repository }}
+        id: trivy_upload_sarif
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        with:
+          sarif_file: "trivy-results.sarif"
+      - uses: unfor19/install-aws-cli-action@v1
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-1
+          role-to-assume: arn:aws:iam::311462405659:role/lpa-store-ci
+          role-duration-seconds: 3600
+          role-session-name: GitHubActions
+      - name: ECR Login
+        id: login_ecr
+        uses: aws-actions/amazon-ecr-login@v1.7.0
+        with:
+          mask-password: true
+          registries: 311462405659
+      - name: Output push intentions
+        env:
+          ECR_REGISTRY: ${{ steps.login_ecr.outputs.registry }}
+          ECR_REPOSITORY: ${{ matrix.ecr_repository }}
+        run: |
+          docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ inputs.docker_tag }}
+          echo "Would push $ECR_REGISTRY/$ECR_REPOSITORY"
+      # - name: Push ${{ matrix.ecr_repository }} Image to ECR
+      #   env:
+      #     ECR_REGISTRY: ${{ steps.login_ecr.outputs.registry }}
+      #     ECR_REPOSITORY: ${{ matrix.ecr_repository }}
+      #   run: |
+      #     docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ inputs.docker_tag }}
+      #     if ${{ github.workflow == 'Path To Live' }}; then
+      #       docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
+      #       docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:main-${{ inputs.docker_tag }}
+      #     fi
+      #     docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
new file mode 100644
index 00000000..215ca18d
--- /dev/null
+++ b/.github/workflows/pr.yml
@@ -0,0 +1,83 @@
+name: Test & Build
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  generate-tags:
+    name: Generate tags
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: "0"
+      - name: Extract branch name
+        id: extract_branch
+        run: |
+          if [ "$GITHUB_EVENT_NAME" == "push" ]; then
+            echo BRANCH_NAME=main >> $GITHUB_ENV
+          else
+            branch=${{ github.head_ref }}
+            branch=${branch//-}
+            branch=${branch//_}
+            branch=${branch//\/}
+            echo BRANCH_NAME=${branch} >> $GITHUB_ENV
+          fi
+      - name: Bump version
+        id: bump_version
+        uses: anothrNick/github-tag-action@1.67.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          INITIAL_VERSION: 0.0.0
+          DEFAULT_BUMP: minor
+          PRERELEASE: true
+          PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }}
+          RELEASE_BRANCHES: main
+          WITH_V: true
+    outputs:
+      docker_tag: ${{ steps.bump_version.outputs.tag }}
+
+  generate-environment-workspace-name:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate workspace name
+        id: name_workspace
+        run: |
+          workspace=${{ github.event.number }}${{ github.head_ref }}
+          workspace=${workspace//-}
+          workspace=${workspace//_}
+          workspace=${workspace//\/}
+          workspace=${workspace:0:11}
+          workspace=$(echo ${workspace} | tr '[:upper:]' '[:lower:]')
+          echo "name=${workspace}" >> $GITHUB_OUTPUT
+          echo ${workspace}
+    outputs:
+      environment_workspace_name: ${{ steps.name_workspace.outputs.name }}
+
+  build:
+    name: Build, Scan & Push Images
+    needs: [generate-tags]
+    uses: ./.github/workflows/partials/build-push-images.yml
+    with:
+      docker_tag: ${{ needs.generate-tags.outputs.docker_tag }}
+    secrets:
+      aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+  # deploy-pr-env:
+  #   name: Deploy PR Environment
+  #   needs: [build, generate-environment-workspace-name]
+  #   uses: ./.github/workflows/partials/deploy.yml
+  #   with:
+  #     workspace_name: ${{ needs.generate-environment-workspace-name.outputs.environment_workspace_name }}
+  #     version_tag: ${{ needs.generate-tags.outputs.docker_tag }}
+  #   secrets:
+  #     aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  #     aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/validate-api.yaml b/.github/workflows/validate-api.yaml
index 8a7265f7..41fd0be8 100644
--- a/.github/workflows/validate-api.yaml
+++ b/.github/workflows/validate-api.yaml
@@ -13,7 +13,7 @@ jobs:
     name: Validate
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - uses: actions/setup-node@v3