diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 0000000..bced958
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,20 @@
+---
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+
+changelog:
+  exclude:
+    labels:
+      - skip-changelog
+
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - backwards-incompatible
+
+    - title: New Features 🎉
+      labels:
+        - enhancement
+
+    - title: Other Changes
+      labels:
+        - "*"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4990885..af141e2 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -57,14 +57,13 @@ jobs:
         with:
           image-ref: 'ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }}'
           format: 'sarif'
-          output: 'trivy-results.sarif'
+          output: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif'
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: 'trivy-results.sarif'
-          matrix: ${{ toJson(matrix) }}
+          sarif_file: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif'
 
       # - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
       #   uses: aquasecurity/trivy-action@master
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index c708d34..6bbf7dc 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -1,14 +1,12 @@
 ---
-name: "Pull Request Labeler"
+name: Labeler 🏷️
 
 on:
-  pull_request_target: {}
+  - pull_request_target
 
 jobs:
   labeler:
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/labeler@v5
+    name: Labeler
+    uses: voxpupuli/crafty/.github/workflows/labeler.yml@main
+    with:
+      allowed_owner: ${{ github.repository_owner }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..c58610c
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,14 @@
+---
+name: Release 🚀
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  release:
+    name: Release
+    uses: voxpupuli/crafty/.github/workflows/release.yml@main
+    with:
+      allowed_owner: ${{ github.repository_owner }}