diff --git a/.forgejo/workflows/sonarqube.yaml b/.forgejo/workflows/sonarqube.yaml
new file mode 100644
index 0000000..be075e5
--- /dev/null
+++ b/.forgejo/workflows/sonarqube.yaml
@@ -0,0 +1,30 @@
+---
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+name: SonarQube Scan
+jobs:
+  sonarqube:
+    name: "SonarQube Trigger"
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Initialize Environment"
+        uses: https://w9r.dev/w9r.dev/action-setup-environment@v1.1.4
+        with:
+          roleid: "${{ secrets.VAULT_ROLE_ID }}"
+          secretid: "${{ secrets.VAULT_SECRET_ID }}"
+
+      - name: "Cache SonarQube packages"
+        uses: https://github.com/actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+        with:
+          path: ~/.sonar/cache
+          key: "${{ runner.os }}-sonar"
+          restore-keys: "${{ runner.os }}-sonar"
+
+      - name: "SonarQube Scan"
+        run: "mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar"
diff --git a/jreleaser.yml b/jreleaser.yml
new file mode 100644
index 0000000..65c6f37
--- /dev/null
+++ b/jreleaser.yml
@@ -0,0 +1,184 @@
+---
+project:
+  versionPattern: SEMVER
+  snapshot:
+    pattern: .*-SNAPSHOT
+    label: early-access
+    fullChangelog: true
+  description: Cloud Config Server
+  longDescription: |
+    Spring Boot based Cloudconfig Server to provide config to other services
+  authors:
+    - Oliver Weyhmüller
+  tags:
+    - java
+  maintainers:
+    - 'oliver'
+  stereotype: NONE
+  license: MIT
+  inceptionYear: 2025
+  links:
+    homepage: https://w9r.dev/services/cloudconfig
+    documentation: https://w9r.dev/services/cloudconfig/src/branch/main/README.md
+    license: https://spdx.org/licenses/MIT.html
+    vcsBrowser: https://w9r.dev/services/cloudconfig
+  languages:
+    java:
+      groupId: dev.w9r.service
+      artifactId: config
+      version: "21"
+signing:
+  active: ALWAYS
+  armored: true
+  verify: true
+  mode: MEMORY
+  files: true
+  artifacts: true
+  checksums: true
+
+assemble:
+  archive:
+    pom:
+      active: ALWAYS
+      exported: true
+      stereotype: NONE
+      platform:
+        replacements:
+          osx-x86_64: mac
+          aarch_64: aarch64
+          x86_64: amd64
+          linux_musl: alpine
+      archiveName: '{{projectName}}-{{projectVersion}}'
+      distributionType: JAVA_BINARY
+      formats:
+        - ZIP
+        - TAR_GZ
+
+      fileSets:
+        - input: .          # A set of files and directory to include.
+          includes:
+            - 'LICENSE'
+            - 'README.md'
+            - 'CHANGELOG.md'
+            - 'target/config-*.jar'
+
+catalog:
+  sbom:
+    syft:
+      active: ALWAYS
+      distributions: true
+      files: true
+      pack:
+        enabled: false
+        name: '{{projectName}}-{{projectVersion}}-sboms'
+      formats:
+        - SPDX_JSON
+        - CYCLONEDX_JSON
+        - SYFT_JSON
+        - GITHUB_JSON
+        - TABLE
+        - TEXT
+release:
+  gitea:
+    enabled: true
+    connectTimeout: 20
+    readTimeout: 60
+    owner: services
+    name: cloudconfig
+    host: w9r.dev
+    username: releasebot
+    apiEndpoint: https://w9r.dev
+    tagName: "{{projectVersion}}"
+    overwrite: true
+    update:
+      enabled: false
+      sections:
+        - ASSETS
+    skipTag: false
+    skipRelease: false
+    sign: true
+    branch: main
+    uploadAssets: ALWAYS
+    files: true
+    artifacts: true
+    checksums: true
+    signatures: true
+    catalogs: true
+    draft: false
+    prerelease:
+      enabled: false
+      pattern: .*-SNAPSHOT
+    commitAuthor:
+      name: ReleaseBot
+      email: releasebot@w9r.dev
+    milestone:
+      close: true
+      name: '{{tagName}}'
+    issues:
+      enabled: true
+      comment: '🎉 This issue has been resolved in `{{tagName}}` ([Release Notes]({{releaseNotesUrl}}))'
+      applyMilestone: ALWAYS
+      label:
+        name: released
+        color: '#FF0000'
+        description: Issue has been released
+    issueTrackerUrl: https://w9r.dev/services/cloudconfig/issues
+    changelog:
+      enabled: true
+      sort: DESC
+      links: true
+      skipMergeCommits: false
+      formatted: ALWAYS
+      preset: 'conventional-commits'
+      categoryTitleFormat: '### {{categoryTitle}}'
+      contributorsTitleFormat: '### Contributors'
+      content: |
+        {{changelogChanges}}
+        {{changelogContributors}}
+      append:
+        enabled: true
+        title: '## [{{tagName}}]'
+        target: 'CHANGELOG.md'
+        content: |
+          {{changelogTitle}}
+          {{changelogChanges}}
+      contributors:
+        enabled: false
+
+        format: '- {{contributorName}} ({{contributorUsernameAsLink}})'
+      hide:
+        uncategorized: false
+        contributors:
+          - 'ReleaseBot'
+          - 'RenovateBot'
+      labelers:
+        - label: 'issue'
+          title: 'regex:fix:'
+          body: 'Fixes: '
+          order: 1
+      replacers:
+        - search: '\[chore\]\s'
+          replace: ''
+        - search: '/CVE-(\d{4})-(\d+)/g'
+          replace: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-$1-$2'
+
+distributions:
+  pom:
+    artifacts:
+      - path: target/config*.jar
+deploy:
+  maven:
+    artifactory:
+      pom:
+        active: ALWAYS
+        url: https://nexus.w9r.dev/repository/maven-releases
+        snapshotSupported: true
+        authorization: Basic
+        sign: false
+        checksums: true
+        sourceJar: false
+        javadocJar: false
+        verifyPom: true
+        applyMavenCentralRules: false
+        stagingRepositories:
+          - target/staging-deploy
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..00d1242
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>w9r.dev/renovate-config"
+  ]
+}