diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 86c204e..96ee237 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
       contents: read
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4.1.7
+        uses: actions/checkout@v4.2.2
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -25,8 +25,8 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY_URL }}
-          username: ${{ gitea.actor }}
-          password: ${{ secrets.GITEA_TOKEN }}
+          username: ${{ vars.PACKAGES_REGISTRY_USERNAME }}
+          password: ${{ secrets.PACKAGES_REGISTRY_PASSWORD }}
 
       - name: Build and push Docker image
         id: push
@@ -34,5 +34,4 @@ jobs:
         with:
           context: .
           push: true
-          tags: |
-            ${{ env.REGISTRY_URL }}/${{ gitea.repository }}:latest
+          tags: ${{ env.REGISTRY_URL }}/${{ gitea.repository }}:latest
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..1075379
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,26 @@
+{
+  "extends": [
+    "config:recommended"
+  ],
+  "ignorePaths": [
+    "**/.archive/**"
+  ],
+  "platformCommit": "enabled",
+  "dependencyDashboardAutoclose": true,
+  "assignAutomerge": true,
+  "assigneesFromCodeOwners": true,
+  "rebaseWhen": "behind-base-branch",
+  "rollbackPrs": true,
+  "labels": [
+    "type/dependencies"
+  ],
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": [
+      "security",
+      "type/dependencies"
+    ],
+    "commitMessagePrefix": "[SECURITY] ",
+    "prCreation": "immediate"
+  }
+}