diff --git a/.github/release-configs/argocd-cmp-hk-deployment.yml b/.github/release-configs/argocd-cmp-hk-deployment.yml
deleted file mode 100644
index 2310e6d..0000000
--- a/.github/release-configs/argocd-cmp-hk-deployment.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-include-paths:
-  - "images/argocd-cmp-hk-deployment"
-  - ".github/workflows/__prepare-release.yml"
-template: |
-  # What's Changed
-  $CHANGES
-  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...argocd-cmp-hk-deployment-$RESOLVED_VERSION
-name-template: "Version argocd-cmp-hk-deployment - $RESOLVED_VERSION"
-tag-template: "argocd-cmp-hk-deployment-$RESOLVED_VERSION"
-tag-prefix: "argocd-cmp-hk-deployment-"
-prerelease-identifier: "rc"
-version-resolver:
-  major:
-    labels:
-      - "release-major"
-  minor:
-    labels:
-      - "release-minor"
-  patch:
-    labels:
-      - "release-patch"
-  default: patch
-autolabeler:
-  - label: "release-major"
-    title:
-      - "/^BREAKING CHANGE:/"
-      - "/^\\w+!:/"
-      - "/^\\w+\\(.+\\)!:/"
-  - label: "release-minor"
-    title:
-      - "/^feat:/"
-      - "/^feat\\(.+\\):/"
diff --git a/.github/release-configs/ci-helm.yml b/.github/release-configs/ci-helm.yml
deleted file mode 100644
index 467fdd8..0000000
--- a/.github/release-configs/ci-helm.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-include-paths:
-  - "images/ci-helm"
-  - ".github/workflows/__prepare-release.yml"
-template: |
-  # What's Changed
-  $CHANGES
-  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...ci-helm-$RESOLVED_VERSION
-name-template: "Version ci-helm - $RESOLVED_VERSION"
-tag-template: "ci-helm-$RESOLVED_VERSION"
-tag-prefix: "ci-helm-"
-prerelease-identifier: "rc"
-version-resolver:
-  major:
-    labels:
-      - "release-major"
-  minor:
-    labels:
-      - "release-minor"
-  patch:
-    labels:
-      - "release-patch"
-  default: patch
-autolabeler:
-  - label: "release-major"
-    title:
-      - "/^BREAKING CHANGE:/"
-      - "/^\\w+!:/"
-      - "/^\\w+\\(.+\\)!:/"
-  - label: "release-minor"
-    title:
-      - "/^feat:/"
-      - "/^feat\\(.+\\):/"
diff --git a/.github/release-configs/mydumper.yml b/.github/release-configs/mydumper.yml
deleted file mode 100644
index 520055e..0000000
--- a/.github/release-configs/mydumper.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-include-paths:
-  - "images/mydumper"
-  - ".github/workflows/__prepare-release.yml"
-template: |
-  # What's Changed
-  $CHANGES
-  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...mydumper-$RESOLVED_VERSION
-name-template: "Version mydumper - $RESOLVED_VERSION"
-tag-template: "mydumper-$RESOLVED_VERSION"
-tag-prefix: "mydumper-"
-prerelease-identifier: "rc"
-version-resolver:
-  major:
-    labels:
-      - "release-major"
-  minor:
-    labels:
-      - "release-minor"
-  patch:
-    labels:
-      - "release-patch"
-  default: patch
-autolabeler:
-  - label: "release-major"
-    title:
-      - "/^BREAKING CHANGE:/"
-      - "/^\\w+!:/"
-      - "/^\\w+\\(.+\\)!:/"
-  - label: "release-minor"
-    title:
-      - "/^feat:/"
-      - "/^feat\\(.+\\):/"
diff --git a/.github/release-configs/testcontainers-node.yml b/.github/release-configs/testcontainers-node.yml
deleted file mode 100644
index 481c592..0000000
--- a/.github/release-configs/testcontainers-node.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-include-paths:
-  - "images/testcontainers-node"
-  - ".github/workflows/__prepare-release.yml"
-template: |
-  # What's Changed
-  $CHANGES
-  **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...testcontainers-node-$RESOLVED_VERSION
-name-template: "Version testcontainers-node - $RESOLVED_VERSION"
-tag-template: "testcontainers-node-$RESOLVED_VERSION"
-tag-prefix: "testcontainers-node-"
-prerelease-identifier: "rc"
-version-resolver:
-  major:
-    labels:
-      - "release-major"
-  minor:
-    labels:
-      - "release-minor"
-  patch:
-    labels:
-      - "release-patch"
-  default: patch
-autolabeler:
-  - label: "release-major"
-    title:
-      - "/^BREAKING CHANGE:/"
-      - "/^\\w+!:/"
-      - "/^\\w+\\(.+\\)!:/"
-  - label: "release-minor"
-    title:
-      - "/^feat:/"
-      - "/^feat\\(.+\\):/"
diff --git a/.github/workflows/__main-ci.yml b/.github/workflows/__main-ci.yml
index 8981346..1d4d884 100644
--- a/.github/workflows/__main-ci.yml
+++ b/.github/workflows/__main-ci.yml
@@ -43,7 +43,7 @@ jobs:
   release:
     needs: ci
     if: github.event_name != 'schedule'
-    uses: hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml@5ff7d4c3910971ed53834becd5967271b4e228cf # 0.21.1
+    uses: hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml@b56be562f38e0e3e712f09691a8fe930aae9db1b # 0.22.0
     permissions:
       contents: read
     with:
diff --git a/.github/workflows/__prepare-release.yml b/.github/workflows/__prepare-release.yml
index 645b12a..0330503 100644
--- a/.github/workflows/__prepare-release.yml
+++ b/.github/workflows/__prepare-release.yml
@@ -13,10 +13,6 @@ jobs:
   release:
     uses: ./.github/workflows/prepare-release.yml
     permissions:
-      contents: write
+      contents: read
       id-token: write
       pull-requests: write
-    with:
-      github-app-id: ${{ vars.CI_BOT_APP_ID }}
-    secrets:
-      github-app-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}
diff --git a/.github/workflows/docker-build-images.yml b/.github/workflows/docker-build-images.yml
index 4c4ed59..6e50aa6 100644
--- a/.github/workflows/docker-build-images.yml
+++ b/.github/workflows/docker-build-images.yml
@@ -135,7 +135,7 @@ jobs:
   build-images:
     needs: prepare-images-to-build
     if: needs.prepare-images-to-build.outputs.images
-    uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@df8b445f6cc9661dcb282d897d7146a82e5f2960 # 0.31.0
+    uses: hoverkraft-tech/ci-github-container/.github/workflows/docker-build-images.yml@bcbbcaff24e053e38ebab02dd0e41442df196719 # 0.32.0
     permissions:
       contents: read
       issues: read
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
index 64cafd3..db19a53 100644
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -13,20 +13,10 @@ on:
         type: string
         default: '["ubuntu-latest"]'
         required: false
-      github-app-id:
-        description: |
-          GitHub App ID to generate GitHub token in place of github-token.
-          See https://github.com/actions/create-github-app-token.
-        required: false
-        type: string
     secrets:
       github-token:
         description: |
-          GitHub token with permissions `contents: write`, `pull-requests: write`.
-      github-app-key:
-        description: |
-          GitHub App private key to generate GitHub token in place of github-token.
-          See https://github.com/actions/create-github-app-token.
+          GitHub token with permissions `contents: read`, `pull-requests: write`.
 
 concurrency:
   group: ${{ github.workflow }}-images-${{ github.event.number || github.ref }}
@@ -40,22 +30,22 @@ jobs:
     permissions:
       contents: read
       id-token: write # Needed for getting local workflow actions
+    with:
+      runs-on: ${{ inputs.runs-on }}
 
   prepare-release:
-    uses: hoverkraft-tech/ci-github-publish/.github/workflows/prepare-release.yml@5ff7d4c3910971ed53834becd5967271b4e228cf # 0.21.1
+    uses: hoverkraft-tech/ci-github-publish/.github/workflows/prepare-release.yml@b56be562f38e0e3e712f09691a8fe930aae9db1b # 0.22.0
     needs: get-available-images-matrix
     strategy:
       matrix:
         image: ${{ fromJson(needs.get-available-images-matrix.outputs.images-matrix) }}
       fail-fast: false
     permissions:
-      contents: write
+      contents: read
       id-token: write
       pull-requests: write
     with:
       runs-on: ${{ inputs.runs-on }}
-      github-app-id: ${{ inputs.github-app-id || null }}
       working-directory: images/${{ matrix.image }}
     secrets:
       github-token: ${{ secrets.github-token || null }}
-      github-app-key: ${{ secrets.github-app-key || null }}
diff --git a/.github/workflows/prune-pull-requests-images-tags.yml b/.github/workflows/prune-pull-requests-images-tags.yml
index 822e2f8..dd7c140 100644
--- a/.github/workflows/prune-pull-requests-images-tags.yml
+++ b/.github/workflows/prune-pull-requests-images-tags.yml
@@ -34,7 +34,7 @@ jobs:
       packages: write
       pull-requests: read
     needs: get-available-images-matrix
-    uses: hoverkraft-tech/ci-github-container/.github/workflows/prune-pull-requests-images-tags.yml@df8b445f6cc9661dcb282d897d7146a82e5f2960 # 0.31.0
+    uses: hoverkraft-tech/ci-github-container/.github/workflows/prune-pull-requests-images-tags.yml@bcbbcaff24e053e38ebab02dd0e41442df196719 # 0.32.0
     with:
       runs-on: ${{ inputs.runs-on }}
       images: ${{ needs.get-available-images-matrix.outputs.images-matrix }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 879fe20..0211e99 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -221,7 +221,7 @@ jobs:
       fail-fast: false
     steps:
       - id: create-release
-        uses: hoverkraft-tech/ci-github-publish/actions/release/create@5ff7d4c3910971ed53834becd5967271b4e228cf # 0.21.1
+        uses: hoverkraft-tech/ci-github-publish/actions/release/create@b56be562f38e0e3e712f09691a8fe930aae9db1b # 0.22.0
         with:
           prerelease: ${{ inputs.prerelease }}
           working-directory: images/${{ matrix.image }}
diff --git a/Makefile b/Makefile
index 404e453..30ee6b6 100644
--- a/Makefile
+++ b/Makefile
@@ -50,6 +50,10 @@ test-all: ## Run tests for all images
 		$(MAKE) test "$$image_name" || exit 1; \
 	done
 
+ci: ## Run full CI checks (lint + tests)
+	$(MAKE) lint-fix
+	$(MAKE) test-all
+
 define run_linter
 	DEFAULT_WORKSPACE="$(CURDIR)"; \
 	LINTER_IMAGE="linter:latest"; \