diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..49ee07f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# Set update schedule for GitHub Actions
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: monthly
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
new file mode 100644
index 0000000..199f45c
--- /dev/null
+++ b/.github/workflows/commitlint.yml
@@ -0,0 +1,30 @@
+name: Conventional Commit Linter
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  commitlint:
+    # cannot use ubuntu-slim here because wagoid/commitlint-github-action requires Docker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Compute number of commits to fetch
+        id: nb-of-commits
+        # `+ 1` for PRs because of the merge commit
+        run: |
+          echo "toParse=$(echo "$EVENT" | jq -r 'if .commits then (.commits | length) else (.pull_request.commits + 1) end')" >> $GITHUB_OUTPUT
+        env:
+          EVENT: ${{ toJSON(github.event) }}
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+        with:
+          persist-credentials: false
+          sparse-checkout: .
+          fetch-depth: ${{ steps.nb-of-commits.outputs.toParse }}
+      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed  # v6.2.1
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
new file mode 100644
index 0000000..cceee55
--- /dev/null
+++ b/.github/workflows/release-please.yml
@@ -0,0 +1,38 @@
+name: release-please
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  release-please:
+    runs-on: ubuntu-slim
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    outputs:
+      release_created:  ${{ steps.release.outputs.release_created }}
+    steps:
+      - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7  # 5.0.0
+        id: release
+        with:
+          release-type: node
+  npm-publish:
+    needs: release-please
+    if: ${{ needs.release-please.outputs.release_created }}
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-slim
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e  # v6.4.0
+        with:
+          node-version: lts/*
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm publish --access public --provenance