diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 77c61c6..f63d9c8 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -13,8 +13,9 @@ permissions:
 jobs:
   labeler:
     name: Labeler
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'voxpupuli'
     permissions:
       pull-requests: write
-    uses: voxpupuli/crafty/.github/workflows/labeler.yml@main
-    with:
-      allowed_owner: ${{ github.repository_owner }}
+    steps:
+      - uses: actions/labeler@v6
diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml
index 1417f99..51271ef 100644
--- a/.github/workflows/markdownlint.yml
+++ b/.github/workflows/markdownlint.yml
@@ -1,4 +1,7 @@
 ---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
 name: Markdown Lint
 
 on:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index aefadfa..fdce03a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,11 @@ permissions:
 jobs:
   release:
     name: Release
-    uses: voxpupuli/crafty/.github/workflows/release.yml@main
-    with:
-      allowed_owner: openvoxproject
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Create Release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh release create --repo ${{ github.repository }} ${{ github.ref_name }} --generate-notes
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
new file mode 100644
index 0000000..b39544d
--- /dev/null
+++ b/.github/workflows/shellcheck.yml
@@ -0,0 +1,41 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: 🚦 CI / Shell Check
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  shellcheck:
+    name: 'Shell Check'
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+    steps:
+    - name: Repository checkout
+      uses: actions/checkout@v5
+      with:
+        # Differential ShellCheck requires full git history
+        fetch-depth: 0
+
+    - id: ShellCheck
+      name: Differential ShellCheck
+      uses: redhat-plumbers-in-action/differential-shellcheck@v5
+      with:
+        scan-directory: '.'
+
+    - if: always()
+      name: Upload artifact with ShellCheck defects in SARIF format
+      uses: actions/upload-artifact@v5
+      with:
+        name: Differential ShellCheck SARIF
+        path: ${{ steps.ShellCheck.outputs.sarif }}
diff --git a/renovate.json b/renovate.json
index 186a559..1ae3606 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,5 +1,6 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "addLabels": [ "dependencies", "renovate" ],
   "assigneesFromCodeOwners": true,
   "automerge": true,
   "automergeType": "pr",
@@ -26,17 +27,15 @@
       "registryUrlTemplate": "https://apt.voxpupuli.org?suite=ubuntu24.04&components=openvox{{openVoxRelease}}&binaryArch=amd64"
     }
   ],
-  "extends": [
-    "config:recommended"
-  ],
-  "addLabels": [
-    "dependencies",
-    "renovate"
-  ],
+  "extends": [ "config:recommended", ":prImmediately" ],
   "vulnerabilityAlerts": {
-    "enabled": true,
-    "addLabels": [
-      "security"
-    ]
-  }
+    "addLabels": [ "security" ],
+    "enabled": true
+  },
+  "packageRules": [
+    {
+      "matchPackagePatterns": [".*"],
+      "dependencyDashboardApproval": false
+    }
+  ]
 }