diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 04515f1b..a7f39e40 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -10,18 +10,31 @@ env:
   GOPATH: /home/runner/go/
   GOPROXY: "https://proxy.golang.org"
 jobs:
-  build:
-    name: Build
+  prepare:
+    name: Prepare release
     runs-on: ubuntu-latest
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    outputs:
+      new_release_version: ${{ steps.semantic_release.outputs.new_release_version }}
+      new_release_published: ${{ steps.semantic_release.outputs.new_release_published }}
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - name: Checkout
+        uses: actions/checkout@v4
         with:
-          go-version-file: go.mod
-          check-latest: true
-      - run: PATH=$PATH:$GOPATH/bin make build
-  image:
-    name: Build image
+          fetch-depth: 0
+          token: ${{ secrets.PLURAL_BOT_PAT }}
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v3
+        id: semantic_release
+        with:
+          dry_run: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.PLURAL_BOT_PAT }}
+          NODE_AUTH_TOKEN: ${{ secrets.PLURAL_BOT_NPM_TOKEN }}
+  build:
+    name: Build
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -29,7 +42,7 @@ jobs:
         with:
           go-version-file: go.mod
           check-latest: true
-      - run: PATH=$PATH:$GOPATH/bin make docker-build
+      - run: PATH=$PATH:$GOPATH/bin make build
   test:
     name: Unit test
     runs-on: ubuntu-latest
@@ -55,7 +68,9 @@ jobs:
   publish:
     name: Build and push Agent container
     runs-on: ubuntu-20.04
-    needs: test
+    needs:
+    - prepare
+    - test
     permissions:
       contents: 'read'
       id-token: 'write'
@@ -77,30 +92,11 @@ jobs:
             type=sha
             type=ref,event=pr
             type=ref,event=branch
+            type=semver,pattern={{version}},value=${{ needs.prepare.outputs.new_release_version }}
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v2
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
-    # - uses: google-github-actions/auth@v1
-    #   with:
-    #     workload_identity_provider: 'projects/${{ secrets.GOOGLE_PROJECT_ID }}/locations/global/workloadIdentityPools/github/providers/github'
-    #     service_account: 'terraform@pluralsh.iam.gserviceaccount.com'
-    #     token_format: 'access_token'
-    #     create_credentials_file: true
-    # - uses: google-github-actions/setup-gcloud@v1.0.1
-    # - name: Login to gcr
-    #   run: gcloud auth configure-docker -q
-    # - name: installing plural
-    #   id: plrl
-    #   uses: pluralsh/setup-plural@v0.1.9
-    #   with:
-    #     email: gh-actions@plural.sh
-    # - name: Login to plural registry
-    #   uses: docker/login-action@v2
-    #   with:
-    #     registry: dkr.plural.sh
-    #     username: gh-actions@plural.sh
-    #     password: ${{ steps.plrl.outputs.token }}
     - name: Login to GHCR
       uses: docker/login-action@v3
       with:
@@ -115,16 +111,36 @@ jobs:
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
-        platforms: linux/amd64
+        platforms: linux/amd64,linux/arm64
         cache-from: type=gha
         cache-to: type=gha,mode=max
         build-args: |
           GIT_COMMIT=${{ github.sha }}
-    - name: slack webhook
-      uses: 8398a7/action-slack@v3
-      with:
-        status: ${{ job.status }}
-        fields: workflow,job,repo,message,commit,author
-      env:
-        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required
-      if: always()
\ No newline at end of file
+  release:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    if: github.event_name != 'pull_request'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.PLURAL_BOT_PAT }}
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v3
+        id: semantic_release
+        if: github.event_name != 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ secrets.PLURAL_BOT_PAT }}
+          NODE_AUTH_TOKEN: ${{ secrets.PLURAL_BOT_NPM_TOKEN }}
+      - name: slack webhook
+        uses: 8398a7/action-slack@v3
+        with:
+          status: ${{ job.status }}
+          fields: workflow,job,repo,message,commit,author
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} # required
+        if: always()
diff --git a/.github/workflows/semantic-pr.yaml b/.github/workflows/semantic-pr.yaml
new file mode 100644
index 00000000..cc02fbbc
--- /dev/null
+++ b/.github/workflows/semantic-pr.yaml
@@ -0,0 +1,18 @@
+name: "Semantic PR"
+
+on:
+  workflow_dispatch:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+jobs:
+  main:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.releaserc b/.releaserc
new file mode 100644
index 00000000..216868d6
--- /dev/null
+++ b/.releaserc
@@ -0,0 +1,14 @@
+{
+  "branches": ["main"],
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits"
+      }
+    ],
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/npm",
+    "@semantic-release/github"
+  ]
+}