diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
new file mode 100644
index 0000000..0d91f8d
--- /dev/null
+++ b/.github/workflows/pr.yml
@@ -0,0 +1,40 @@
+name: Validate PR
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - '*.sln'
+      - 'Dockerfile'
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
+      - uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: '8'
+      - name: Check if the project is well formatted
+        run: |
+          ./scripts/start-check-formatting.sh
+      - name: Install dotnet-sonarscanner
+        run: |
+          dotnet tool install --global dotnet-sonarscanner
+      - name: Build the project, run all tests, and publish the test results
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          PR_SOURCE_BRANCH: ${{ github.head_ref }}
+          PR_TARGET_BRANCH: ${{ github.base_ref }}
+          GITHUB_PR_NUMBER: ${{github.event.pull_request.number}}
+        run: |
+          set -e
+          docker compose up -d db
+          ./scripts/start-sonarcloud.sh
diff --git a/.github/workflows/publish-coverage.yml b/.github/workflows/publish-coverage.yml
new file mode 100644
index 0000000..0f6b55c
--- /dev/null
+++ b/.github/workflows/publish-coverage.yml
@@ -0,0 +1,49 @@
+name: Publish package and coverage report
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - '*.sln'
+      - 'Directory.Build.props'
+
+jobs:
+  publish-coverage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
+      - name: Install dotnet-sonarscanner
+        run: |
+          dotnet tool install --global dotnet-sonarscanner
+      - name: Build the project, run all tests and publish to SonarCloud
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          PROJECT_VERSION: ${{ github.sha }}
+          SOURCE_BRANCH_NAME: ${{ github.ref_name }}
+        run: |
+          set -e
+          docker compose up -d db
+          ./scripts/start-sonarcloud.sh
+  publish-package:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Generate package
+        run: |
+          dotnet pack ./src -c Release -o out -p:IncludeSymbols=true -p:SymbolPackageFormat=snupkg
+      - name: Push nuget
+        run: |
+          dotnet nuget push out/*.nupkg --api-key ${{ secrets.NUGET_API_KEY }} --source ${{ secrets.NUGET_SERVER }} --skip-duplicate
+      - name: Publish to NuGet
+        run: |
+          ./scripts/start-nuget.sh ${{ secrets.NUGET_API_KEY }}
diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml
new file mode 100644
index 0000000..5c246db
--- /dev/null
+++ b/.github/workflows/publish-package.yml
@@ -0,0 +1,29 @@
+name: Publish coverage report
+
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+*'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  publish-coverage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Generate package
+        run: |
+          TAG_NAME=${GITHUB_REF#refs/tags/}
+          dotnet pack -o out -p:PackageVersion=$TAG_NAME
+      - name: Push package
+        run: |
+          dotnet nuget push out/*.nupkg \
+            --api-key ${{ secrets.PUBLIC_NUGET_API_KEY }} \
+            --source "https://api.nuget.org/v3/index.json" \
+            --skip-duplicate
diff --git a/scripts/start-sonarcloud.sh b/scripts/start-sonarcloud.sh
new file mode 100755
index 0000000..2f4f713
--- /dev/null
+++ b/scripts/start-sonarcloud.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -eu -o pipefail
+
+# You should start the scanner prior building your project and running your tests
+if [ -n "${PR_SOURCE_BRANCH:-}" ]; then
+  dotnet sonarscanner begin \
+    /d:sonar.login="$SONAR_TOKEN" \
+    /k:"juntossomosmais_AspNetCore.RestFramework" \
+    /o:"juntossomosmais" \
+    /d:sonar.host.url="https://sonarcloud.io" \
+    /d:sonar.cs.opencover.reportsPaths="**/*/coverage.opencover.xml" \
+    /d:sonar.cs.vstest.reportsPaths="**/*/*.trx" \
+    /d:sonar.pullrequest.base="$PR_TARGET_BRANCH" \
+    /d:sonar.pullrequest.branch="$PR_SOURCE_BRANCH" \
+    /d:sonar.pullrequest.key="$GITHUB_PR_NUMBER"
+else
+  dotnet sonarscanner begin \
+    /d:sonar.login="$SONAR_TOKEN" \
+    /v:"$PROJECT_VERSION" \
+    /k:"juntossomosmais_AspNetCore.RestFramework" \
+    /o:"juntossomosmais" \
+    /d:sonar.host.url="https://sonarcloud.io" \
+    /d:sonar.cs.opencover.reportsPaths="**/*/coverage.opencover.xml" \
+    /d:sonar.cs.vstest.reportsPaths="**/*/*.trx" \
+    /d:sonar.branch.name="$SOURCE_BRANCH_NAME"
+fi
+
+# Now we can run our tests as usual
+./scripts/start-tests.sh
+
+# Now we can collect the results 👍
+dotnet sonarscanner end /d:sonar.login="$SONAR_TOKEN"
diff --git a/scripts/start-tests.sh b/scripts/start-tests.sh
index 13b0bbd..f43c81d 100755
--- a/scripts/start-tests.sh
+++ b/scripts/start-tests.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e