diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..7aef273
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,54 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - 'v*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.18
+      -
+        name: Cache Go modules
+        uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      -
+        name: Tests
+        run: |
+          go mod tidy
+          go test -v ./...
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Login to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        if: success() && startsWith(github.ref, 'refs/tags/')
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000..403fd67
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,26 @@
+name: "Security Scan"
+
+# Run workflow each time code is pushed to your repository and on a schedule.
+# The scheduled workflow runs every at 00:00 on Sunday UTC time.
+on:
+  push:
+  pull_request:
+  schedule:
+  - cron: '0 0 * * 0'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+    - name: Security Scan
+      uses: securego/gosec@master
+      with:
+        # we let the report trigger content trigger a failure using the GitHub Security features.
+        args: '-no-fail -fmt sarif -out results.sarif ./...'
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        # Path to SARIF file relative to the root of the repository
+        sarif_file: results.sarif
\ No newline at end of file
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
new file mode 100644
index 0000000..918a977
--- /dev/null
+++ b/.goreleaser.yaml
@@ -0,0 +1,24 @@
+project_name: apt-proxy
+builds:
+  - env: [CGO_ENABLED=0]
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+dockers:
+  - image_templates:
+    - "soulteary/apt-proxy:latest"
+    - "soulteary/apt-proxy:{{ .Tag }}"
+    dockerfile: docker/Dockerfile.gorelease
+    build_flag_templates:
+      - "--pull"
+      - --label=org.opencontainers.image.title={{ .ProjectName }}
+      - --label=org.opencontainers.image.description={{ .ProjectName }}
+      - --label=org.opencontainers.image.url=https://github.com/soulteary/apt-proxy
+      - --label=org.opencontainers.image.source=https://github.com/soulteary/apt-proxy
+      - --label=org.opencontainers.image.version={{ .Version }}
+      - --label=org.opencontainers.image.created={{ .Date }}
+      - --label=org.opencontainers.image.revision={{ .FullCommit }}
+      - --label=org.opencontainers.image.licenses=Apache-v2
\ No newline at end of file
diff --git a/cli/cli_test.go b/cli/cli_test.go
index 719ad71..c9bd6fa 100644
--- a/cli/cli_test.go
+++ b/cli/cli_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 )
 
-func TestParseFlags(t *testing.T) {
+func TestParseFlagsAndDaemonInit(t *testing.T) {
 	os.Args = append(os.Args, "--type=not-support-os")
 	flags := ParseFlags()
 
@@ -28,4 +28,12 @@ func TestParseFlags(t *testing.T) {
 	if flags.CacheDir != DEFAULT_CACHE_DIR {
 		t.Fatal("Default option `CacheDir` value mismatch")
 	}
+
+	cache, err := initStore(flags)
+	if err != nil {
+		t.Fatal("Init Store Failed")
+	}
+
+	ap := initProxy(flags, cache)
+	initLogger(flags, ap)
 }
diff --git a/cli/daemon_test.go b/cli/daemon_test.go
deleted file mode 100644
index a7125c0..0000000
--- a/cli/daemon_test.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package cli
-
-import (
-	"testing"
-)
-
-func TestInit(t *testing.T) {
-	flags := ParseFlags()
-
-	cache, err := initStore(flags)
-	if err != nil {
-		t.Fatal("Init Store Failed")
-	}
-
-	ap := initProxy(flags, cache)
-	initLogger(flags, ap)
-}
diff --git a/docker/Dockerfile.gorelease b/docker/Dockerfile.gorelease
new file mode 100644
index 0000000..e8b64b4
--- /dev/null
+++ b/docker/Dockerfile.gorelease
@@ -0,0 +1,8 @@
+FROM alpine:3.15.0 as certs
+RUN apk --update add ca-certificates
+
+FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY apt-proxy /usr/bin/apt-proxy
+EXPOSE 8345/tcp
+ENTRYPOINT ["/usr/bin/apt-proxy"]
\ No newline at end of file