diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 00000000..f96de9a5
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,59 @@
+# Version tags only
+
+name: Publish
+
+on:
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+
+env:
+  NODE_VERSION: 18
+
+jobs:
+  npmPublish:
+    name: Publish to npm
+    runs-on: ubuntu-latest
+
+    env:
+      # It'll work with secrets.GITHUB_TOKEN (which is provided by GitHub unconditionally)
+      # Still then release author would be "github-actions". It's better if it's dedicated repo bot
+      GITHUB_TOKEN: ${{ secrets.USER_GITHUB_TOKEN }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Retrieve dependencies from cache
+        id: cacheNpm
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.npm
+            node_modules
+          key: npm-v${{ env.NODE_VERSION }}-${{ runner.os }}-${{ github.ref }}-${{ hashFiles('package.json') }}
+
+      - name: Install Node.js and npm
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          registry-url: https://registry.npmjs.org
+
+      - name: Install dependencies
+        if: steps.cacheNpm.outputs.cache-hit != 'true'
+        run: |
+          npm ci
+
+      - name: Publish new version
+        # Note: Setting NODE_AUTH_TOKEN as job|workspace wide env var won't work
+        #       as it appears actions/setup-node sets own value
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish
+
+      - name: Create and publish a release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${GITHUB_REF##*/}
+          prerelease: false
+          generate_release_notes: true
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
new file mode 100644
index 00000000..f1fc01aa
--- /dev/null
+++ b/.github/workflows/validate.yml
@@ -0,0 +1,45 @@
+name: Validate
+
+on:
+  pull_request:
+    branches: [master]
+
+jobs:
+  validate:
+    strategy:
+      matrix:
+        version: [12, 14, 16, 18]
+        os: [ubuntu-latest, windows-latest]
+
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Retrieve dependencies from cache
+        id: cacheNpm
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.npm
+            node_modules
+          key: npm-v${{ matrix.version }}-${{ matrix.os }}-${{ github.ref }}-${{ hashFiles('package.json') }}
+          restore-keys: |
+            npm-v${{ matrix.version }}-${{ matrix.os }}-${{ github.ref }}-
+            npm-v${{ matrix.version }}-${{ matrix.os }}-refs/heads/master-
+
+      - name: Install Node.js and npm
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.version }}
+
+      - name: Install dependencies
+        if: steps.cacheNpm.outputs.cache-hit != 'true'
+        run: |
+          npm ci
+
+      - name: Validate lint rules
+        run: npm run lint
+
+      - name: Run tests
+        run: npm run test:ci
diff --git a/package.json b/package.json
index 94c83ca4..06a2f036 100644
--- a/package.json
+++ b/package.json
@@ -12,8 +12,8 @@
     "lint:fix": "eslint src/**/*.ts --fix",
     "pretest": "npm run lint",
     "test": "jest",
-    "test:ci": "npm run test -- --ci",
-    "test:coverage": "npm run test -- --coverage",
+    "test:ci": "npm run test:coverage -- --ci",
+    "test:coverage": "npm run test -- --config ./jest.config.js",
     "clean:int": "rm -rf integrationTests/configurations/**/.serverless integrationTests/configurations/**/node_modules integrationTests/configurations/**/local.settings.json",
     "pretest:int": "npm run clean:int",
     "test:int": "clvr",