diff --git a/.github/workflows/build-and-upload.yml b/.github/workflows/build-and-upload.yml
new file mode 100644
index 0000000..8209e23
--- /dev/null
+++ b/.github/workflows/build-and-upload.yml
@@ -0,0 +1,33 @@
+name: Build and Upload Artifacts
+
+on:
+  workflow_call:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+      - name: Setup OPA
+        uses: open-policy-agent/setup-opa@v2
+        with:
+          version: latest
+      - name: Run OPA Build
+        run: |
+          mkdir -p dist/
+          opa build -b policies -o dist/bundle.tar.gz
+      - name: Bundle
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dist/bundle.tar.gz
+      - name: Install gooci cli
+        run: go install github.com/compliance-framework/gooci@latest
+      - name: Authenticate gooci cli
+        run: gooci login ghcr.io --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
+      - name: gooci Upload Version
+        run: gooci upload-single dist/bundle.tar.gz ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{github.ref_name}}
+      - name: gooci Upload Latest
+        if: "!github.event.release.prerelease"
+        run: gooci upload-single dist/bundle.tar.gz ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:latest
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
deleted file mode 100644
index cee3e67..0000000
--- a/.github/workflows/main.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-name: Test and Check
-
-run-name: Running tests and checks for policies
-
-on: [push]
-
-jobs:
-  Test-And-Check:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write
-
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v4
-
-      - name: Setup OPA
-        uses: open-policy-agent/setup-opa@v2
-        with:
-          version: latest
-
-      - name: Run OPA Tests
-        run: opa test policies
-
-      - name: Run OPA Check
-        run: opa check policies
-
-      - name: Run OPA Build
-        run: |
-          mkdir -p dist/
-          opa build -b policies -o dist/bundle.tar.gz
-
-      - name: Bundle
-        uses: softprops/action-gh-release@v2
-        if: startsWith(github.ref, 'refs/tags/')
-        with:
-          files: dist/bundle.tar.gz
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
new file mode 100644
index 0000000..e6447a2
--- /dev/null
+++ b/.github/workflows/push.yml
@@ -0,0 +1,13 @@
+name: Push
+
+on:
+  pull_request:
+  push:
+    branches:
+      - '*'
+
+jobs:
+  test:
+    permissions:
+      contents: read
+    uses: ./.github/workflows/test.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..2a50955
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,13 @@
+name: New Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  release:
+    permissions:
+      packages: write
+      contents: write
+    uses: ./.github/workflows/build-and-upload.yml
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..759a449
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,23 @@
+name: OPA Test
+
+on:
+  workflow_call:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - name: Setup OPA
+        uses: open-policy-agent/setup-opa@v2
+        with:
+          version: latest
+
+      - name: Run OPA Tests
+        run: opa test policies
+
+      - name: Run OPA Check
+        run: opa check policies