diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 4fad253..8bb5bee 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -5,5 +5,5 @@
 # https://github.com/orgs/community/discussions/23064
 .github/workflows/*
 gradle/**
-**/build.gradke.kts
+**/build.gradle.kts
 **/settings.gradle.kts
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9af0acf..2598a1b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,11 +1,42 @@
 version: 2
 updates:
-  - package-ecosystem: "gradle"
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
+    groups:
+      # merged and released instantly
+      sec-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+      # merged automatically
+      dev-dependencies:
+        patterns:
+          - "*"
 
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: "gradle"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
+    groups:
+      # merged and released instantly
+      sec-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+      # merged automatically
+      dev-dependencies:
+        patterns:
+          - "io.kotest*"
+          - "*-test"
+          - "*assert"
+      # merged and released automatically
+      prod-dependencies:
+        update-types:
+          - "patch"
+          - "minor"
+      # requires human approval and has higher chance to fail build
+      prod-dependencies-major:
+        update-types:
+          - "major"
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index beaca83..9038ec5 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,4 +15,3 @@ jobs:
     with:
       java-version: 21
       build-command: ./gradlew build coverage
-      snapshot-command: ./gradlew publishToSonatype -Pversion=$NEXT_VERSION
diff --git a/.github/workflows/release-auto.yml b/.github/workflows/release-auto.yml
index 274998a..4587efb 100644
--- a/.github/workflows/release-auto.yml
+++ b/.github/workflows/release-auto.yml
@@ -2,6 +2,23 @@ name: Release Auto
 
 on:
   workflow_dispatch:
+    inputs:
+      security-updates-only:
+        description: "Security updates only"
+        type: boolean
+        required: false
+        default: false
+      consider-snapshot:
+        description: "Consider snapshot"
+        type: boolean
+        required: false
+        default: false
+  workflow_run:
+    workflows: [ "Build" ]
+    types: [ completed ]
+    branches:
+      - main
+      - v*x.x
   schedule:
     # at 5:30 UTC every other month
     - cron: "30 5 1 */2 *"
@@ -10,9 +27,23 @@ jobs:
   check:
     uses: coditory/workflows/.github/workflows/release-auto-check.yml@v1
     secrets: inherit
+    with:
+      security-updates-only: ${{ inputs.security-updates-only || github.event_name == 'workflow_run' }}
+      debug: true
 
-  auto-release:
+  release:
     uses: ./.github/workflows/release.yml
     secrets: inherit
+    needs: check
     if: needs.check.outputs.release == 'true'
+
+  snapshot:
+    uses: ./.github/workflows/release.yml
     needs: check
+    secrets: inherit
+    if: |
+      (inputs.consider-snapshot || github.event_name == 'workflow_run')
+      && needs.check.outputs.release != 'true'
+      && needs.check.outputs.skip-code != 'no-changes'
+    with:
+      snapshot: true