diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 86e5cfa..cadce1a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,7 +5,7 @@ stages:
   - upload
 
 .cljs-job: &cljs
-  image: domaindrivenarchitecture/shadow-cljs
+  image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.11.3"
   cache:
     key: ${CI_COMMIT_REF_SLUG}
     paths:
@@ -13,38 +13,38 @@ stages:
       - .shadow-cljs/
       - .m2
   before_script:
-    - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
-    - npm install
+  - export RELEASE_ARTIFACT_TOKEN=$MEISSA_REPO_BUERO_RW
+  - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
+  - npm install
 
 .clj-uploadjob: &clj
-  image: domaindrivenarchitecture/lein
+  image: "domaindrivenarchitecture/ddadevops-clj:4.11.3"
   cache:
     key: ${CI_COMMIT_REF_SLUG}
     paths:
       - .m2
   before_script:
-    - mkdir -p /root/.lein
-    - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
-
-test-cljs:
-  <<: *cljs
-  stage: build_and_test
-  script:
-    - shadow-cljs compile test
-    - node target/node-tests.js
+  - export RELEASE_ARTIFACT_TOKEN=$MEISSA_REPO_BUERO_RW
+  - mkdir -p /root/.lein
+  - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
 
 test-clj:
   <<: *clj
   stage: build_and_test
   script:
-    - lein test
+    - pyb test_clj
+
+test-cljs:
+  <<: *cljs
+  stage: build_and_test
+  script:
+    - pyb test_cljs
 
 test-schema:
   <<: *clj
   stage: build_and_test
   script:
-    - lein uberjar
-    - java -jar target/uberjar/c4k-keycloak-standalone.jar src/test/resources/keycloak-test/valid-config.yaml src/test/resources/keycloak-test/valid-auth.yaml | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
+    - pyb test_schema
   artifacts:
     paths:
       - target/uberjar
@@ -53,8 +53,7 @@ report-frontend:
   <<: *cljs
   stage: package
   script:
-    - mkdir -p target/frontend-build
-    - shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html
+    - pyb report_frontend
   artifacts:
     paths:
       - target/frontend-build/build-report.html
@@ -63,11 +62,7 @@ package-frontend:
   <<: *cljs
   stage: package
   script:
-    - mkdir -p target/frontend-build
-    - shadow-cljs release frontend
-    - cp public/js/main.js target/frontend-build/c4k-keycloak.js
-    - sha256sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha256
-    - sha512sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha512
+    - pyb package_frontend
   artifacts:
     paths:
       - target/frontend-build
@@ -76,47 +71,30 @@ package-uberjar:
   <<: *clj
   stage: package
   script:
-    - sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha256
-    - sha512sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha512
+    - pyb package_uberjar
   artifacts:
     paths:
       - target/uberjar
 
-sast:
-  variables:
-    SAST_EXCLUDED_ANALYZERS:
-      bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
-      pmd-apex, security-code-scan, sobelow, spotbugs
-  stage: security
-  before_script:
-    - mkdir -p builds && cp -r target/ builds/
-include:
-  - template: Security/SAST.gitlab-ci.yml
-
-upload-clj-release:
+package-native:
   <<: *clj
-  stage: upload
-  rules:
-    - if: '$CI_COMMIT_TAG != null'
+  stage: package
   script:
-    - lein deploy
-
-release:
-  image: registry.gitlab.com/gitlab-org/release-cli:latest
-  stage: upload
-  rules:
-    - if: '$CI_COMMIT_TAG != null'
+    - pyb package_native
   artifacts:
     paths:
-      - target/uberjar
-      - target/frontend-build
+      - target/graalvm
+
+release-to-clojars:
+  <<: *clj
+  <<: *tag_only
+  stage: upload
   script:
-    - apk --no-cache add curl
-    - |
-      release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
-        --assets-link "{\"name\":\"c4k-keycloak-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar\"}" \
-        --assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha256\"}" \
-        --assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha512\"}" \
-        --assets-link "{\"name\":\"c4k-keycloak.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js\"}" \
-        --assets-link "{\"name\":\"c4k-keycloak.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha256\"}" \
-        --assets-link "{\"name\":\"c4k-keycloak.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha512\"}" \
+    - pyb upload_clj
+
+release-to-forgejo:
+  <<: *clj
+  <<: *tag_only
+  stage: upload
+  script:
+    - pyb publish_artifacts
\ No newline at end of file