diff --git a/ci/main.go b/ci/main.go
new file mode 100644
index 0000000..8829f10
--- /dev/null
+++ b/ci/main.go
@@ -0,0 +1,107 @@
+package main
+
+import (
+	"context"
+	"encoding/xml"
+	"fmt"
+	"os"
+	"path"
+	"time"
+
+	"dagger.io/dagger"
+)
+
+type info struct {
+	Version string `xml:"version"`
+}
+
+func main() {
+	ctx := context.Background()
+
+	// initialize Dagger client
+	client, err := dagger.Connect(ctx, dagger.WithLogOutput(os.Stderr))
+	if err != nil {
+		panic(err)
+	}
+	defer client.Close()
+
+	keySecret := loadSecret(client, "scimserviceprovider.key")
+	certSecret := loadSecret(client, "scimserviceprovider.crt")
+	s3Secret := client.SetSecret("s3", fmt.Sprintf("https://%s:%s@hot-objects.liiib.re", os.Getenv("S3_ACCESSKEY"), os.Getenv("S3_SECRETKEY")))
+	ncSecret := client.SetSecret("nc", os.Getenv("NC_STORE_TOKEN"))
+
+	i := loadInfo()
+
+	archiveName := fmt.Sprintf("scimserviceprovider-v%s.tar.gz", i.Version)
+
+	fmt.Println("cc", i.Version)
+
+	// execute
+	vendor := client.Container().From("docker.io/composer:2.6").
+		WithFile("composer.json", client.Host().File("composer.json")).
+		WithFile("composer.lock", client.Host().File("composer.lock")).
+		WithExec([]string{"i", "--no-dev", "--ignore-platform-reqs"}).
+		Directory("vendor")
+
+	output := client.Container().From("docker.io/nextcloud:26").
+		WithWorkdir("/scimserviceprovider").
+		WithDirectory("vendor", vendor).
+		WithDirectory(".", client.Host().Directory(".", dagger.HostDirectoryOpts{
+			Include: []string{"appinfo", "lib", "LICENSE"},
+		})).
+		WithMountedSecret("/scimserviceprovider.crt", certSecret).
+		WithMountedSecret("/scimserviceprovider.key", keySecret).
+		WithExec([]string{"php", "/usr/src/nextcloud/occ", "integrity:sign-app", "--path=/scimserviceprovider", "--privateKey=/scimserviceprovider.key", "--certificate=/scimserviceprovider.crt"}).
+		WithExec([]string{"mkdir", "/output"}).
+		WithExec([]string{"tar", "czf", path.Join("/output", archiveName), "/scimserviceprovider"}).
+		WithExec([]string{"bash", "-c", "openssl dgst -sha512 -sign /scimserviceprovider.key " + path.Join("/output", archiveName) + " | openssl base64 > " + path.Join("/output", archiveName+".sign")}).
+		Directory("/output")
+
+	_, err = client.Container().From("docker.io/minio/mc").
+		WithSecretVariable("MC_HOST_repo", s3Secret).
+		WithDirectory("/output", output).
+		WithExec([]string{"cp", "-r", "/output/", "repo/artifacts/"}).
+		Sync(ctx)
+	if err != nil {
+		panic(err)
+	}
+
+	_, err = client.Container().From("docker.io/alpine").
+		WithExec([]string{"apk", "add", "--no-cache", "curl"}).
+		WithWorkdir("/output").
+		WithDirectory("/output", output).
+		WithEnvVariable("ARCHIVE_NAME", archiveName).
+		WithSecretVariable("TOKEN", ncSecret).
+		WithEnvVariable("CACHEBUSTER", time.Now().String()).
+		WithExec([]string{"sh", "-c",
+			`printf '{"download":"https://hot-objects.liiib.re/artifacts/%s", "signature": "%s"}' "$ARCHIVE_NAME" "$(cat ${ARCHIVE_NAME}.sign)" | curl --fail-with-body -s -X POST https://apps.nextcloud.com/api/v1/apps/releases -H "Authorization: Token ${TOKEN}" -H "Content-Type: application/json" -d @-`}).
+		Sync(ctx)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func loadSecret(client *dagger.Client, name string) *dagger.Secret {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		panic(err)
+	}
+	data, err := os.ReadFile(path.Join(home, ".nextcloud/certificates/", name))
+	if err != nil {
+		panic(err)
+	}
+	return client.SetSecret(name, string(data))
+}
+
+func loadInfo() info {
+	data, err := os.ReadFile("appinfo/info.xml")
+	if err != nil {
+		panic(err)
+	}
+	i := info{}
+	err = xml.Unmarshal(data, &i)
+	if err != nil {
+		panic(err)
+	}
+	return i
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..ca199fe
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,16 @@
+module nextcloud-scim
+
+go 1.21
+
+require dagger.io/dagger v0.9.3
+
+require (
+	github.com/99designs/gqlgen v0.17.31 // indirect
+	github.com/Khan/genqlient v0.6.0 // indirect
+	github.com/adrg/xdg v0.4.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/vektah/gqlparser/v2 v2.5.6 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..791f56c
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,46 @@
+dagger.io/dagger v0.9.3 h1:igFU1d6R933Jn6741k5HI/TjAlkpb2/wiBTypNbE0Pw=
+dagger.io/dagger v0.9.3/go.mod h1:1iiFzqKOri9kJxUDYUibthMpkfzaWP25B2kx7F/AXIk=
+github.com/99designs/gqlgen v0.17.31 h1:VncSQ82VxieHkea8tz11p7h/zSbvHSxSDZfywqWt158=
+github.com/99designs/gqlgen v0.17.31/go.mod h1:i4rEatMrzzu6RXaHydq1nmEPZkb3bKQsnxNRHS4DQB4=
+github.com/Khan/genqlient v0.6.0 h1:Bwb1170ekuNIVIwTJEqvO8y7RxBxXu639VJOkKSrwAk=
+github.com/Khan/genqlient v0.6.0/go.mod h1:rvChwWVTqXhiapdhLDV4bp9tz/Xvtewwkon4DpWWCRM=
+github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
+github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E=
+github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
+github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
+github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
+github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
+github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/vektah/gqlparser/v2 v2.5.6 h1:Ou14T0N1s191eRMZ1gARVqohcbe1e8FrcONScsq8cRU=
+github.com/vektah/gqlparser/v2 v2.5.6/go.mod h1:z8xXUff237NntSuH8mLFijZ+1tjV1swDbpDqjJmk6ME=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=