diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5601b21..ab10664 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -36,8 +36,6 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
-      with:
-        ref: "refs/pull/${{ github.event.number }}/merge"
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dc6e65b..c83a52a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,7 +14,6 @@ jobs:
       uses: actions/checkout@v3
       with:
         fetch-depth: 0
-        ref: "refs/pull/${{ github.event.number }}/merge"
 
     - name: Install semantic-release
       run: yarn global add --no-progress --non-interactive "semantic-release" "@semantic-release/exec"
@@ -33,7 +32,6 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-          ref: "refs/pull/${{ github.event.number }}/merge"
 
       - name: Set up Go
         uses: actions/setup-go@v2.1.4
diff --git a/.github/workflows/test.yml b/.github/workflows/test_pr.yml
similarity index 96%
rename from .github/workflows/test.yml
rename to .github/workflows/test_pr.yml
index 6540619..1e10b51 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test_pr.yml
@@ -1,11 +1,7 @@
-name: Test
+name: Test PR
 on:
   pull_request_target:
   workflow_dispatch:
-  push:
-    branches:
-      - master
-      - 'releases/*'
 
 jobs:
 
diff --git a/.github/workflows/test_push.yml b/.github/workflows/test_push.yml
new file mode 100644
index 0000000..a9406da
--- /dev/null
+++ b/.github/workflows/test_push.yml
@@ -0,0 +1,89 @@
+name: Test Push
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - 'releases/*'
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v2.1.4
+      with:
+        go-version: 1.17
+      id: go
+
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v3.1.0
+      with:
+        version: v1.44
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Setup Go
+      uses: actions/setup-go@v2.1.4
+      with:
+        go-version: 1.17
+      id: go
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Test
+      run: go test -coverprofile cover.out ./...
+
+    - name: SonarCloud Scan
+      uses: sonarsource/sonarcloud-github-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  image-scan:
+    name: Image Scan
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Setup Go
+      uses: actions/setup-go@v2.1.4
+      with:
+        go-version: 1.17
+      id: go
+
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v2.9.1
+      with:
+        version: latest
+        args: release --rm-dist --snapshot
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Scan image
+      uses: anchore/scan-action@v3.2.0
+      id: scan
+      with:
+        image: "hipages/php-fpm_exporter:latest"
+        acs-report-enable: true
+        fail-build: false
+
+    - name: Upload Anchore scan SARIF report
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: ${{ steps.scan.outputs.sarif }}