diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e6ba80eef..848674637 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -36,7 +36,7 @@ updates:
 
   - package-ecosystem: npm
     cooldown:
-      default-days: 1
+      default-days: 7
     directory: /
     schedule:
       interval: daily
diff --git a/.github/workflows/cloudflare-web-preview.yml b/.github/workflows/cloudflare-web-preview.yml
index 892fd8eab..5ddfe5a0e 100644
--- a/.github/workflows/cloudflare-web-preview.yml
+++ b/.github/workflows/cloudflare-web-preview.yml
@@ -66,7 +66,7 @@ jobs:
           if [ "${{ github.event_name }}" = "pull_request" ]; then
             echo "alias=pr-${{ github.event.pull_request.number }}" >> "$GITHUB_OUTPUT"
           else
-            branch="${{ github.ref_name }}"
+            branch="${GITHUB_REF_NAME}"
             alias="$(echo "$branch" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g' | sed 's/-\+/-/g' | sed 's/^-\|-$//g')"
             echo "alias=${alias}" >> "$GITHUB_OUTPUT"
           fi
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index f977ee2f6..b5f9bff29 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [dev]
     tags:
-      - 'sable/v*'
+      - 'v*'
   pull_request:
     paths:
       - 'Dockerfile'
diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
index 811c83a98..6928af6ea 100644
--- a/.github/workflows/quality-checks.yml
+++ b/.github/workflows/quality-checks.yml
@@ -4,11 +4,13 @@ on:
   pull_request:
   push:
     branches: [dev]
+  merge_group:
 
 jobs:
   format:
     name: Format check
     runs-on: ubuntu-latest
+    if: github.head_ref != 'release'
     permissions:
       contents: read
     steps:
@@ -26,6 +28,7 @@ jobs:
   lint:
     name: Lint
     runs-on: ubuntu-latest
+    if: github.head_ref != 'release'
     permissions:
       contents: read
     steps:
@@ -43,6 +46,7 @@ jobs:
   typecheck:
     name: Typecheck
     runs-on: ubuntu-latest
+    if: github.head_ref != 'release'
     permissions:
       contents: read
     steps:
@@ -60,6 +64,7 @@ jobs:
   knip:
     name: Knip
     runs-on: ubuntu-latest
+    if: github.head_ref != 'release'
     permissions:
       contents: read
     steps:
@@ -73,3 +78,20 @@ jobs:
 
       - name: Run Knip
         run: pnpm run knip
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    if: github.head_ref != 'release'
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup app and build
+        uses: ./.github/actions/setup
+        with:
+          build: 'true'
diff --git a/.github/workflows/require-changeset.yml b/.github/workflows/require-changeset.yml
index d01286639..17dfda277 100644
--- a/.github/workflows/require-changeset.yml
+++ b/.github/workflows/require-changeset.yml
@@ -3,6 +3,7 @@ name: Require Changeset
 on:
   pull_request:
     types: [opened, synchronize, reopened, labeled, unlabeled]
+  merge_group:
     branches: [dev]
 
 permissions: {}
@@ -10,6 +11,7 @@ permissions: {}
 jobs:
   require-changeset:
     runs-on: ubuntu-latest
+    if: github.head_ref != 'release' && github.event_name != 'merge_group'
     permissions:
       contents: read
       pull-requests: write