diff --git a/.github/workflows/sync.yaml b/.github/workflows/sync.yaml
new file mode 100644
index 000000000..8e5e2b3bc
--- /dev/null
+++ b/.github/workflows/sync.yaml
@@ -0,0 +1,38 @@
+name: sync-upstream
+
+on:
+  schedule:
+    - cron:  '0 * * * *'
+    # once every hour
+
+  workflow_dispatch:
+    inputs:
+      sync_test_mode:
+        description: 'Fork Sync Test Mode'
+        type: boolean
+        default: false
+
+jobs:
+  sync_latest_from_upstream:
+    runs-on: ubuntu-latest
+    name: Sync latest commits from upstream repo
+
+    steps:
+    - name: Checkout target repo
+      uses: actions/checkout@v3
+      with:
+        ref: main
+        persist-credentials: false
+    - name: Sync upstream changes
+      id: sync
+      uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.1
+      with:
+        target_sync_branch: main
+        target_repo_token: ${{ secrets.UPSTREAM_SYNC }}
+        upstream_sync_branch: main
+        upstream_sync_repo: trustification/trustify
+        test_mode: ${{ inputs.sync_test_mode }}
+      
+    - name: New commits found
+      if: steps.sync.outputs.has_new_commits == 'true'
+      run: echo "New commits were found to sync."
diff --git a/Containerfile b/Containerfile
new file mode 100644
index 000000000..d2af30d49
--- /dev/null
+++ b/Containerfile
@@ -0,0 +1,48 @@
+FROM registry.access.redhat.com/ubi9/ubi:latest
+
+ARG RUST_VERSION="1.80.1"
+
+RUN dnf install -y gcc openssl openssl-devel cmake gcc-c++ git curl-minimal
+
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal --default-toolchain ${RUST_VERSION}
+
+ENV PATH "$PATH:/root/.cargo/bin"
+
+RUN mkdir /usr/src/project
+
+COPY . /usr/src/project
+
+WORKDIR /usr/src/project
+
+RUN cargo build --release
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
+
+LABEL com.redhat.component ="Trustify"
+LABEL description ="Trustify"
+LABEL io.k8s.description ="Trustify"
+LABEL io.k8s.display-name ="Trustify"
+LABEL io.openshift.tags ="Trustify"
+LABEL name ="Trustify"
+LABEL org.opencontainers.image.source="https://github.com/trustification/rhtpa"
+LABEL konflux.additional-tags="tests"
+LABEL summary ="Trustify"
+
+RUN microdnf reinstall tzdata -y
+ENV TZ=UTC
+RUN mkdir trustify
+
+COPY --from=0 /usr/src/project/target/release/trustd trustify
+COPY --from=0 /usr/src/project/test.sh trustify
+
+RUN useradd -ms /bin/bash trustify
+
+RUN chown trustify -R trustify
+
+RUN mkdir /licenses
+
+COPY ./LICENSE /licenses/AL
+
+USER trustify
+
+WORKDIR trustify
diff --git a/pipelines/it-tests.yaml b/pipelines/it-tests.yaml
new file mode 100644
index 000000000..02f8c7f68
--- /dev/null
+++ b/pipelines/it-tests.yaml
@@ -0,0 +1,27 @@
+apiVersion: tekton.dev/v1
+kind: Pipeline
+metadata:
+  name: tests
+spec:
+  params:
+    - name: SNAPSHOT
+      type: string
+    - name: container-image
+      type: string
+      default: quay.io/redhat-user-workloads/trusted-content-tenant/rhtpa/rhtpa:tests
+  tasks:
+    - name: test
+      params:
+        - name: SNAPSHOT
+          value: "$(params.SNAPSHOT)"
+      taskSpec:
+        params:
+          - name: SNAPSHOT
+            type: string
+        steps:
+          - name: test-output
+            image: $(params.container-image)
+            script: |
+              #!/usr/bin/bash
+
+              ./test.sh
diff --git a/test.sh b/test.sh
new file mode 100755
index 000000000..b801658c1
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+./trustd &
+
+APP_PID=$!
+
+while ! curl -s localhost:8080 > /dev/null; do
+    echo "Waiting for trustify..."
+    sleep 5 # MSP pattern
+done
+
+echo "Available on localhost:8080"
+
+HTTP_STATUS=$(curl -o /dev/null -s -w "%{http_code}" localhost:8080)
+
+if [ "$HTTP_STATUS" -eq 200 ]; then
+    TEST_OUTPUT="SUCCESS"
+else
+    TEST_OUTPUT="FAILURE"
+fi
+
+echo "Result: $TEST_OUTPUT"
+
+kill $APP_PID