diff --git a/.github/workflows/nix-github-actions.yml b/.github/workflows/nix-github-actions.yml
new file mode 100644
index 0000000..e992ffe
--- /dev/null
+++ b/.github/workflows/nix-github-actions.yml
@@ -0,0 +1,60 @@
+name: Nix actions
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - staging
+      - release-*
+
+jobs:
+  nix-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v23
+      - id: set-matrix
+        name: Generate Nix Matrix
+        run: |
+          set -Eeu
+          echo "matrix=$(nix eval --json '.#githubActions.matrix')" >> "$GITHUB_OUTPUT"
+
+  nix-build:
+    needs: nix-matrix
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v23
+      - run: nix build -L ".#${{ matrix.attr }}"
+  tests:
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+          # Nix Flakes doesn't work on shallow clones
+          fetch-depth: 0
+    - uses: cachix/install-nix-action@v23
+      with:
+        github_access_token: ${{ secrets.GITHUB_TOKEN }}
+        extra_nix_config: |
+          accept-flake-config = true
+    - name: Build
+      run: nix develop -c bash -c 'meson build && cd build && ninja'
+    - name: Run tests
+      run: nix develop -c pytest ./tests
+
+  collect:
+    runs-on: ubuntu-latest
+    needs:
+      - nix-build
+      - tests
+    steps:
+      - run: true
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
deleted file mode 100644
index b26284c..0000000
--- a/.github/workflows/tests.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: "Tests"
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - staging
-      - release-*
-jobs:
-  tests:
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, macos-latest ]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-          # Nix Flakes doesn't work on shallow clones
-          fetch-depth: 0
-    - uses: cachix/install-nix-action@v23
-      with:
-        github_access_token: ${{ secrets.GITHUB_TOKEN }}
-        extra_nix_config: |
-          accept-flake-config = true
-    - name: Build
-      run: nix develop -c bash -c 'meson build && cd build && ninja'
-    - name: Run tests
-      run: nix develop -c pytest ./tests
diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml
deleted file mode 100644
index c7c53fa..0000000
--- a/.github/workflows/update-flake-lock.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: update-flake-lock
-on:
-  workflow_dispatch: # allows manual triggering
-  schedule:
-    - cron: '0 0 * * 1,4' # Run twice a week
-
-jobs:
-  lockfile:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Install Nix
-        uses: cachix/install-nix-action@v23
-        with:
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@v20
-        with:
-          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
-          pr-labels: |                  # Labels to be set on the PR
-            merge-queue
diff --git a/.mergify.yml b/.mergify.yml
index f4ade59..de89216 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -1,18 +1,15 @@
 queue_rules:
   - name: default
     merge_conditions:
-      - check-success=Evaluate flake.nix
-      - check-success=check treefmt [x86_64-linux]
-      - check-success=devShell default [x86_64-linux]
-      - check-success=package default [x86_64-linux]
-      - check-success=package nix-eval-jobs [x86_64-linux]
-      - check-success=tests (macos-latest)
-      - check-success=tests (ubuntu-latest)
+      - author=renovate[bot]
+      - check-success=collect
+
 defaults:
   actions:
     queue:
       allow_merging_configuration_change: true
       method: rebase
+
 pull_request_rules:
   - name: merge using the merge queue
     conditions:
diff --git a/flake.lock b/flake.lock
index 3983f18..c071e03 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,6 +20,26 @@
         "type": "github"
       }
     },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1698974481,
+        "narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1698977350,
@@ -39,6 +59,7 @@
     "root": {
       "inputs": {
         "flake-parts": "flake-parts",
+        "nix-github-actions": "nix-github-actions",
         "nixpkgs": "nixpkgs",
         "treefmt-nix": "treefmt-nix"
       }
diff --git a/flake.nix b/flake.nix
index 1acfcaf..4b6a65b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,13 +6,8 @@
   inputs.flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
   inputs.treefmt-nix.url = "github:numtide/treefmt-nix";
   inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
-
-  nixConfig.extra-substituters = [
-    "https://cache.garnix.io"
-  ];
-  nixConfig.extra-trusted-public-keys = [
-    "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
-  ];
+  inputs.nix-github-actions.url = "github:nix-community/nix-github-actions";
+  inputs.nix-github-actions.inputs.nixpkgs.follows = "nixpkgs";
 
   outputs = inputs @ { flake-parts, ... }:
     let
@@ -24,6 +19,14 @@
       {
         systems = inputs.nixpkgs.lib.systems.flakeExposed;
         imports = [ inputs.treefmt-nix.flakeModule ];
+
+        flake.githubActions = inputs.nix-github-actions.lib.mkGithubMatrix {
+          checks = {
+            inherit (self.checks) x86_64-linux;
+            x86_64-darwin = builtins.removeAttrs self.checks.x86_64-darwin [ "treefmt" ];
+          };
+        };
+
         perSystem = { pkgs, self', ... }:
           let
             drvArgs = {
@@ -37,6 +40,10 @@
             packages.clangStdenv-nix-eval-jobs = pkgs.callPackage ./default.nix (drvArgs // { stdenv = pkgs.clangStdenv; });
             packages.default = self'.packages.nix-eval-jobs;
             devShells.default = pkgs.callPackage ./shell.nix drvArgs;
+
+            checks = builtins.removeAttrs self'.packages [ "default" ] // {
+              shell = self'.devShells.default;
+            };
           };
       };
 }
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..03086d7
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,15 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "lockFileMaintenance": {
+    "enabled": true,
+    "extends": [
+      "schedule:weekly"
+    ]
+  },
+  "nix": {
+    "enabled": true
+  }
+}