diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..92b560b
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: cargo
+  directory: "/"
+  schedule:
+    interval: weekly
+    time: "13:00"
+  open-pull-requests-limit: 99
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..ed95774
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,57 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - py-*
+
+jobs:
+  Unix:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        python: [3.7, 3.8, 3.9]
+
+    runs-on: ${{ matrix.os }}
+    environment: "Publish wheels"
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python }}
+          architecture: x64
+      - name: Publish
+        uses: messense/maturin-action@v1
+        with:
+          command: publish
+          args: -m instant-distance-py/Cargo.toml
+                --no-sdist
+                --username __token__
+                --password ${{ secrets.PYPI_TOKEN }}
+                --interpreter python${{ matrix.python }}
+
+  Windows:
+    runs-on: windows-latest
+    environment: "Publish wheels"
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - name: Publish all versions
+        uses: messense/maturin-action@v1
+        with:
+          command: publish
+          args: -m instant-distance-py/Cargo.toml
+                --no-sdist
+                --username __token__
+                --password ${{ secrets.PYPI_TOKEN }}
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
new file mode 100644
index 0000000..18578c4
--- /dev/null
+++ b/.github/workflows/rust.yml
@@ -0,0 +1,64 @@
+name: CI
+
+on:
+  push:
+    branches: ['main']
+  pull_request:
+  schedule:
+    - cron: "25 6 * * 5"
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        rust: [stable, beta, 1.51.0]
+        exclude:
+          - os: macos-latest
+            rust: beta
+          - os: windows-latest
+            rust: beta
+          - os: macos-latest
+            rust: 1.51.0
+          - os: windows-latest
+            rust: 1.51.0
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          override: true
+      - uses: actions-rs/cargo@v1
+        with:
+          command: build
+          args: --all-features --all-targets
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+          components: rustfmt, clippy
+      - uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --all -- --check
+      - uses: actions-rs/cargo@v1
+        if: always()
+        with:
+          command: clippy
+          args: --workspace --all-targets --all-features -- -D warnings
+
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: EmbarkStudios/cargo-deny-action@v1
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 0000000..bbce45b
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,11 @@
+[licenses]
+allow-osi-fsf-free = "either"
+copyleft = "deny"
+
+[[licenses.clarify]]
+name = "ring"
+version = "*"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [
+    { path = "LICENSE", hash = 0xbd0eed23 }
+]