diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..d49e073
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directories:
+      - /
+      - /.github/workflows
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..5fae1eb
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,23 @@
+---
+name: CI
+on:
+  pull_request:
+  push:
+    branches: [main, 'release-*']
+    tags: ['v*']
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test actions
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Validate Workflows and Custom Actions
+        uses: superq/action-validator@97a4e9c86388ddcc54614fb3e849a2fd4f7e124d # https://github.com/mpalmer/action-validator/pull/117
+        with:
+          patterns: |-
+            .github/workflows/*.yml
+            action.yml
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..d325872
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+# Prometheus Community Code of Conduct
+
+Prometheus follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
diff --git a/README.md b/README.md
index 6e410ea..2c2ba40 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,18 @@
 # promci-setup
-Prometheus CI Setup
+
+GitHub Action to setup the build environment.
+
+## Usage
+
+```yaml
+jobs:
+  test:
+    name: Go tests
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/prometheus/golang-builder:1.26-base
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: prometheus/promci-setup@<sha> # v0.1.0
+      - run: make test
+```
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..fed02d8
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,6 @@
+# Reporting a security issue
+
+The Prometheus security policy, including how to report vulnerabilities, can be
+found here:
+
+<https://prometheus.io/docs/operating/security/>
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..0e5a13c
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,99 @@
+---
+name: Setup environment
+description: Setup Prometheus build environment.
+inputs:
+  enable_go:
+    description: Whether to enable go specific features, such as caching.
+    default: "true"
+  enable_npm:
+    description: Whether to enable npm specific features, such as caching.
+    default: "false"
+  enable_docker_multibuild:
+    description: Whether to enable multibuild docker
+    default: "false"
+  memlimit_ratio:
+    description: The ratio of memory reserved for Go
+    default: "0.8"
+  clean-runner-disk:
+    description: Whether to enable try to free up disk space on the runner.
+    default: "false"
+runs:
+  using: composite
+  steps:
+    - name: Aggressive cleanup
+      shell: bash
+      if: ${{ inputs.clean-runner-disk == 'true' }}
+      run: |
+        df -h
+        # Remove Java (JDKs)
+        sudo rm -rf /usr/lib/jvm
+
+        # Remove .NET SDKs
+        sudo rm -rf /usr/share/dotnet
+
+        # Remove Swift toolchain
+        sudo rm -rf /usr/share/swift
+
+        # Remove Haskell (GHC)
+        sudo rm -rf /usr/local/.ghcup
+
+        # Remove Julia
+        sudo rm -rf /usr/local/julia*
+
+        # Remove Android SDKs
+        sudo rm -rf /usr/local/lib/android
+
+        # Remove Chromium (optional if not using for browser tests)
+        sudo rm -rf /usr/local/share/chromium
+
+        # Remove Microsoft/Edge and Google Chrome builds
+        sudo rm -rf /opt/microsoft /opt/google
+
+        # Remove Azure CLI
+        sudo rm -rf /opt/az
+
+        # Remove PowerShell
+        sudo rm -rf /usr/local/share/powershell
+
+        df -h
+    - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      if: ${{ inputs.enable_go == 'true' }}
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+    - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+      if: ${{ inputs.enable_npm == 'true' }}
+      with:
+        path: |
+          ~/.npm
+        key: ${{ runner.os }}-npm-${{ hashFiles('web/ui/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-npm-
+    - name: Set GOMEMLIMIT
+      shell: bash
+      run: |
+        ratio=${{ inputs.memlimit_ratio }}
+        cgroup=$(awk -F':' '{print $3}' /proc/self/cgroup)
+        cgroup_mem_limit=$(< "/sys/fs/cgroup/${cgroup}/memory.max")
+        if [[ "${cgroup_mem_limit}" != "max" ]] ; then
+          echo "${cgroup_mem_limit}" | awk -v "ratio=${ratio}" '{printf "GOMEMLIMIT=%.0fKiB\n", $1 / 1024 * ratio}' >> "$GITHUB_ENV"
+          exit 0
+        fi
+        awk -v "ratio=${ratio}" '$1 == "MemTotal:" {printf "GOMEMLIMIT=%.0fKiB\n", $2 * ratio}' /proc/meminfo >> "$GITHUB_ENV"
+      if: ${{ inputs.enable_go == 'true' }}
+    - run: echo "GOMEMLIMIT=${GOMEMLIMIT}"
+      shell: bash
+      if: ${{ inputs.enable_go == 'true' }}
+    - run: make promu
+      shell: bash
+      if: ${{ inputs.enable_go == 'true' }}
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
+      if: ${{ inputs.enable_docker_multibuild == 'true' }}
+    - name: Set up buildx
+      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+      if: ${{ inputs.enable_docker_multibuild == 'true' }}