diff --git a/.codecov.yml b/.codecov.yml
new file mode 100644
index 000000000..e692c0ef8
--- /dev/null
+++ b/.codecov.yml
@@ -0,0 +1,19 @@
+coverage:
+  status:
+    # allow test coverage to drop by 0.1%, assume that it's typically due to CI problems
+    patch:
+      default:
+        threshold: 0.1
+    project:
+      default:
+        threshold: 0.1
+
+  ignore:
+    - "api/v1alpha1/*"
+    - "build/*"
+    - "common/*"
+    - "hack/*"
+    - "openshift-ci/*"
+    - "vendor/.*"
+    - "version/*"
+    - "Makefile"
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
new file mode 100644
index 000000000..6217b0d1e
--- /dev/null
+++ b/.github/workflows/go.yml
@@ -0,0 +1,63 @@
+name: Go
+on:
+  push:
+    branches:
+      - "master"
+  pull_request:
+    branches:
+      - "master"
+env:
+  # Golang version to use across CI steps
+  GOLANG_VERSION: '1.20'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  event_file:
+    name: "Event File"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Upload
+        uses: actions/upload-artifact@v4
+        with:
+          name: Event File
+          path: ${{ github.event_path }}
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v5.0.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+
+      - name: Restore go build cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/go-build
+          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
+
+      - name: Download all Go modules
+        run: |
+          go mod download
+
+      - name: Generate code coverage artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: code-coverage
+          path: coverage.out
+
+      - name: Upload code coverage information to codecov.io
+        uses: codecov/codecov-action@v3.1.4
+        with:
+          file: coverage.out
diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml
new file mode 100644
index 000000000..ee786730b
--- /dev/null
+++ b/.github/workflows/gosec.yaml
@@ -0,0 +1,27 @@
+---
+name: Go Test on Pull Requests
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+    paths:
+      - '**.go'
+  workflow_dispatch:
+jobs:
+  gosec:
+    name: Check GO security
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: -exclude-generated ./...
+        env:
+          GOROOT: ""
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
new file mode 100644
index 000000000..ce4e1684c
--- /dev/null
+++ b/.github/workflows/pr.yml
@@ -0,0 +1,60 @@
+name: PR checks
+
+on:
+  pull_request:
+    branches:
+      - master
+
+env:
+  GO111MODULE: on
+  SDK_VERSION: "1.17.0"
+  MINIKUBE_WANTUPDATENOTIFICATION: false
+  MINIKUBE_WANTREPORTERRORPROMPT: false
+  K8S_VERSION: "1.21.3"
+  MINIKUBE_VERSION: "1.26.0"
+  OLM_VERSION: "0.22.0"
+  TEST_ACCEPTANCE_CLI: "kubectl"
+  TEST_RESULTS: "out/acceptance-tests"
+
+jobs:
+  lint:
+    name: Code Quality
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "^1.18"
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          architecture: "x64"
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+  unit:
+    name: Unit Tests with Code coverage
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "^1.18"
+
+      - name: Checkout Git Repository
+        uses: actions/checkout@v4
+
+      - name: Unit Tests with Code Coverage
+        run: ./scripts/openshiftci-presubmit-unittests.sh
+
+      - name: Upload Code Coverage Report
+        uses: codecov/codecov-action@v3
+        with:
+          file: coverage.out
+          verbose: true
+          fail_ci_if_error: true
diff --git a/Makefile b/Makefile
index 3e2efd82b..602a8166b 100644
--- a/Makefile
+++ b/Makefile
@@ -110,7 +110,12 @@ test-gitopsservice-nondefault:
 	go test -p 1 -timeout 30m ./test/nondefaulte2e -ginkgo.focus="GitOpsServiceNoDefaultInstall" -coverprofile cover.out -ginkgo.v
 
 test: manifests generate fmt vet ## Run unit tests.
-	go test `go list ./... | grep -v test` -coverprofile cover.out
+	go test `go list ./... | grep -v test` -coverprofile coverage.out
+
+.PHONY: coverage
+coverage: test ## run coverage tests
+	go tool cover -html=coverage.out -o coverage.html
+	open coverage.html
 
 .PHONY: e2e-tests-sequential
 e2e-tests-sequential: ## Runs kuttl e2e sequentail tests