diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml
new file mode 100644
index 0000000..ea79d93
--- /dev/null
+++ b/.gitea/workflows/renovate.yml
@@ -0,0 +1,66 @@
+name: Renovate
+
+on:
+  schedule:
+    - cron: "0/30 * * * *"
+  workflow_dispatch:
+
+env:
+  RENOVATE_VERSION: "41.146.8"
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+
+      - name: Renovate Run
+        env:
+          DOCKER_HOST: tcp://dockerproxy:2375
+          RENOVATE_PLATFORM: gitea
+          RENOVATE_ENDPOINT: https://git.trez.wtf/api/v1
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_BOT_TOKEN }}
+          LOG_LEVEL: ${{ vars.RENOVATE_LOG_LEVEL }}
+          RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
+          RENOVATE_CONFIG_FILE: renovate.json
+          RENOVATE_REPOSITORIES: trez/ultima-ai
+          RENOVATE_HOST_RULES: |
+            [
+              {
+                "description": "Docker Hub authentication",
+                "hostType": "docker",
+                "matchHost": "docker.io",
+                "username": "${{ secrets.DOCKERHUB_USER }}",
+                "password": "${{ secrets.DOCKERHUB_PASSWORD }}"
+              },
+              {
+                "description": "GitHub Container Registry (GHCR)",
+                "hostType": "docker",
+                "matchHost": "ghcr.io",
+                "username": "${{ secrets.GHCR_USER }}",
+                "password": "${{ secrets.GHCR_LOGIN_TOKEN }}"
+              },
+              {
+                "description": "Self-hosted Gitea Docker Registry",
+                "hostType": "docker",
+                "matchHost": "git.trez.wtf",
+                "username": "${{ secrets.BOT_GITEA_USER }}",
+                "password": "${{ secrets.BOT_GITEA_PASSWORD }}"
+              }
+            ]
+        run: |
+          docker run --rm \
+            -e RENOVATE_PLATFORM \
+            -e RENOVATE_ENDPOINT \
+            -e RENOVATE_TOKEN \
+            -e LOG_LEVEL \
+            -e RENOVATE_GITHUB_COM_TOKEN \
+            -e RENOVATE_CONFIG_FILE \
+            -e RENOVATE_REPOSITORIES \
+            -e RENOVATE_HOST_RULES \
+            --volumes-from ${{ env.JOB_CONTAINER_NAME }} \
+            -w ${GITHUB_WORKSPACE} \
+            renovate/renovate:${{ env.RENOVATE_VERSION }}-full
+
diff --git a/Dockerfile b/Dockerfile
index d92f7cb..2a40ef5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM curlimages/curl:latest
+FROM curlimages/curl:8.16.0
 
 COPY entrypoint.sh /entrypoint.sh
 
diff --git a/entrypoint.sh b/entrypoint.sh
index 986d23f..cdb7d41 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env sh
 
-curl "$INPUT_GOTIFY_API_BASE/message" \
+curl -sS "$INPUT_GOTIFY_API_BASE/message" \
 	-H "X-Gotify-Key: $INPUT_GOTIFY_APP_TOKEN" \
 	-F "title=$INPUT_NOTIFICATION_TITLE" \
 	-F "message=$INPUT_NOTIFICATION_MESSAGE" \
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..f78cfc9
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>trez/renovate-config"],
+  "enabledManagers": [
+    "dockerfile"
+  ]
+}