diff --git a/.sdkmanrc b/.sdkmanrc
index 272da7d..66b7844 100644
--- a/.sdkmanrc
+++ b/.sdkmanrc
@@ -1,3 +1,4 @@
 # Enable auto-env through the sdkman_auto_env config
 # Add key=value pairs of SDKs to use below
-java=17.0.8-tem
+java=21.0.2-tem
+gradle=8.5
diff --git a/.woodpecker/.backend.yml b/.woodpecker/.backend.yml
index 3b1b52b..7c7b5af 100644
--- a/.woodpecker/.backend.yml
+++ b/.woodpecker/.backend.yml
@@ -3,6 +3,7 @@ variables:
   - &java_image "gradle:8.5.0-jdk17"
 when:
   path: "app/**"
+  event: [push, tag]
 clone:
   git:
     image: woodpeckerci/plugin-git
@@ -16,27 +17,31 @@ steps:
     commands:
       - . ./version.sh
   "lint:style":
-    group: lint
     image: *java_image
     commands:
       - gradle --no-daemon spotlessCheck
+    depends_on: ["prepare:version"]
   "lint:dockerfile":
-    group: lint
     image: ghcr.io/hadolint/hadolint:latest-debian
     commands:
       - hadolint --version
+    depends_on: ["prepare:version"]
   "build:java":
-    group: build
+    depends_on:
+      - lint:style
+      - lint:dockerfile
     image: *java_image
     commands:
       - . ./version-lock.sh
       - ./gradlew -Pversion=$CD_CURRENT_VERSION build
   "analyze:sbom":
+    depends_on: ["build:java"]
     image: *java_image
     commands:
       - ./gradlew cyclonedxBom
 
   "deploy:backend":
+    depends_on: ["analyze:sbom"]
     image: alpine:latest
     commands:
       - echo "deploy backend"
diff --git a/.woodpecker/.documentation.yml b/.woodpecker/.documentation.yml
index bc95f1e..d64ba23 100644
--- a/.woodpecker/.documentation.yml
+++ b/.woodpecker/.documentation.yml
@@ -1,6 +1,7 @@
 ---
 when:
   path: "documentation/**"
+  event: [push, tag]
 variables:
   - &frontend_image "cl00e9ment/node.js-builder:git"
 clone:
diff --git a/.woodpecker/.frontend.yml b/.woodpecker/.frontend.yml
index b1ecf2a..167d368 100644
--- a/.woodpecker/.frontend.yml
+++ b/.woodpecker/.frontend.yml
@@ -1,6 +1,7 @@
 ---
 when:
   path: "frontend/**"
+  event: [push, tag]
 variables:
   - &frontend_image "cl00e9ment/node.js-builder:git"
 clone:
@@ -13,12 +14,11 @@ clone:
 steps:
   "prepare:version":
     image: bitnami/git:2.43.0
-    group: prepare
     commands:
       - . ./version.sh
   "prepare:frontend":
     image: *frontend_image
-    group: prepare
+    depends_on: ["prepare:version"]
     commands:
       - pnpm install
     directory: frontend
diff --git a/.woodpecker/.lint_general.yml b/.woodpecker/.lint_general.yml
index da16c57..bb43f91 100644
--- a/.woodpecker/.lint_general.yml
+++ b/.woodpecker/.lint_general.yml
@@ -1,4 +1,6 @@
 ---
+when:
+  event: [push, tag]
 clone:
   git:
     image: woodpeckerci/plugin-git
@@ -11,7 +13,6 @@ steps:
       - git log -1 --pretty=%B >> commitlint.txt
 
   "lint:commitlint":
-    group: lint
     image: node:lts-slim
     commands:
       - npm install --save-dev conventional-changelog-conventionalcommits @commitlint/config-conventional commitlint@latest
@@ -21,14 +22,12 @@ steps:
       - branch: [main, dev]
         event: push
   "lint:precommit":
-    group: lint
     image: python:3.11.6-bullseye
     commands:
       - pip install pre-commit
       - pre-commit install
       - pre-commit run --all-files
   "lint:credentials":
-    group: lint
     image: ghcr.io/gitleaks/gitleaks:latest
     commands:
       - export HOME=/home/gitleaks
diff --git a/app/README.md b/app/README.md
index e69de29..5c33b15 100644
--- a/app/README.md
+++ b/app/README.md
@@ -0,0 +1 @@
+trigger
diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 5136fdd..7b45796 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -4,7 +4,7 @@
 
 plugins {
   id("com.opitzconsulting.demo.ci.java-application-conventions")
-  id("org.springframework.boot") version "3.1.5"
+  id("org.springframework.boot") version "3.2.2"
   id("io.spring.dependency-management") version "1.1.4"
 }
 
diff --git a/infrastructure/.env b/infrastructure/.env
deleted file mode 100644
index 1665e05..0000000
--- a/infrastructure/.env
+++ /dev/null
@@ -1,49 +0,0 @@
-# base domain
-BASE_DOMAIN=rattermeyer.de
-
-# Traefik server host
-TRAEFIK_HOST=traefik.demo.${BASE_DOMAIN}
-TRAEFIK_LETSENCRYPT_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory
-TRAEFIK_LETSENCRYPT_EMAIL=richard.attermeyer@gmail.com
-TRAEIFK_LOCALIP_WHITELIST=127.0.0.1/32, 192.168.0.0/16, 172.16.0.0/12, ::1, 2a00:6020:b41a:b600::/56
-
-MAIL_HOST=mail.demo.${BASE_DOMAIN}
-
-# forgejo server address
-FORGEJO_HOST=git.demo.${BASE_DOMAIN}
-FORGEJO_URL=https://${FORGEJO_HOST}
-
-# Woodpecker server host
-WOODPECKER_HOST=ci.demo.${BASE_DOMAIN}
-# Woodpecker server address
-WOODPECKER_URL=https://${WOODPECKER_HOST}
-
-# Shared secret used by server and agents to authenticate communication (can be generated by 'openssl rand -hex 32')
-WOODPECKER_AGENT_SECRET=c45adc154097b7a13a446da394570b888ea2e7da3aa462a318150266c9355f5d
-# Comma-separated list of admin accounts
-#WOODPECKER_ADMIN=CHANGE_ME
-WOODPECKER_ADMIN=fjadmin
-
-WOODPECKER_FORGEJO_URL=${FORGEJO_URL}
-# giteleaks:allow
-WOODPECKER_FORGEJO_CLIENT=e0049f6b-dd9d-4854-8b48-10dc724f61c3
-# giteleaks:allow
-WOODPECKER_FORGEJO_SECRET=gto_7nu6b2cljkimzc5bhbj2u7t2d5hpmig6wqbgmscaoq23x3uvgoda
-
-# Renovate
-RENOVATE_TOKEN=CHANGE_ME
-
-# Registry
-REGISTRY_HOST=container.demo.${BASE_DOMAIN}
-REGISTRY_UI_HOST=container-ui.demo.${BASE_DOMAIN}
-
-REPOSILITE_HOST=mvn.demo.${BASE_DOMAIN}
-REPOSILITE_UI_HOST=mvn-ui.demo.${BASE_DOMAIN}
-REPOSILITE_JAVA_COMPOSE_OPTS=
-REPOSILITE_MEMORY=256M
-REPOSILITE_COMPOSE_OPTS="--token admin:changeme"
-REPOSILITE_PORT=8080
-
-VERDACCIO_HOST=npm.demo.${BASE_DOMAIN}
-
-SONARQUBE_HOST=sonarqube.demo.${BASE_DOMAIN}
diff --git a/infrastructure/compose.yaml b/infrastructure/compose.yaml
index 3f82f23..344e257 100644
--- a/infrastructure/compose.yaml
+++ b/infrastructure/compose.yaml
@@ -162,7 +162,7 @@ services:
     container_name: woodpecker-agent
     image: woodpeckerci/woodpecker-agent:v2.2.2
     restart: unless-stopped
-    cpus: 0.5
+    cpus: 2
     mem_limit: 512m
     depends_on:
       - woodpecker-server
diff --git a/infrastructure/sonarqube/Dockerfile b/infrastructure/sonarqube/Dockerfile
index 6cd6720..50ab6ad 100644
--- a/infrastructure/sonarqube/Dockerfile
+++ b/infrastructure/sonarqube/Dockerfile
@@ -1,4 +1,4 @@
-FROM sonarqube:9.9-community
+FROM sonarqube:10.3-community
 ARG COMMUNITY_BRANCH_VERSION=1.14.0
 ENV COMMUNITY_BRANCH_URL=https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/${COMMUNITY_BRANCH_VERSION}/sonarqube-community-branch-plugin-${COMMUNITY_BRANCH_VERSION}.jar
 WORKDIR ${SONARQUBE_HOME}/extensions