diff --git a/.github/actions/setup-git/action.yml b/.github/actions/setup-git/action.yml
new file mode 100644
index 0000000..6709256
--- /dev/null
+++ b/.github/actions/setup-git/action.yml
@@ -0,0 +1,23 @@
+name: "Setup Git"
+description: "Setup git config for commit and push on actions"
+
+inputs:
+  github_token:
+    description: "The GitHub token to use"
+    required: true
+  origin:
+    description: "The origin to use"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Git
+      env:
+        GITHUB_TOKEN: ${{ inputs.github_token }}
+      shell: bash
+      run: |
+        git config --local user.email "$(git --no-pager log --format=format:'%ae' -n 1)"
+        git config --local user.name "$(git --no-pager log --format=format:'%an' -n 1)"
+        git config --local url."https://oauth2:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"
+        git pull --rebase origin ${{ inputs.origin }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b25302c..461129f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@ concurrency:
 
 jobs:
   check:
-    name: Quality Checks
+    name: check
     runs-on: ubuntu-latest
     timeout-minutes: 15
 
diff --git a/.github/workflows/pinact.yml b/.github/workflows/pinact.yml
index c936fc0..399d467 100644
--- a/.github/workflows/pinact.yml
+++ b/.github/workflows/pinact.yml
@@ -1,21 +1,35 @@
 name: Run Pinact
 
 on:
-  workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * *'
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   pinact:
+    name: pinact
     runs-on: ubuntu-latest
+    timeout-minutes: 3
+
+    permissions:
+      id-token: write
+      contents: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v5.0.0
         with:
+          fetch-depth: 0
           persist-credentials: false
 
+      - name: Set up Git
+        uses: ./.github/actions/setup-git
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          origin: ${{ github.head_ref }}
+
       - name: Pin actions
         uses: suzuki-shunsuke/pinact-action@d735505f3decf76fca3fdbb4c952e5b3eba0ffdd # v0.1.2
-        with:
-          app_id: ${{secrets.APP_ID}}
-          app_private_key: ${{secrets.APP_PRIVATE_KEY}}
diff --git a/.github/workflows/vrt.yml b/.github/workflows/vrt.yml
index e946e9f..69e29a3 100644
--- a/.github/workflows/vrt.yml
+++ b/.github/workflows/vrt.yml
@@ -35,14 +35,10 @@ jobs:
           pnpm exec playwright install
 
       - name: Set up Git
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git config --local user.email "$(git --no-pager log --format=format:'%ae' -n 1)"
-          git config --local user.name "$(git --no-pager log --format=format:'%an' -n 1)"
-          git config --local url."https://oauth2:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"
-
-          git pull --rebase origin ${{ github.head_ref }}
+        uses: ./.github/actions/setup-git
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          origin: ${{ github.head_ref }}
 
       - name: Build project
         run: pnpm build