diff --git a/.github/release.yml b/.github/workflows/release.yml
similarity index 62%
rename from .github/release.yml
rename to .github/workflows/release.yml
index 6944a68..361af94 100644
--- a/.github/release.yml
+++ b/.github/workflows/release.yml
@@ -1,11 +1,19 @@
 name: Publish App
 
-on: workflow_dispatch
+on:
+  push:
+    tags:
+      - 'v*'
 
 jobs:
   publish-app:
-    name: Tag Release and Publish to GCR
+    name: Publish tagged release to GCR
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
     steps:
       - name: Check out code
         uses: actions/checkout@v2
@@ -16,14 +24,15 @@ jobs:
 
       - name: Get Version
         id: get_version
-        run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
+        run: echo ::set-output name=VERSION::${GITHUB_REF##*/}
 
       - name: 'Authenticate to Google Cloud'
         id: 'auth'
-        uses: 'google-github-actions/auth@v0.3.0'
+        uses: 'google-github-actions/auth@v0.3.1'
         with:
-          create_credentials_file: true
-          workload_identity_provider: 'projects/654128975483/locations/global/workloadIdentityPools/gh-action-pool'
+          token_format: 'access_token'
+          access_token_lifetime: '600s'
+          workload_identity_provider: 'projects/654128975483/locations/global/workloadIdentityPools/gh-action-pool/providers/github-action-provider'
           service_account: 'gcr-gh-action@infracore.iam.gserviceaccount.com'
 
       - name: Build & push Docker image - flask
@@ -32,9 +41,10 @@ jobs:
           image: infracore/infinitory-flask
           tags: ${{ steps.get_version.outputs.VERSION }}
           registry: gcr.io
+          directory: infinitory-flask
           dockerfile: infinitory-flask/Dockerfile
-          username: _json_key
-          password: ${{ steps.auth.outputs.credentials_file_path }}
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
 
       - name: Build & push Docker image - cron
         uses: mr-smithers-excellent/docker-build-push@v5
@@ -43,5 +53,5 @@ jobs:
           tags: ${{ steps.get_version.outputs.VERSION }}
           registry: gcr.io
           dockerfile: Dockerfile
-          username: _json_key
-          password: ${{ steps.auth.outputs.credentials_file_path }}
\ No newline at end of file
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
\ No newline at end of file
diff --git a/CODEOWNERS b/CODEOWNERS
index d17407c..f5884a2 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1,8 +1,8 @@
-# This will cause InfraCore to be assigned review of any opened PRs against
+# This will cause IT SysOps to be assigned review of any opened PRs against
 # the branches containing this file.
 # See https://help.github.com/en/articles/about-code-owners for info on how to
 # take ownership of parts of the code base that should be reviewed by another
 # team.
 
 
-*  @puppetlabs/dio
+*  @puppetlabs/it-ops
diff --git a/README.md b/README.md
index 1024f4c..0c3b24a 100644
--- a/README.md
+++ b/README.md
@@ -63,3 +63,9 @@ python setup.py sdist upload -r local
 ```
 
 `infinitory-flask` - Simply build and push the docker image to release this portion of the app.
+
+Before a release, the `requirements.txt` file should be regenerated:
+```
+pip install pipreqs #if needed
+pipreqs .
+```
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..1cd49ce
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,13 @@
+click==8.0.3
+colorlog==6.6.0
+Flask==2.0.2
+Jinja2==3.0.3
+markdown2==2.4.2
+paramiko==2.9.2
+protobuf==3.19.4
+Pygments==2.11.2
+pypuppetdb==2.5.1
+requests==2.25.1
+sample==1.0.0
+setuptools==52.0.0
+simplepup==0.0.4