diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 2c06c1bec8..a21d5f3593 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,6 +11,7 @@ updates:
       prefix: ":seedling:"
   labels:
     - "ok-to-test"
+
 # Go
 - package-ecosystem: "gomod"
   directory: "/"
diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/pr-golangci-lint.yaml
similarity index 97%
rename from .github/workflows/golangci-lint.yaml
rename to .github/workflows/pr-golangci-lint.yaml
index 62cf8b8d46..a44ad58973 100644
--- a/.github/workflows/golangci-lint.yaml
+++ b/.github/workflows/pr-golangci-lint.yaml
@@ -1,4 +1,4 @@
-name: golangci-lint
+name: PR golangci-lint
 
 on:
   pull_request:
diff --git a/.github/workflows/pr-md-link-check.yaml b/.github/workflows/pr-md-link-check.yaml
new file mode 100644
index 0000000000..87154aacac
--- /dev/null
+++ b/.github/workflows/pr-md-link-check.yaml
@@ -0,0 +1,23 @@
+name: PR check Markdown links
+
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+    paths:
+      - '**.md'
+
+# Remove all permissions from GITHUB_TOKEN except metadata.
+permissions: {}
+
+jobs:
+  markdown-link-check:
+    name: Broken Links
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3
+    - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # tag=v1
+      with:
+        use-quiet-mode: 'yes'
+        config-file: .markdownlinkcheck.json
+        check-modified-files-only: 'yes'
+        base-branch: main
diff --git a/.github/workflows/verify-pr.yml b/.github/workflows/pr-verify.yaml
similarity index 73%
rename from .github/workflows/verify-pr.yml
rename to .github/workflows/pr-verify.yaml
index e55bc24990..c835c68010 100644
--- a/.github/workflows/verify-pr.yml
+++ b/.github/workflows/pr-verify.yaml
@@ -1,4 +1,4 @@
-name: Verify PR
+name: PR Verify
 
 on:
   pull_request_target:
@@ -14,6 +14,6 @@ jobs:
     steps:
       - name: Verifier action
         id: verifier
-        uses: kubernetes-sigs/kubebuilder-release-tools@v0.3.0
+        uses: kubernetes-sigs/kubebuilder-release-tools@4f3d1085b4458a49ed86918b4b55505716715b77 # tag=v0.3.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/scan.yaml b/.github/workflows/weekly-image-scan.yaml
similarity index 80%
rename from .github/workflows/scan.yaml
rename to .github/workflows/weekly-image-scan.yaml
index 2a1917eebe..7243b9380f 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/weekly-image-scan.yaml
@@ -1,4 +1,4 @@
-name: scan-images
+name: Weekly image scan
 
 on:
   schedule:
@@ -13,7 +13,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        branch: [ main, release-1.7, release-1.6, release-1.5 ]
+        branch: [ main, release-1.8, release-1.7, release-1.6, release-1.5 ]
     name: Trivy
     runs-on: ubuntu-latest
     steps:
@@ -25,7 +25,7 @@ jobs:
         id: vars
         run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
       - name: Set up Go
-        uses: actions/setup-go@v4.0.1 # tag=v3.5.0
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # tag=v4.0.1
         with:
           go-version: ${{ steps.vars.outputs.go_version }}
       - name: Run verify container script
diff --git a/.github/workflows/weekly-md-link-check.yaml b/.github/workflows/weekly-md-link-check.yaml
new file mode 100644
index 0000000000..f03ba9f3f7
--- /dev/null
+++ b/.github/workflows/weekly-md-link-check.yaml
@@ -0,0 +1,26 @@
+name: Weekly check all Markdown links
+
+on:
+  schedule:
+    # Cron for every Monday at 12:00 UTC.
+    - cron: "0 12 * * 1"
+
+# Remove all permissions from GITHUB_TOKEN except metadata.
+permissions: {}
+
+jobs:
+  markdown-link-check:
+    name: Broken Links
+    strategy:
+      fail-fast: false
+      matrix:
+        branch: [ main, release-1.8, release-1.7, release-1.6, release-1.5 ]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3
+        with:
+          ref: ${{ matrix.branch }}
+      - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # tag=v1
+        with:
+          use-quiet-mode: 'yes'
+          config-file: .markdownlinkcheck.json
diff --git a/.github/workflows/weekly-test-release.yaml b/.github/workflows/weekly-test-release.yaml
new file mode 100644
index 0000000000..f925f3263d
--- /dev/null
+++ b/.github/workflows/weekly-test-release.yaml
@@ -0,0 +1,40 @@
+name: Weekly release test
+
+# Note: This workflow does not build for releases. It attempts to build release binaries periodically to ensure the repo
+# release machinery is in a good state.
+
+on:
+  schedule:
+    # Cron for every day at 12:00 UTC.
+    - cron: "0 12 * * *"
+
+# Remove all permissions from GITHUB_TOKEN except metadata.
+permissions: {}
+
+jobs:
+  weekly-test-release:
+    name: Test release
+    strategy:
+      fail-fast: false
+      matrix:
+        branch: [ main, release-1.8, release-1.7, release-1.6, release-1.5 ]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # tag=v3.5.3
+        with:
+          ref: ${{ matrix.branch }}
+          fetch-depth: 0
+      - name: Set env
+        run:  echo "RELEASE_TAG=v9.9.9-fake" >> $GITHUB_ENV
+      - name: Set fake tag for release
+        run: |
+          git tag ${{ env.RELEASE_TAG }}
+      - name: Calculate go version
+        run: echo "go_version=$(make go-version)" >> $GITHUB_ENV
+      - name: Set up Go
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # tag=v4.0.1
+        with:
+          go-version: ${{ env.go_version }}
+      - name: Test release
+        run: |
+          make release
\ No newline at end of file
diff --git a/.markdownlinkcheck.json b/.markdownlinkcheck.json
new file mode 100644
index 0000000000..78da0b7b6e
--- /dev/null
+++ b/.markdownlinkcheck.json
@@ -0,0 +1,17 @@
+{
+    "ignorePatterns": [{
+        "pattern": "^http://localhost"
+    }],
+    "httpHeaders": [{
+        "comment": "Workaround as suggested here: https://github.com/tcort/markdown-link-check/issues/201",
+        "urls": ["https://docs.github.com/"],
+        "headers": {
+            "Accept-Encoding": "zstd, br, gzip, deflate"
+        }
+    }],
+    "timeout": "10s",
+    "retryOn429": true,
+    "retryCount": 5,
+    "fallbackRetryDelay": "30s",
+    "aliveStatusCodes": [200, 206]
+}
diff --git a/Makefile b/Makefile
index 516b859531..2edaed8490 100644
--- a/Makefile
+++ b/Makefile
@@ -145,7 +145,7 @@ GINKGO := $(abspath $(TOOLS_BIN_DIR)/$(GINKGO_BIN)-$(GINGKO_VER))
 GINKGO_PKG := github.com/onsi/ginkgo/v2/ginkgo
 
 GOLANGCI_LINT_BIN := golangci-lint
-GOLANGCI_LINT_VER := $(shell cat .github/workflows/golangci-lint.yaml | grep [[:space:]]version: | sed 's/.*version: //')
+GOLANGCI_LINT_VER := $(shell cat .github/workflows/pr-golangci-lint.yaml | grep [[:space:]]version: | sed 's/.*version: //')
 GOLANGCI_LINT := $(abspath $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER))
 GOLANGCI_LINT_PKG := github.com/golangci/golangci-lint/cmd/golangci-lint