diff --git a/.github/actions/cache/action.yml b/.github/actions/cache/action.yml
new file mode 100644
index 0000000..3302c23
--- /dev/null
+++ b/.github/actions/cache/action.yml
@@ -0,0 +1,55 @@
+---
+name: Cache Cargo Dependencies
+inputs:
+  cache-key:
+    description: Cache key to use for cargo home
+    required: false
+    default: cargo-cache
+  cache-target-key:
+    description: Cache key to use for target
+    required: false
+    default: cargo-target
+  additional_home:
+    description: Additional rules for cargo home caching
+    required: false
+  additional_target:
+    description: Additional rules for target folder
+    required: false
+runs:
+  using: composite
+  steps:
+    # Cache the global cargo directory, but NOT the local `target` directory which
+    # we cannot reuse anyway when the nightly changes (and it grows quite large
+    # over time).
+
+    # It will be saved every time, thus just use primary key only.
+
+  - name: Add cache for cargo
+    id: cache
+    uses: actions/cache@v4     # v4.2.0
+    with:
+      path: |
+        # List is taken from <https://doc.rust-lang.org/nightly/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci>.
+        ~/.cargo/bin
+        ~/.cargo/registry/index
+        ~/.cargo/registry/cache
+        ~/.cargo/git/db
+        # contains package information of crates installed via `cargo install`.
+        ~/.cargo/.crates.toml
+        ~/.cargo/.crates2.json
+        ${{ inputs.additional_home }}
+      key: ${{ runner.os }}-${{ inputs.cache-key }}-${{ hashFiles('Cargo.lock', 'Cargo.toml', '.github/ci-tools.toml', '.cargo/config.toml') }}
+      lookup-only: ${{ env.LOOKUP_CARGO_HOME }}
+  - name: cache target
+    uses: actions/cache@v4
+    with:
+      path: |
+        # Cache target, but not temporary folders
+        target
+        !target/llvm-cov*
+        !target/nextest
+        !target/package
+        !target/tmp
+        ${{ inputs.additional_target }}
+      key: ${{ runner.os }}-${{ inputs.cache-target-key }}-${{ hashFiles('Cargo.lock', 'Cargo.toml', '.github/ci-tools.toml', '.cargo/config.toml') }}
+      lookup-only: ${{ env.LOOKUP_TARGET }}
diff --git a/.github/workflows/quality-ci.yml b/.github/workflows/quality-ci.yml
index 04ee124..bc96bf2 100644
--- a/.github/workflows/quality-ci.yml
+++ b/.github/workflows/quality-ci.yml
@@ -6,14 +6,9 @@ on:
     types: [assigned, opened, synchronize, reopened]
 
 concurrency:
-  # Documentation suggests ${{ github.head_ref }}, but that's only available on pull_request/pull_request_target triggers, so using ${{ github.ref }}.
-  # On master, we want all builds to complete even if merging happens faster to make it easier to discover at which point something broke.
-  group: ${{ github.ref == 'refs/heads/main' && format('quality-ci-main-{0}', github.sha) || format('quality-ci-{0}', github.ref) }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
 
-env:
-  GRADLE_OPTS: -Dorg.gradle.internal.launcher.welcomeMessageEnabled=false
-
 jobs:
   changes:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..9394df0
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,108 @@
+---
+name: Release crate
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+env:
+  COLOR: yes
+  FORCE_COLOR: 1
+  CARGO_TERM_COLOR: always
+  CARGO_TERM_PROGRESS_WHEN: never
+  CARGO_INCREMENTAL: 0
+  RUST_BACKTRACE: 1
+  CARGO_NET_RETRY: 10
+  BINSTALL_DISABLE_TELEMETRY: true
+
+jobs:
+  build-test:
+    permissions:
+      contents: read
+    if: ${{ github.ref == 'refs/heads/main' }}
+    name: Build and test
+    runs-on: ubuntu-latest
+    steps:
+    - name: Rust version
+      run: |
+        rustc --version
+        cargo --version
+
+    - uses: actions/checkout@v4
+    - name: Build
+      run: cargo build
+
+  build:
+    needs: build-test
+    name: Build release for ${{ matrix.target }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - target: aarch64-unknown-linux-gnu
+          os: ubuntu-24.04-arm
+        - target: x86_64-unknown-linux-gnu
+          os: ubuntu-latest
+        - target: x86_64-pc-windows-msvc
+          os: windows-latest
+        - target: universal-apple-darwin
+          os: macos-latest
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Rust version
+      run: |
+        rustc --version
+        cargo --version
+    - name: Checkout repo
+      uses: actions/checkout@v4
+    - name: Cache Cargo
+      uses: ./.github/actions/cache
+    - name: Build
+      uses: taiki-e/upload-rust-binary-action@v1.25.0
+      with:
+        bin: sqlgrep
+        target: ${{ matrix.target }}
+        # don't publish on github
+        #   we don't allow neither secrets to be used during build process, nor additional permissions
+        dry-run: true
+    - name: Upload binary artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ matrix.target }}
+        path: '*-${{ matrix.target }}*'
+        retention-days: 1
+
+  publish-github:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v4
+    - uses: actions/download-artifact@v4
+      with:
+        merge-multiple: true
+        path: artifacts
+    - name: Publish github
+      run: |
+        package_version=$(cargo metadata --format-version 1 --no-deps| jq -r '.packages[].version')
+        gh release create "v${package_version}" --fail-on-no-commits --generate-notes  --latest artifacts/*
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish-cargo:
+    runs-on: ubuntu-latest
+    needs: publish-github
+    permissions:
+      contents: read
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v4
+    - name: Package
+      run: cargo publish --no-verify
+      env:
+        CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index 329cb87..752d5c6 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -10,6 +10,11 @@ on:
 env:
   CARGO_TERM_COLOR: always
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+
 jobs:
   build:
 
@@ -17,6 +22,8 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
+    - name: Cache Cargo
+      uses: ./.github/actions/cache
     - name: Build
       run: cargo build --verbose
     - name: Run tests
diff --git a/.github/workflows/wait-for-checks.yml b/.github/workflows/wait-for-checks.yml
index a751116..fd878f2 100644
--- a/.github/workflows/wait-for-checks.yml
+++ b/.github/workflows/wait-for-checks.yml
@@ -6,9 +6,7 @@ on:
     types: [assigned, opened, synchronize, reopened]
 
 concurrency:
-  # Documentation suggests ${{ github.head_ref }}, but that's only available on pull_request/pull_request_target triggers, so using ${{ github.ref }}.
-  # On master, we want all builds to complete even if merging happens faster to make it easier to discover at which point something broke.
-  group: ${{ github.ref == 'refs/heads/main' && format('wait-for-checks-main-{0}', github.sha) || format('wait-for-checks-{0}', github.ref) }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
 
 jobs: