diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index f5629b3..a2e7b3e 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -6,78 +6,55 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: Build cdoc2-shares-server with CI
+name: Publish to cdoc2-shares-server GitHub Registry
 
 on:
   push:
-    branches: [ "master" ]
-  pull_request:
-    branches: [ "master" ]
-
-env:
-  ACTIONS_STEP_DEBUG: true
+    branches: ["test"]
 
 jobs:
-  dump_contexts_to_log:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Dump GitHub context
-        env:
-          GITHUB_CONTEXT: ${{ toJson(github) }}
-        run: echo "$GITHUB_CONTEXT"
-
-  fork_setup:
+  publish:
     runs-on: ubuntu-latest
-
-    outputs:
-      base_repo: ${{ steps.base_repo.outputs.name }}
-      is_fork: ${{ steps.is_fork.outputs.is_fork }}
-
-    steps:
-      # if pull_request and fork then finds base repo
-      - id: base_repo
-        run: |
-          if [ "${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}" = "true" ]; then
-            echo "name=${{github.event.pull_request.base.repo.full_name}}" >> "$GITHUB_OUTPUT"
-          else
-            echo "name=${{ github.event.repo.name }}" >> "$GITHUB_OUTPUT"
-          fi
-      - id: is_fork
-        run: |
-          if [ "${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }}" = "true" ]; then
-            echo "is_fork=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "is_fork=false" >> "$GITHUB_OUTPUT"
-          fi
-
-  build:
-    runs-on: ubuntu-latest
-    needs: fork_setup
+    permissions:
+      contents: read
+      packages: write
 
     steps:
       - uses: actions/checkout@v4
       - name: Set up JDK 17
         uses: actions/setup-java@v4
-
         with:
           java-version: '17'
           distribution: 'temurin'
-          overwrite-settings: true #generate settings.xml
-          cache: maven
+          settings-path: ${{ github.workspace }} # location for the settings.xml file
 
-      - name: Build with Maven
+      # test if username and password are correct (may still fail if no write access or wrong package name)
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Build Docker/OCI images and publish to GH Container registry (ghcr.io)
         run: |
-          echo "Debug env vars: is_fork=$IS_FORK base_repo=$BASE_REPO MAVEN_REPO=$MAVEN_REPO"
-          mvn help:active-profiles
-          echo "Using Maven repo=$(mvn help:evaluate -Dexpression=github_ci.maven_repo -q -DforceStdout)"
-          mvn -B verify
+          mvn clean install -s $GITHUB_WORKSPACE/settings.xml -Dmaven.test.skip=true --batch-mode
+          mvn spring-boot:build-image -f shares-server \
+            -s $GITHUB_WORKSPACE/settings.xml --batch-mode \
+            -Dmaven.test.skip=true \
+            -Dspring-boot.build-image.publish=true \
+            -Ddocker.publishRegistry.url=${REGISTRY} \
+            -Ddocker.publishRegistry.username=${USERNAME} \
+            -Ddocker.publishRegistry.password=${GITHUB_TOKEN} \
+            -Dspring-boot.build-image.imageName=${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/cdoc2-shares-server:${TAG}-${GITHUB_SHA} \
+            -Dspring-boot.build-image.tags=${REGISTRY}/${GITHUB_REPOSITORY_OWNER}/cdoc2-shares-server:latest
         env:
-          GITHUB_TOKEN: ${{ github.token }} # GITHUB_TOKEN is the default env for the password
-          IS_FORK: ${{needs.fork_setup.outputs.is_fork}}
-          BASE_REPO: ${{needs.fork_setup.outputs.base_repo}}
-          MAVEN_REPO: ${{vars.MAVEN_REPO}} # set as repository variable: open-eid/cdoc2-shares-server
-
-
-    # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
-    #- name: Update dependency graph
-    #  uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
+          REGISTRY: ghcr.io
+          USERNAME: ${{ github.actor }}
+          GITHUB_TOKEN: ${{ github.token }}
+          # Note: git tag can contain more symbols than Container registry, allowed for docker tag:
+          # lowercase and uppercase letters, digits, underscores, periods, and hyphens.
+          # Note: imageName tag is built from git tag which can be different from module version
+          TAG: "0.1.0"
+          # use open-eid Maven repo for dependencies download, see pom.xml
+          MAVEN_REPO: open-eid/cdoc2-shares-server
diff --git a/shares-server/pom.xml b/shares-server/pom.xml
index c73972f..404a1f4 100644
--- a/shares-server/pom.xml
+++ b/shares-server/pom.xml
@@ -177,30 +177,6 @@
 			<version>0.1.0-SNAPSHOT</version>
 		</dependency>
 
-		<dependency>
-			<groupId>ee.cyber.cdoc2</groupId>
-			<artifactId>cdoc2-lib</artifactId>
-			<version>SID-2.1.0-SNAPSHOT</version>
-			<scope>test</scope>
-		</dependency>
-
-		<dependency>
-			<groupId>ee.cyber.cdoc2</groupId>
-			<artifactId>cdoc2-lib</artifactId>
-<!--			for successful pkcs11 tests version must be at least 1.5.0-SNAPSHOT-->
-			<version>SID-2.1.0-SNAPSHOT</version>
-			<!-- cdoc2-lib src/test compiled classes-->
-			<type>test-jar</type>
-			<scope>test</scope>
-		</dependency>
-
-		<dependency>
-			<groupId>ee.cyber.cdoc2</groupId>
-			<artifactId>cdoc2-client</artifactId>
-			<version>SID-1.6.0-SNAPSHOT</version>
-			<scope>test</scope>
-		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>