diff --git a/.github/workflows/ci-sonorV2.yml b/.github/workflows/ci-sonorV2.yml
index 1b0c88b..b044fbc 100644
--- a/.github/workflows/ci-sonorV2.yml
+++ b/.github/workflows/ci-sonorV2.yml
@@ -1,4 +1,4 @@
-name: Release & Docker
+name: sonorV2 Branch CI - Build release candidate
 
 on:
   push:
@@ -6,73 +6,99 @@ on:
       - sonorV2
 
 jobs:
-  install:
+  check-version:
     runs-on: ubuntu-latest
+    outputs:
+      release-version: ${{ steps.version.outputs.pe-version }}
+      tag-already-exists: ${{ steps.checkTag.outputs.exists }}
     steps:
-      - name: Use Node.js 14C
-        uses: actions/setup-node@v1
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get version
+        id: version
+        run: echo "pe-version=$(cat package.json | jq -r '.version')-experimental" >> $GITHUB_OUTPUT
+
+      - name: Print version
+        run: echo ${{ steps.version.outputs.pe-version }}
+
+      - uses: mukunku/tag-exists-action@v1.6.0
+        id: checkTag
         with:
-          node-version: 18
-      - run: yarn --frozen-lockfile
-  build:
+          tag: ${{ steps.version.outputs.pe-version }}
+
+      - if: ${{ steps.checkTag.outputs.exists == 'true' }}
+        name: "Skip release"
+        run: echo "Nothing to tag/release, the release ${{ steps.version.outputs.pe-version }} already exists"
+
+  create-release:
+    needs: check-version
+    runs-on: ubuntu-latest
+    if: ${{ needs.check-version.outputs.tag-already-exists == 'false' }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+
+      - name: Get previous tag
+        id: previousTag
+        run: echo "previousTag=$(git --no-pager tag --sort=creatordate --merged ${{ github.ref_name }} | grep '^[0-9]\+\.[0-9]\+\.[0-9]\+\-experimental$' | tail -1)" >> $GITHUB_OUTPUT
+
+      - uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ needs.check-version.outputs.release-version }}
+          target_commitish: ${{ github.head_ref || github.ref }}
+          name: ${{ needs.check-version.outputs.release-version }}
+          body: ${{steps.changelog.outputs.changes}}
+          prerelease: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-release:
+    needs: create-release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT
+        id: extract_branch
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.extract_branch.outputs.branch }}
+
       - name: Use Node.js 18
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4
         with:
           node-version: 18
       - run: yarn
       - run: yarn build
+
       - name: Upload build
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: build
           path: dist
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout current branch
-        uses: actions/checkout@v2
-      - name: Get current version
-        id: version
-        uses: notiz-dev/github-action-json-property@release
-        with:
-          path: "package.json"
-          prop_path: "version"
-      - run: echo ${{steps.version.outputs.prop}}
-      - name: Release snapshot
-        id: release-snapshot
-        uses: actions/create-release@latest
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{steps.version.outputs.prop}}
-          release_name: ${{steps.version.outputs.prop}}
-          draft: false
-          prerelease: false
   docker:
-    needs: build
+    needs:
+      - check-version
+      - build-release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+
       - name: Download build
         id: download
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: build
           path: dist
-      - name: Get current version
-        id: version
-        uses: notiz-dev/github-action-json-property@release
-        with:
-          path: "package.json"
-          prop_path: "version"
-      - run: echo ${{steps.version.outputs.prop}}
+
       - name: Publish to Registry
-        uses: elgohr/Publish-Docker-Github-Action@master
+        uses: elgohr/Publish-Docker-Github-Action@v5
         with:
-          name: inseefr/pearl-jam
+          name: inseefr/sonor
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-          tags: ${{steps.version.outputs.prop}}
+          tags: "latest, ${{ needs.check-version.outputs.release-version }}"
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 0bb0fb2..71c108d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,35 @@
-FROM nginx
+FROM nginx:stable-alpine
+
+## Remove default nginx index page
+RUN rm -rf /usr/share/nginx/html/*
+
+#Add build to nginx root webapp
 ADD dist /usr/share/nginx/html
+
+#Copy nginx configuration
 RUN rm etc/nginx/conf.d/default.conf
-# Overload nginx.conf to enable cors
-COPY nginx.conf etc/nginx/conf.d/
+COPY container/nginx.conf etc/nginx/conf.d/
+
 
-# Copy .env file and shell script to container
 WORKDIR /usr/share/nginx/html
-COPY ./scripts/env.sh .
-COPY .env .
 
-# Make shell script executable
+# Add bash
+RUN apk add --no-cache bash
+
+COPY scripts/env.sh .
+COPY scripts/.env .
+
+# Make our shell script executable
 RUN chmod +x env.sh
 
+# add non-root user
+RUN touch /var/run/nginx.pid
+RUN chown -R nginx:nginx /var/run/nginx.pid /usr/share/nginx/html /var/cache/nginx /var/log/nginx /etc/nginx/conf.d
+
+# non root users cannot listen on 80
+EXPOSE 8080
+
+USER nginx
+
 # Start Nginx server
-CMD ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\""]
\ No newline at end of file
+ENTRYPOINT bash -c "/usr/share/nginx/html/env.sh && nginx -g 'daemon off;'"
\ No newline at end of file
diff --git a/nginx.conf b/container/nginx.conf
similarity index 95%
rename from nginx.conf
rename to container/nginx.conf
index 2ce9bd9..71a8ab5 100644
--- a/nginx.conf
+++ b/container/nginx.conf
@@ -1,5 +1,5 @@
 server {
-    listen 80 default_server;
+    listen 8080;
     server_name /usr/share/nginx/html;
 
     root /usr/share/nginx/html;
diff --git a/scripts/.env b/scripts/.env
new file mode 100644
index 0000000..9514981
--- /dev/null
+++ b/scripts/.env
@@ -0,0 +1,5 @@
+VITE_API_ENDPOINT=https://localhost:8080
+VITE_AUTH_TYPE=oidc
+VITE_OIDC_CLIENT_ID=localhost-frontend
+VITE_OIDC_ISSUER=https://localhost:8080
+VITE_LOCALE=fr
\ No newline at end of file
diff --git a/scripts/env.sh b/scripts/env.sh
index 376effd..cb7afae 100644
--- a/scripts/env.sh
+++ b/scripts/env.sh
@@ -15,8 +15,10 @@ do
   # Otherwise use value from .env file
   [[ -z $value ]] && value=${varvalue}
 
-  export $varname=$value  
+  export $varname=$value
   
 done < .env
 envsubst < "./configuration.json" > "configuration.temp"
-mv configuration.temp configuration.json
\ No newline at end of file
+envsubst < "./keycloak.json" > "keycloak.temp"
+mv configuration.temp configuration.json
+mv keycloak.temp keycloak.json
\ No newline at end of file