diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index b79d1fa09..5618f1447 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -33,12 +33,15 @@ jobs:
 
   test:
     name: Tests
-    runs-on: ubuntu-latest
-    needs: supportedVersions
-
     strategy:
       matrix:
         go_version: ${{ fromJSON(needs.supportedVersions.outputs.supported_versions) }}
+        os: [ubuntu-latest, macos-latest, windows-latest] # Matrix for OS
+  
+    runs-on: ${{ matrix.os }}
+    needs: supportedVersions
+
+
 
     steps:
       - name: Checkout code
diff --git a/renovate.json5 b/renovate.json5
new file mode 100644
index 000000000..cba94adeb
--- /dev/null
+++ b/renovate.json5
@@ -0,0 +1,45 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "baseBranches": ["main", "release-1.20"],
+  "schedule": ["before 9am on Monday"],
+  "packageRules": [
+    {
+      "matchBaseBranches": ["release-1.20"],
+      "packagePatterns": ["*"],
+      "enabled": false
+    },
+    // Pin Go at the current version, since we want to upgrade it manually.
+    // Remember to keep this in sync when upgrading our Go version!
+    {
+      "matchDatasources": ["docker", "golang-version"],
+      "matchPackageNames": ["go", "golang"],
+      "allowedVersions": "<=1.22.5"
+    },
+    {
+      "matchManagers": ["gomod"],
+      "matchPaths": ["dagger/go.mod"],
+      "schedule": ["every month"],
+      "postUpdateOptions": ["gomodTidy1.17"]
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "schedule": ["every month"],
+      "packagePatterns": ["*"]
+    },
+    {
+      "matchUpdateTypes": ["minor", "patch"],
+      "automerge": true,
+      "automergeType": "pr",
+      "requiredStatusChecks": ["*"]
+    }
+  ],
+  "branchPrefix": "deps-update/",
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": ["security-update"]
+  },
+  "osvVulnerabilityAlerts": true
+}