diff --git a/.github/workflows/autoApproveSync.yml b/.github/workflows/autoApproveSync.yml
new file mode 100644
index 00000000..707ef9b8
--- /dev/null
+++ b/.github/workflows/autoApproveSync.yml
@@ -0,0 +1,19 @@
+# synced from @nextcloud/android-config
+name: Auto approve
+on:
+  pull_request_target:
+    branches:
+      - master
+      - main
+
+permissions:
+  pull-requests: write
+
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: hmarr/auto-approve-action@de8ae18c173c131e182d4adf2c874d8d2308a85b # v3.1.0
+        if: ${{ contains(github.event.pull_request.labels.*.name, 'sync') && github.actor == 'nextcloud-android-bot' }}
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d06291f0..e3ef9f8c 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,27 +1,49 @@
-name: CodeQL security scan
+# synced from @nextcloud/android-config
+name: "CodeQL"
 
 on:
+  push:
+    branches: [ "master", "main", "stable-*" ]
   pull_request:
+    branches: [ "master", "main" ]
   schedule:
-    - cron:  '0 12 * * *'
+    - cron: '24 18 * * 3'
 
 permissions:
   contents: read
-  security-events: write
-  pull-requests: read
 
 jobs:
-  codeql:
-    name: CodeQL security scan
+  analyze:
+    name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java' ]
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+      - name: Checkout repository
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - name: Set Swap Space
+        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # v1.0
         with:
-          languages: java
-      - name: Build debug APK
-        run: bash ./gradlew assembleDev --stacktrace
+          swap-size-gb: 10
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@436dbd9100756e97f42f45da571adeebf8270723 # v2.2.0
+        with:
+          languages: ${{ matrix.language }}
+      - name: Set up JDK
+        uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3.9.0
+        with:
+          distribution: "temurin"
+          java-version: 11
+      - name: Assemble
+        run: |
+          mkdir -p "$HOME/.gradle"
+          echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > "$HOME/.gradle/gradle.properties"
+          ./gradlew assembleDebug
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@436dbd9100756e97f42f45da571adeebf8270723 # v2.2.0
diff --git a/.github/workflows/detectNewJavaFiles.yml b/.github/workflows/detectNewJavaFiles.yml
new file mode 100644
index 00000000..b64964ce
--- /dev/null
+++ b/.github/workflows/detectNewJavaFiles.yml
@@ -0,0 +1,32 @@
+# synced from @nextcloud/android-config
+name: "Detect new java files"
+
+on:
+  pull_request:
+    branches: [ master, main, stable-* ]
+
+permissions: read-all
+
+jobs:
+  detectNewJavaFiles:
+    runs-on: ubuntu-latest
+    steps:
+      - id: file_changes
+        uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b # v1.2.4
+        with:
+          output: ','
+      - name: Detect new java files
+        run: |
+          if [ -z '${{ steps.file_changes.outputs.files_added }}' ]; then
+              echo "No new files added"
+              exit 0
+          fi
+          new_java=$(echo '${{ steps.file_changes.outputs.files_added }}' | tr ',' '\n' | grep '\.java$' | cat)
+          if [ -n "$new_java" ]; then
+              # shellcheck disable=SC2016
+              printf 'New java files detected:\n```\n%s\n```\n' "$new_java" | tee "$GITHUB_STEP_SUMMARY"
+              exit 1
+          else
+              echo "No new java files detected"
+              exit 0
+          fi
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 00000000..a959af77
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,28 @@
+# synced from @nextcloud/android-config
+name: 'Close stale issues'
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0
+        with:
+          days-before-stale: 28
+          days-before-close: 14
+          days-before-pr-close: -1
+          only-labels: 'bug,needs info'
+          exempt-issue-labels: 'no-stale'
+          stale-issue-message: >-
+            This bug report did not receive an update in the last 4 weeks.
+            Please take a look again and update the issue with new details,
+            otherwise the issue will be automatically closed in 2 weeks. Thank you!
+          exempt-all-pr-milestones: true