diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..10a7531
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,43 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      github-artifacts:
+        patterns:
+          - actions/*-artifact
+      minor:
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: devcontainers
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      minor:
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      minor:
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: cargo
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      patch:
+        update-types:
+          - patch
diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml
new file mode 100644
index 0000000..a6d08f6
--- /dev/null
+++ b/.github/workflows/code.yml
@@ -0,0 +1,104 @@
+name: Backend Code
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  lint:
+    # Deduplicate jobs from pull requests and branch pushes within the same repo.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+    runs-on: ubuntu-latest
+    services:
+      ispyb:
+        image: ghcr.io/diamondlightsource/ispyb-database:v3.0.0
+        ports:
+          - 3306:3306
+        env:
+          MARIADB_ROOT_PASSWORD: rootpassword
+        options: >
+          --health-cmd "/usr/local/bin/healthcheck.sh --defaults-file=/ispyb/.my.cnf --connect"
+    env:
+      DATABASE_URL: mysql://root:rootpassword@localhost/ispyb_build
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4.1.2
+
+      - name: Install dependencies
+        uses: awalsh128/cache-apt-pkgs-action@v1.4.2
+        with:
+          packages: libopencv-dev clang libclang-dev
+
+      - name: Install stable toolchain
+        uses: actions-rs/toolchain@v1.0.7
+        with:
+          toolchain: stable
+          default: true
+
+      - name: Cache Rust Build
+        uses: Swatinem/rust-cache@v2.7.3
+
+      - name: Create models lib file
+        run: |
+          mkdir models/src
+          printf "\n" > models/src/lib.rs
+
+      - name: Check Formatting
+        uses: actions-rs/cargo@v1.0.3
+        with:
+          command: fmt
+          args: >
+            --all
+            --check
+
+      - name: Lint with Clippy
+        uses: actions-rs/cargo@v1.0.3
+        with:
+          command: clippy
+          args: >
+            --no-deps
+            --all-targets
+            --all-features
+            -- 
+            --deny warnings
+
+  test:
+    # Deduplicate jobs from pull requests and branch pushes within the same repo.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+    runs-on: ubuntu-latest
+    services:
+      ispyb:
+        image: ghcr.io/diamondlightsource/ispyb-database:v3.0.0
+        ports:
+          - 3306:3306
+        env:
+          MARIADB_ROOT_PASSWORD: rootpassword
+        options: >
+          --health-cmd "/usr/local/bin/healthcheck.sh --defaults-file=/ispyb/.my.cnf --connect"
+    env:
+      DATABASE_URL: mysql://root:rootpassword@localhost/ispyb_build
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4.1.2
+
+      - name: Install dependencies
+        uses: awalsh128/cache-apt-pkgs-action@v1.4.2
+        with:
+          packages: libopencv-dev clang libclang-dev
+
+      - name: Install stable toolchain
+        uses: actions-rs/toolchain@v1.0.7
+        with:
+          toolchain: stable
+          default: true
+
+      - name: Cache Rust Build
+        uses: Swatinem/rust-cache@v2.7.3
+
+      - name: Test
+        uses: actions-rs/cargo@v1.0.3
+        with:
+          command: test
+          args: >
+            --all-targets
+            --all-features
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
new file mode 100644
index 0000000..bc97ca4
--- /dev/null
+++ b/.github/workflows/container.yml
@@ -0,0 +1,64 @@
+name: Container
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    # Deduplicate jobs from pull requests and branch pushes within the same repo.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+    runs-on: ubuntu-latest
+    services:
+      ispyb:
+        image: ghcr.io/diamondlightsource/ispyb-database:v3.0.0
+        ports:
+          - 3306:3306
+        env:
+          MARIADB_ROOT_PASSWORD: rootpassword
+        options: >
+          --health-cmd "/usr/local/bin/healthcheck.sh --defaults-file=/ispyb/.my.cnf --connect"
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4.1.2
+
+      - name: Generate Image Name
+        run: echo IMAGE_REPOSITORY=ghcr.io/$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]' | tr '[_]' '[\-]') >> $GITHUB_ENV
+
+      - name: Log in to GitHub Docker Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5.5.1
+        with:
+          images: ${{ env.IMAGE_REPOSITORY }}
+          tags: |
+            type=ref,event=tag
+            type=raw,value=latest
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.2.0
+        with:
+          driver-opts: network=host
+
+      - name: Build Image
+        uses: docker/build-push-action@v5.3.0
+        with:
+          build-args: DATABASE_URL=mysql://root:rootpassword@localhost:3306/ispyb_build
+          target: deploy
+          push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }}
+          load: ${{ !(github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          
\ No newline at end of file
diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml
new file mode 100644
index 0000000..73e6d47
--- /dev/null
+++ b/.github/workflows/devcontainer.yml
@@ -0,0 +1,23 @@
+name: Dev Container CI
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    # pull requests are a duplicate of a branch push if within the same repo.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.1.2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.2.0
+
+      - name: Create .env file
+        run: touch .devcontainer/opa.env
+
+      - name: Build dev container
+        uses: devcontainers/ci@v0.3.1900000348
diff --git a/.github/workflows/schema.yml b/.github/workflows/schema.yml
new file mode 100644
index 0000000..20e4b1b
--- /dev/null
+++ b/.github/workflows/schema.yml
@@ -0,0 +1,83 @@
+name: Schema
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  generate:
+    # Deduplicate jobs from pull requests and branch pushes within the same repo.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+    runs-on: ubuntu-latest
+    services:
+      ispyb:
+        image: ghcr.io/diamondlightsource/ispyb-database:v3.0.0
+        ports:
+          - 3306:3306
+        env:
+          MARIADB_ROOT_PASSWORD: rootpassword
+        options: >
+          --health-cmd "/usr/local/bin/healthcheck.sh --defaults-file=/ispyb/.my.cnf --connect"
+    env:
+      DATABASE_URL: mysql://root:rootpassword@localhost:3306/ispyb_build
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4.1.2
+
+      - name: Install stable toolchain
+        uses: actions-rs/toolchain@v1.0.7
+        with:
+          toolchain: stable
+          default: true
+
+      - name: Cache Rust Build
+        uses: Swatinem/rust-cache@v2.7.3
+
+      - name: Generate Schema
+        uses: actions-rs/cargo@v1.0.3
+        with:
+          command: run
+          args: >
+            schema
+            --path fluorescence_scan.graphql
+
+      - name: Upload Schema Artifact
+        uses: actions/upload-artifact@v4.3.1
+        with:
+          name: fluorescence_scan.graphql
+          path: fluorescence_scan.graphql
+
+  publish:
+      # Deduplicate jobs from pull requests and branch pushes within the same repo.
+      if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+      needs:
+        - generate
+      runs-on: ubuntu-latest
+      steps:
+        - name: Install Rover CLI
+          run: |
+            curl -sSL https://rover.apollo.dev/nix/v0.23.0-rc.3 | sh
+            echo "$HOME/.rover/bin" >> $GITHUB_PATH
+
+        - name: Download Schema Artifact
+          uses: actions/download-artifact@v4.1.4
+          with:
+            name: fluorescence_scan.graphql
+
+        - name: Check Subgraph Schema
+          run: >
+            rover subgraph check data-gateway-n63jcf@current
+            --schema fluorescence_scan.graphql
+            --name fluorescence-scan
+          env:
+            APOLLO_KEY: ${{ secrets.APOLLO_STUDIO }}
+
+        - name: Publish Subgraph Schema to Apollo Studio
+          if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }}
+          run: >
+            rover subgraph publish data-gateway-n63jcf@current 
+            --routing-url http://fluorescence-scan:80 
+            --schema fluorescence_scan.graphql
+            --name fluorescence-scan
+          env:
+            APOLLO_KEY: ${{ secrets.APOLLO_STUDIO }}