diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..3bae399
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,33 @@
+name: ci
+on:
+  push:
+    branches:
+      - '**'
+      - '!master'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: prepare test data
+        run: |
+          sed 's/3\.35\.0/3.36.0/' -i test/versions.tf
+          git add test/versions.tf
+          git config user.name "Dummy"
+          git config user.email "bot@renovateapp.com"
+          git commit -m "Test"
+      - name: run
+        uses: ./
+        with:
+          git_user: Dummy
+          git_email: 8390204+seqsense@users.noreply.github.com
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          push: no
+      - name: validate
+        run: |
+          grep 'version     = "3.36.0"' test/.terraform.lock.hcl
+          grep 'constraints = "3.36.0"' test/.terraform.lock.hcl
+          ! grep 'version     = "3.35.0"' test/.terraform.lock.hcl
+          ! grep 'constraints = "3.35.0"' test/.terraform.lock.hcl
diff --git a/.github/workflows/version-tag.yml b/.github/workflows/version-tag.yml
new file mode 100644
index 0000000..8d7e3b2
--- /dev/null
+++ b/.github/workflows/version-tag.yml
@@ -0,0 +1,19 @@
+name: version-tag
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+jobs:
+  version-tag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+      - name: tag
+        run: |
+          git remote set-url origin https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
+          git tag $(basename ${TAG%.*.*})
+          git tag $(basename ${TAG%.*})
+          git push origin -f --tags
+        env:
+          TAG: ${{ github.ref }}
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f4112a5
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,10 @@
+FROM alpine
+
+RUN apk add --no-cache bash curl git
+
+ARG TFENV_VERSION=v2.2.1
+RUN git clone --branch ${TFENV_VERSION} --depth 1 https://github.com/tfutils/tfenv.git ~/.tfenv \
+ && ln -s ~/.tfenv/bin/* /usr/local/bin
+
+COPY entrypoint.sh /
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/README.md b/README.md
index 6176e22..00e32bc 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,36 @@
 # terraform-lock-fix-action
 GitHub Action to update .terraform.lock.hcl
+
+## Example
+
+Example to automatically fix `.terraform.lock.hcl` in Renovate Bot's pull requests.
+
+This action internally uses [tfutils/tfenv](https://github.com/tfutils/tfenv) to install Terraform.
+It can automatically detect your project's Terraform versions.
+
+See https://github.com/tfutils/tfenv#tfenv-install-version for more details.
+
+```yaml
+name: terraform-lock-fix
+on:
+  push:
+    branches:
+      - renovate/*
+
+jobs:
+  terraform-lock-fix:
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+      - name: fix
+        uses: seqsense/terraform-lock-fix-action@v0
+        with:
+          git_user: @@MAINTAINER_NAME@@
+          git_email: @@MAINTAINER_EMAIL_ADDRESS@@
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          commit_style: squash
+          push: force
+```
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..d7d17ec
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,26 @@
+name: "Go sum fix"
+description: "Update .terraform.lock.hcl."
+inputs:
+  github_token:
+    description: "GITHUB_TOKEN."
+    required: true
+  git_user:
+    description: "User name of commit author."
+    required: true
+  git_email:
+    description: "E-mail address of commit author."
+    required: true
+  commit_style:
+    description: "Commit style. (add|squash)"
+  commit_message:
+    description: "Commit message."
+  push:
+    description: "Push to the branch? (no|yes|force)"
+  lock_file_paths:
+    description: "Space separated list of the paths to the directories of .terraform.lock.hcl. Automatically detected by default."
+runs:
+  using: "docker"
+  image: "Dockerfile"
+branding:
+  icon: "refresh-ccw"
+  color: "white"
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..03b3690
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+
+cd "${GITHUB_WORKSPACE}" \
+  || (echo "Workspace is unavailable" >&2; exit 1)
+
+if [ -z "${INPUT_GITHUB_TOKEN}" ]
+then
+  echo "github_token is not provided" >&2
+  exit 1
+fi
+
+set -eu
+
+if [ ! "$(git show HEAD --pretty=format:%ae -s)" = "bot@renovateapp.com" ]
+then
+  echo "HEAD commit author is not Renovate Bot" >&2
+  exit 0
+fi
+
+BRANCH=$(git symbolic-ref -q --short HEAD) \
+  || (echo "You are in 'detached HEAD' state" >&2; exit 1)
+
+echo "Setting up authentication"
+cp .git/config .git/config.bak
+revert_git_config() {
+  mv .git/config.bak .git/config
+}
+trap revert_git_config EXIT
+
+git config --unset http."https://github.com/".extraheader || true
+git config --global --add http."https://github.com/".extraheader "Authorization: Basic $(echo -n "x-access-token:${INPUT_GITHUB_TOKEN}" | base64 | tr -d '\n')"
+git config user.name ${INPUT_GIT_USER}
+git config user.email ${INPUT_GIT_EMAIL}
+
+INPUT_LOCK_FILE_PATHS=${INPUT_LOCK_FILE_PATHS:-$(find . -name .terraform.lock.hcl | xargs -r -n1 dirname)}
+
+echo "Updating"
+echo ${INPUT_LOCK_FILE_PATHS} | xargs -r -n1 echo | while read dir
+do
+  cd ${dir}
+  tfenv install
+  echo -e 'terraform {\n  backend "local" {}\n}' > backend_override.tf
+  terraform init -input=false -upgrade
+  rm -f backend_override.tf
+  cd "${GITHUB_WORKSPACE}"
+done
+
+if git diff --exit-code
+then
+  echo "Up-to-date"
+  exit 0
+fi
+
+case ${INPUT_COMMIT_STYLE:-add} in
+  add)
+    git add .;
+    git commit -m ${INPUT_COMMIT_MESSAGE:-"Fix .terraform.lock.hcl"};
+    ;;
+  squash)
+    git add .;
+    git commit --amend --no-edit;
+    ;;
+  *)
+    echo "Unknown commit_style value: ${INPUT_COMMIT_STYLE}" >&2;
+    exit 1;
+    ;;
+esac
+
+echo "Pushing to the repository"
+origin=https://github.com/${GITHUB_REPOSITORY}
+case ${INPUT_PUSH:-no} in
+  no)
+    ;;
+  yes)
+    git push --verbose ${origin} ${BRANCH};
+    ;;
+  force)
+    git push --verbose -f ${origin} ${BRANCH};
+    ;;
+  *)
+    echo "Unknown push value: ${INPUT_PUSH}" >&2;
+    exit 1;
+    ;;
+esac
diff --git a/test/.terraform-version b/test/.terraform-version
new file mode 100644
index 0000000..b231a0a
--- /dev/null
+++ b/test/.terraform-version
@@ -0,0 +1 @@
+0.14.10
diff --git a/test/.terraform.lock.hcl b/test/.terraform.lock.hcl
new file mode 100644
index 0000000..176cb5f
--- /dev/null
+++ b/test/.terraform.lock.hcl
@@ -0,0 +1,21 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.35.0"
+  constraints = "3.35.0"
+  hashes = [
+    "h1:xOkRDvfIw457egXTu+4LAl7Kog31KKx339t8N+7TgPU=",
+    "zh:0b7cf15369fe940190f2e3fd77300119a16a9b821a7b15e049a6e349126b833d",
+    "zh:65680b35a45df6dc9ebe4439aa28dbe5767f8745443d0807656759d81ed23f5d",
+    "zh:75a71517d40b842308bc7a13a8dadcade99de3344292318b28a3ad95f09994e7",
+    "zh:865e618aa41f4a3842e818f6389f4aac89a985b409d1bb108ac753ea6292215d",
+    "zh:893658f93e57ea6c2bb458cdcf7d51e617147f53a9b2ed7741689bec3cfca4f9",
+    "zh:89d63eab0ad7fe3a891e6567052dd3227520ae48c212465d3a2b0bed326b319d",
+    "zh:94a408adcc52ce1758ecc2aad8394c35254029d18f358392b86602705a688b3d",
+    "zh:a82d09d03cb5480b3b4f318d1db3a64d80a701a429f3a84520e4a26f66b9a178",
+    "zh:aee92e745c43de2cc30913bddd8e625a8c6511f900f8e4104a0ccb746f276428",
+    "zh:b1178f4c2db30d7e49c3af441f79ac932bb5b8a8f05b0d770515b732ad4ac388",
+    "zh:b2684d0124ed6c394c83005def7387a6f8c9ac5f459dd7fc2fe56ea1aa97b20c",
+  ]
+}
diff --git a/test/backend.tf b/test/backend.tf
new file mode 100644
index 0000000..e92b8fe
--- /dev/null
+++ b/test/backend.tf
@@ -0,0 +1,7 @@
+terraform {
+  backend "s3" {
+    bucket = "my-terraform-state-bucket"
+    key    = "terraform.tfstate"
+    region = "ap-northeast-1"
+  }
+}
diff --git a/test/ec2.tf b/test/ec2.tf
new file mode 100644
index 0000000..af1626d
--- /dev/null
+++ b/test/ec2.tf
@@ -0,0 +1,24 @@
+data "aws_ami" "ubuntu" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"] # Canonical
+}
+
+resource "aws_instance" "web" {
+  ami           = data.aws_ami.ubuntu.id
+  instance_type = "t3.micro"
+
+  tags = {
+    Name = "HelloWorld"
+  }
+}
diff --git a/test/versions.tf b/test/versions.tf
new file mode 100644
index 0000000..8a5de7c
--- /dev/null
+++ b/test/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.35.0"
+    }
+  }
+  required_version = ">= 0.14"
+}