diff --git a/.gitea/workflows/development.yml b/.gitea/workflows/development.yml
index bfba126..19cb03e 100644
--- a/.gitea/workflows/development.yml
+++ b/.gitea/workflows/development.yml
@@ -16,11 +16,11 @@ jobs:
       - name: Install commitizen
         run: pip3 install commitizen
         shell: bash
-        working-directory: ./
+        working-directory: ${{ gitea.workspace }}
 
       - name: Verify commit message compliance
         run: |
           echo "cz check --message '${{ github.event.head_commit.message }}'"
           cz check --message "${{ github.event.head_commit.message }}"
         shell: bash
-        working-directory: ./
+        working-directory: ${{ gitea.workspace }}
diff --git a/.gitea/workflows/pull-request-open.yml b/.gitea/workflows/pull-request-open.yml
index 675edc9..8a198d3 100644
--- a/.gitea/workflows/pull-request-open.yml
+++ b/.gitea/workflows/pull-request-open.yml
@@ -41,9 +41,6 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
 
       - name: Install pre-commit
         run: pip3 install pre-commit
@@ -76,3 +73,42 @@ jobs:
         run: pre-commit run --all
         shell: bash
         working-directory: ${{ gitea.workspace }}
+
+  end-to-end-tests:
+    name: Run E2E tofu tests
+    runs-on: ubuntu-latest
+    needs: pre-commit-check
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install required packages
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          sudo apt update
+          sudo apt install -y curl jq
+
+          curl https://vault.ednz.fr/v1/ednz-root-ca/ca -o /tmp/ednz_ca
+          openssl x509 -inform DER -in /tmp/ednz_ca -out /usr/local/share/ca-certificates/ednz_ca.crt -outform pem
+          update-ca-certificates
+
+      - name: Install OpenTofu
+        uses: opentofu/setup-opentofu@v1
+        with:
+          tofu_version: 1.8.2
+
+      - name: Get required credentials
+        id: tofu-auth
+        run: |
+          VAULT_TOKEN=$(curl --silent --request POST --data '{"role_id": "${{ steps.import-secrets.outputs.VAULT_INFRABUILDER_APPROLE_ID }}","secret_id": "${{ steps.import-secrets.outputs.VAULT_INFRABUILDER_APPROLE_SECRET_ID }}"}' https://vault.ednz.fr/v1/auth/approle/login | jq -r .auth.client_token)
+          echo "vault_token=$VAULT_TOKEN" >> $GITHUB_OUTPUT
+
+      - name: Tofu init
+        run: tofu init
+        shell: bash
+        working-directory: ${{ gitea.workspace }}
+
+      - name: Tofu test
+        run: tofu test
+        shell: bash
+        working-directory: ${{ gitea.workspace }}
diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index c72fc74..472ddaa 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Install commitizen
         run: pip3 install commitizen
         shell: bash
-        working-directory: ./
+        working-directory: ${{ gitea.workspace }}
 
       - name: Configure git credentials
         uses: oleksiyrudenko/gha-git-credentials@v2
@@ -46,9 +46,9 @@ jobs:
       - name: Do release
         run: cz -nr 21 bump --yes
         shell: bash
-        working-directory: ./
+        working-directory: ${{ gitea.workspace }}
 
       - name: Push release
         run: git push && git push --tags
         shell: bash
-        working-directory: ./
+        working-directory: ${{ gitea.workspace }}