diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
index cc22f45a..52c1354c 100644
--- a/.github/workflows/check.yaml
+++ b/.github/workflows/check.yaml
@@ -82,18 +82,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        runs-on:
-        - [ubuntu-22.04]
-        - [Ubuntu_ARM64_4C_16G_01]
-        test-command:
-        - 'tox -e func -- -v --base ubuntu@20.04 --keep-models'
-        - 'tox -e func -- -v --base ubuntu@22.04 --keep-models'
-        - 'tox -e func -- -v --base ubuntu@24.04 --keep-models'
+        runs-on: [[ubuntu-22.04], [Ubuntu_ARM64_4C_16G_01]]
+        test-command: ['tox -e func -- -v --series focal --keep-models', 'tox -e func -- -v --series jammy --keep-models']
         juju-channel: ["3.4/stable"]
-        exclude:
-        # NOTE(rgildein): The grafana-agent does not support ubuntu@24.04 on arm64. See #347 
-        - test-command: 'tox -e func -- -v --base ubuntu@24.04 --keep-models'
-          runs-on: [Ubuntu_ARM64_4C_16G_01]
     steps:
 
       - uses: actions/checkout@v4
diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml
index e6b4f64e..fed31a1e 100644
--- a/.github/workflows/promote.yaml
+++ b/.github/workflows/promote.yaml
@@ -30,11 +30,10 @@ jobs:
           destination=$(echo "$channel_promotion" | sed 's/.*->\s*//')
           echo "destination-channel=$destination" >> $GITHUB_OUTPUT
           echo "origin-channel=$origin" >> $GITHUB_OUTPUT
-      - name: Release charm to channel
-        uses: canonical/charming-actions/release-charm@2.6.2
+      - name: Promote charm to channel
+        uses: canonical/charming-actions/promote-charm@2.6.3
         with:
           credentials: ${{ secrets.CHARMHUB_TOKEN }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
           destination-channel: ${{ steps.set-channels.outputs.destination-channel }}
           origin-channel: ${{ steps.set-channels.outputs.origin-channel }}
           charmcraft-channel: "2.x/stable"
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..78dedaa0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+<!-- This file is centrally managed as a template file in https://github.com/canonical/solutions-engineering-automation -->
+<!-- To update the file: -->
+<!-- - Edit it in the canonical/solutions-engineering-automation repository. -->
+<!-- - Open a PR with the changes. -->
+<!-- - When the PR merges, the soleng-terraform bot will open a PR to the target repositories with the changes. -->
+
+# Security policy
+
+
+## Reporting a vulnerability
+To report a security issue, file a [Private Security Report](https://github.com/canonical/hardware-observer-operator/security/advisories/new)
+with a description of the issue, the steps you took to create the issue, affected versions, and,
+if known, mitigations for the issue.
+
+The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy)
+contains more information about what you can expect when you contact us and what we expect from you.