diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..94d110b3
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,37 @@
+name: "CodeQL"
+on:
+  workflow_dispatch:
+  #push:
+  #  branches: [master]
+  #pull_request:
+  #  branches: [master]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["python"]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        queries: security-and-quality
+    
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+    
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
\ No newline at end of file
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
deleted file mode 100644
index 0190cb88..00000000
--- a/.github/workflows/tests.yml
+++ /dev/null
@@ -1,114 +0,0 @@
-name: tests
-
-on:
-  push:
-    branches:
-    - main
-    tags:
-    - v*
-  pull_request:
-  schedule:
-    - cron: '14 7 * * 0'  # run once a week on Sunday
-  workflow_dispatch:
-
-jobs:
-  run-tests:
-    strategy:
-      matrix:
-        config:
-        # [Python version, tox env]
-        - ["3.7",   "py37"]
-        - ["3.8",   "py38"]
-        - ["3.9",   "py39"]
-        - ["3.10",  "py310"]
-        - ["pypy-3.9", "pypy3"]
-        - ["3.10",  "docs"]
-        - ["3.10",  "plone"]
-        - ["3.11.0-rc.1",  "py311"]
-
-    runs-on: ubuntu-latest
-    name: ${{ matrix.config[1] }}
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Python
-      uses: actions/setup-python@v2
-      with:
-        python-version: ${{ matrix.config[0] }}
-    - name: Pip cache
-      uses: actions/cache@v2
-      with:
-        path: ~/.cache/pip
-        key: ${{ runner.os }}-pip-${{ matrix.config[0] }}-${{ hashFiles('setup.*', 'tox.ini') }}
-        restore-keys: |
-          ${{ runner.os }}-pip-${{ matrix.config[0] }}-
-          ${{ runner.os }}-pip-
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install tox
-    - name: Test
-      run: tox -e ${{ matrix.config[1] }}
-    - name: Coverage
-      run: |
-        pip install coveralls coverage-python-version
-        coveralls --service=github
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  deploy-tag-to-pypi:
-    # only deploy on tags, see https://stackoverflow.com/a/58478262/1320237
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs:
-    - run-tests
-    runs-on: ubuntu-latest
-    # This environment stores the TWINE_USERNAME and TWINE_PASSWORD
-    # see https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
-    environment:
-      name: PyPI
-      url: https://pypi.org/project/icalendar/
-    # after using the environment, we need to make the secrets available
-    # see https://docs.github.com/en/actions/security-guides/encrypted-secrets#example-using-bash
-    env:
-      TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
-      TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Python
-      uses: actions/setup-python@v2
-      with:
-        python-version: "3.9"
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install wheel twine
-    - name: Check the tag
-      run: |
-        PACKAGE_VERSION=`python setup.py --version`
-        TAG_NAME=v$PACKAGE_VERSION
-        echo "Package version $PACKAGE_VERSION with possible tag name $TAG_NAME on $GITHUB_REF_NAME"
-        # test that the tag represents the version
-        # see https://docs.github.com/en/actions/learn-github-actions/environment-variables
-        if [ "$TAG_NAME" != "$GITHUB_REF_NAME" ]; then
-          echo "ERROR: This tag is for the wrong version. Got \"$GITHUB_REF_NAME\" expected \"$TAG_NAME\"."
-          exit 1
-        fi
-    - name: remove old files
-      run: rm -rf dist/*
-    - name: build distribution files
-      run: python setup.py bdist_wheel sdist
-    - name: deploy to pypi
-      run: |
-        # You will have to set the variables TWINE_USERNAME and TWINE_PASSWORD
-        # You can use a token specific to your project by setting the user name to
-        # __token__ and the password to the token given to you by the PyPI project.
-        # sources:
-        #   - https://shambu2k.hashnode.dev/gitlab-to-pypi
-        #   - http://blog.octomy.org/2020/11/deploying-python-pacakges-to-pypi-using.html?m=1
-        if [ -z "$TWINE_USERNAME" ]; then
-          echo "WARNING: TWINE_USERNAME not set!"
-        fi
-        if [ -z "$TWINE_PASSWORD" ]; then
-          echo "WARNING: TWINE_PASSWORD not set!"
-        fi
-        twine check dist/*
-        twine upload dist/*