diff --git a/.github/workflows/cacerts-release.yml b/.github/workflows/cacerts-release.yml
index e30def30df..f201adabbf 100644
--- a/.github/workflows/cacerts-release.yml
+++ b/.github/workflows/cacerts-release.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.AUTOMERGE_TOKEN }}
       - name: Figure out branch
         id: figure-out-branch
         run: .github/workflows/figure-out-branch.sh '${{ matrix.branch }}'
@@ -42,14 +42,23 @@ jobs:
           SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }}
         run: .github/workflows/cacerts-apply-patch.sh
       - name: Create pull request
+        id: cpr
         if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1)
         uses: peter-evans/create-pull-request@v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.AUTOMERGE_TOKEN }}
           base: ${{ steps.figure-out-branch.outputs.BRANCH }}
           branch: ${{ steps.apply-patch.outputs.BRANCH_NAME }}
+          delete-branch: true
           author: Flatcar Buildbot <buildbot@flatcar-linux.org>
           committer: Flatcar Buildbot <buildbot@flatcar-linux.org>
           title: Upgrade ca-certificates in ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.NSS_VERSION }}
           body: Subject says it all.
           labels: ${{ steps.figure-out-branch.outputs.LABEL }}
+      - name: Enable Pull Request Automerge
+        if: steps.cpr.outputs.pull-request-operation == 'created'
+        uses: peter-evans/enable-pull-request-automerge@v2
+        with:
+          token: ${{ secrets.AUTOMERGE_TOKEN }}
+          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
+          merge-method: merge
diff --git a/.github/workflows/ci-check.yml b/.github/workflows/ci-check.yml
new file mode 100644
index 0000000000..9e0912392a
--- /dev/null
+++ b/.github/workflows/ci-check.yml
@@ -0,0 +1,15 @@
+name: ci-check
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  ci-check:
+    name: ci-check
+    runs-on: ubuntu-latest
+    steps:
+      - name: ci-check
+        shell: bash
+        working-directory: ${{ github.workspace }}
+        run: /bin/true
diff --git a/.github/workflows/common.sh b/.github/workflows/common.sh
index 4975c83282..8d2047324d 100644
--- a/.github/workflows/common.sh
+++ b/.github/workflows/common.sh
@@ -157,3 +157,40 @@ function apply_patches() {
   git am "${SDK_OUTER_SRCDIR}"/third_party/coreos-overlay/0*.patch
   rm -f "${SDK_OUTER_SRCDIR}"/third_party/coreos-overlay/0*.patch
 }
+
+# Return 0 (i.e. true) if VER1 >= VER2
+function semver_is_bigger() {
+  local VER1="${1}"
+  local VER2="${2}"
+
+  if [[ "${VER1}" = "$(echo -e "${VER1}\n${VER2}" | sort -V | tail -n1)" ]]; then
+    return 0
+  fi
+
+  return 1
+}
+
+# Determine if the given version is a correct version for the next Kernel for the Stable channel.
+# Returns 0 (i.e. true) if Stable kernel version <= the given version <= Beta kernel version.
+function is_next_stable_kernel() {
+  local INPUT_VERSION="${1}"
+  local URL_STABLE_PACKAGES="https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_image_packages.txt"
+  local URL_BETA_PACKAGES="https://beta.release.flatcar-linux.net/amd64-usr/current/flatcar_production_image_packages.txt"
+
+  curl -fsSL -o /tmp/stable-packages.txt ${URL_STABLE_PACKAGES}
+  curl -fsSL -o /tmp/beta-packages.txt ${URL_BETA_PACKAGES}
+
+  # parse a line like sys-kernel/coreos-kernel-5.15.98::coreos
+  local STABLE_KV=$(sed -n "s/^sys-kernel\/coreos-kernel-\([0-9]*\.[0-9]*\.[0-9]*\)::.*/\1/p" /tmp/stable-packages.txt)
+  local BETA_KV=$(sed -n "s/^sys-kernel\/coreos-kernel-\([0-9]*\.[0-9]*\.[0-9]*\)::.*/\1/p" /tmp/beta-packages.txt)
+
+  if semver_is_bigger "${INPUT_VERSION}" "${STABLE_KV}"; then
+    if semver_is_bigger "${BETA_KV}" "${INPUT_VERSION}"; then
+      return 0
+    fi
+  fi
+
+  rm -f /tmp/stable-packages.txt /tmp/beta-packages.txt
+
+  return 1
+}
diff --git a/.github/workflows/kernel-apply-patch.sh b/.github/workflows/kernel-apply-patch.sh
index b11004332c..48d89dda13 100755
--- a/.github/workflows/kernel-apply-patch.sh
+++ b/.github/workflows/kernel-apply-patch.sh
@@ -75,6 +75,12 @@ generate_patches sys-kernel coreos-sources Kernel
 
 apply_patches
 
+AUTOMERGEABLE=1
+if [[ "${CHANNEL}" = "stable" ]] && ! is_next_stable_kernel ${VERSION_NEW}; then
+  AUTOMERGEABLE=0
+fi
+
 echo "VERSION_OLD=${VERSION_OLD}" >>"${GITHUB_OUTPUT}"
 echo "UPDATE_NEEDED=1" >>"${GITHUB_OUTPUT}"
+echo "AUTOMERGEABLE=${AUTOMERGEABLE}" >>"${GITHUB_OUTPUT}"
 echo "BRANCH_NAME=${BRANCH_NAME}" >>"${GITHUB_OUTPUT}"
diff --git a/.github/workflows/kernel-release.yml b/.github/workflows/kernel-release.yml
index a365a66287..53f4350eec 100644
--- a/.github/workflows/kernel-release.yml
+++ b/.github/workflows/kernel-release.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.AUTOMERGE_TOKEN }}
       - name: Figure out branch
         id: figure-out-branch
         run: .github/workflows/figure-out-branch.sh '${{ matrix.branch }}'
@@ -42,20 +42,30 @@ jobs:
         env:
           TARGET: ${{ steps.figure-out-branch.outputs.BRANCH }}
           BASE_BRANCH: ${{ steps.figure-out-branch.outputs.BRANCH }}
+          CHANNEL: ${{ matrix.branch }}
           PATH: ${{ steps.setup-flatcar-sdk.outputs.path }}
           VERSION_NEW: ${{ steps.fetch-latest-release.outputs.KERNEL_VERSION }}
           PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }}
           SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }}
         run: .github/workflows/kernel-apply-patch.sh
       - name: Create pull request
-        if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1)
+        id: cpr
+        if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1) && (steps.apply-patch.outputs.AUTOMERGEABLE == 1)
         uses: peter-evans/create-pull-request@v4
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.AUTOMERGE_TOKEN }}
           base: ${{ steps.figure-out-branch.outputs.BRANCH }}
           branch: ${{ steps.apply-patch.outputs.BRANCH_NAME }}
+          delete-branch: true
           author: Flatcar Buildbot <buildbot@flatcar-linux.org>
           committer: Flatcar Buildbot <buildbot@flatcar-linux.org>
           title: Upgrade Linux Kernel for ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.KERNEL_VERSION }}
           body: Subject says it all.
           labels: ${{ steps.figure-out-branch.outputs.LABEL }}
+      - name: Enable Pull Request Automerge
+        if: steps.cpr.outputs.pull-request-operation == 'created'
+        uses: peter-evans/enable-pull-request-automerge@v2
+        with:
+          token: ${{ secrets.AUTOMERGE_TOKEN }}
+          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
+          merge-method: merge