diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..cdd14da0
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,60 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - "main"
+
+env:
+  PYTHON_VERSION: 3.11
+
+jobs:
+  test:
+    name: Run tests & display coverage
+    runs-on: ubuntu-latest
+    permissions:
+      # Gives the action the necessary permissions for publishing new
+      # comments in pull requests.
+      pull-requests: write
+      # Gives the action the necessary permissions for pushing data to the
+      # python-coverage-comment-action branch, and for editing existing
+      # comments (to avoid publishing multiple comments in the same PR)
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Install Poetry
+        run: |
+          pipx install poetry
+          poetry config virtualenvs.path ~/.virtualenvs${{ env.PYTHON_VERSION }}
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: |
+          poetry install -E minify
+
+      - name: Produce the .coverage file
+        run: poetry run coverage run -m pytest
+
+      - name: Coverage comment
+        id: coverage_comment
+        uses: py-cov-action/python-coverage-comment-action@v3
+        with:
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Store Pull Request comment to be posted
+        uses: actions/upload-artifact@v4
+        if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true'
+        with:
+          # If you use a different name, update COMMENT_ARTIFACT_NAME accordingly
+          name: python-coverage-comment-action
+          # If you use a different name, update COMMENT_FILENAME accordingly
+          path: python-coverage-comment-action.txt
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index e8481de2..42c8a279 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -1,51 +1,35 @@
-name: Coverage
+name: Post coverage comment
 
 on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-env:
-  PYTHON_VERSION: 3.11
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
 
 jobs:
-  generate-coverage:
+  test:
+    name: Run tests & display coverage
     runs-on: ubuntu-latest
-
+    if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
+    permissions:
+      # Gives the action the necessary permissions for publishing new
+      # comments in pull requests.
+      pull-requests: write
+      # Gives the action the necessary permissions for editing existing
+      # comments (to avoid publishing multiple comments in the same PR)
+      contents: write
+      # Gives the action the necessary permissions for looking up the
+      # workflow that launched this workflow, and download the related
+      # artifact that contains the comment to be published
+      actions: read
     steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 1
-
-      - name: Install Poetry
-        run: |
-          pipx install poetry
-          poetry config virtualenvs.path ~/.virtualenvs${{ env.PYTHON_VERSION }}
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@v3
+      # DO NOT run actions/checkout here, for security reasons
+      # For details, refer to https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+      - name: Post comment
+        uses: py-cov-action/python-coverage-comment-action@v3
         with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          cache: "poetry"
-
-      - name: Install dependencies
-        run: poetry install -E minify
-
-      - name: Generate coverage badge
-        run: |
-          chmod +x generate_badge.sh
-          ./generate_badge.sh
-
-      - name: Commit and push coverage badge
-        continue-on-error: true
-        env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          git config --global user.name "github-actions[bot]"
-          git config --global user.email "github-actions[bot]@users.noreply.github.com"
-          git checkout -b py-code-coverage || git checkout py-code-coverage
-          git pull origin py-code-coverage
-          git add .
-          git commit -m "Update coverage badge"
-          git push --force origin py-code-coverage
+          GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }}
+          # Update those if you changed the default values:
+          # COMMENT_ARTIFACT_NAME: python-coverage-comment-action
+          # COMMENT_FILENAME: python-coverage-comment-action.txt
diff --git a/pyproject.toml b/pyproject.toml
index ec00f511..ac9d1cb7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -174,6 +174,10 @@ disable_error_code = ["empty-body"]
 module = "decorator"
 ignore_missing_imports = true
 
+[tool.coverage.run]
+branch = true
+relative_files = true
+
 [build-system]
 requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"