diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5a1f4dd448a9abcc23927ed5b896ee3f47b26b29..264a71152ec406fc6bd47c1950593d3d939508d7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,7 +15,7 @@ variables:
 
 .deploy:
   image:
-    name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.6.6'
+    name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.9.8'
     # default entrypoint is terraform command, but we want to run shell scripts
     entrypoint: ['/bin/sh', '-c']
   variables:
@@ -74,7 +74,8 @@ build_docker:
   needs: ['cache_lint_test']
   image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/docker:27'
   services:
-    - 'docker:27-dind'
+    - name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/docker:27-dind'
+      alias: 'docker'
   variables:
     # this could be fetched via terraform output ("gcr_location" in infra project), but then we would need an extra job for terraform
     GCR_IMAGE: europe-north1-docker.pkg.dev/holi-shared/docker/holi-notifications-api
@@ -110,7 +111,7 @@ review_smoketest:
 review_destroy:
   needs: ['review_deploy']
   image:
-    name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.6.6'
+    name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.9.8'
     # default entrypoint is terraform command, but we want to run shell scripts
     entrypoint: ['/bin/sh', '-c']
   variables:
diff --git a/.terraform-version b/.terraform-version
index 9c6d6293b1a8f448def89c2d5bfa63b89a24e0cc..66beabb5795e7441046623a209a2c48f22e7d20a 100644
--- a/.terraform-version
+++ b/.terraform-version
@@ -1 +1 @@
-1.6.1
+1.9.8
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000000000000000000000000000000000000..1b5edb9fd8a40cf141e158f23c1a5c8ff7535469
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,21 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":configMigration",
+    ":label('renovatebot')",
+    ":enableVulnerabilityAlertsWithLabel('renovatebot/security')",
+    ":semanticCommits",
+    ":automergePatch",
+    ":automergeTesters",
+    ":automergeLinters"
+  ],
+  "packageRules": [
+    {
+      "matchSourceUrls": [
+        "https://github.com/hashicorp/terraform"
+      ],
+      "groupName": "terraform"
+    }
+  ]
+}
diff --git a/terraform/environments/scripts/create-or-update-env.sh b/terraform/environments/scripts/create-or-update-env.sh
index 89d2951406f8c790079204b1a0fe0d1308130939..0a0e9df84968a168a5b6416f31f29335fa8c333c 100755
--- a/terraform/environments/scripts/create-or-update-env.sh
+++ b/terraform/environments/scripts/create-or-update-env.sh
@@ -13,6 +13,6 @@ TAG=$2
 
 TF_LOG_PATH=terraform-init.log terraform init
 TF_LOG_PATH=terraform-version.log terraform version
-TF_LOG_PATH=terraform-workspace.log terraform workspace new "$WORKSPACE" || terraform workspace select "$WORKSPACE"
+TF_LOG_PATH=terraform-workspace.log terraform workspace select -or-create=true "$WORKSPACE"
 TF_LOG_PATH=terraform-plan.log terraform plan -var="image_tag=$TAG" -out plan -no-color | tee tfplan.plain
 TF_LOG_PATH=terraform-apply.log terraform apply -auto-approve -parallelism=50 plan
\ No newline at end of file