diff --git a/.github/workflows/deny-test.yml b/.github/workflows/deny-test.yml
new file mode 100644
index 00000000000..fdafbde6c9f
--- /dev/null
+++ b/.github/workflows/deny-test.yml
@@ -0,0 +1,131 @@
+name: Deny check for EC-CUBE
+on:
+  push:
+    branches:
+      - '*'
+    tags:
+      - '*'
+    paths:
+      - '**'
+      - '!*.md'
+  pull_request:
+    paths:
+      - '**'
+      - '!*.md'
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:11
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: password
+        ports:
+          - 5432:5432
+        # needed because the postgres container does not provide a healthcheck
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@master
+
+      - name: Setup PHP
+        uses: nanasess/setup-php@master
+        with:
+          php-version: '7.3'
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - uses: actions/cache@v1
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Install to Composer
+        run: composer install --no-scripts --no-dev --no-interaction --optimize-autoloader
+
+      - name: Translate to templates
+        run: php bin/template_jp.php
+
+      - name: Setup to EC-CUBE
+        env:
+          APP_ENV: 'prod'
+          DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db
+          DATABASE_SERVER_VERSION: 11
+        run: |
+          rm -rf $GITHUB_WORKSPACE/app/Plugin/*
+          echo "APP_ENV=${APP_ENV}" > .env
+          bin/console doctrine:database:create --env=dev
+          bin/console doctrine:schema:create --env=dev
+          bin/console eccube:fixtures:load --env=dev
+
+      - name: Install Plugins
+        env:
+          APP_ENV: 'prod'
+          DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db
+          DATABASE_SERVER_VERSION: 11
+        run: |
+          bin/console eccube:composer:require "ec-cube/recommend4"
+          bin/console eccube:composer:require "ec-cube/coupon4"
+          bin/console eccube:composer:require "ec-cube/mailmagazine4"
+          bin/console eccube:composer:require "ec-cube/salesreport4"
+          bin/console eccube:composer:require "ec-cube/relatedproduct4"
+          bin/console eccube:composer:require "ec-cube/securitychecker4"
+          bin/console eccube:composer:require "ec-cube/productreview4"
+          bin/console eccube:composer:require "ec-cube/api"
+          bin/console eccube:composer:require "ec-cube/sitekit"
+          bin/console eccube:composer:require "ec-cube/gmc"
+
+      - name: Pre Install Plugins
+        env:
+          PGPASSWORD: 'password'
+        run: psql eccube_db -h 127.0.0.1 -U postgres -c "select id,name,code,0 as enabled,version,source,0 as initialized,'2021-08-13 00:00:00' as create_date,'2021-08-13 00:00:00' as update_date,discriminator_type from dtb_plugin;" -A -F, --pset footer > src/Eccube/Resource/doctrine/import_csv/ja/dtb_plugin.csv
+
+      - name: Packaging
+        working-directory: ../
+        run: ${{ github.event.repository.name }}/package.sh
+
+      - name: Build Container
+        run: docker build -t ec-cube --build-arg SKIP_INSTALL_SCRIPT_ON_DOCKER_BUILD=true .
+
+      - name: Container Run
+        run: |
+          docker run --rm -d -p 8080:80 --name eccube ec-cube
+          docker cp ../eccube.tar.gz eccube:/tmp/
+          docker exec -w /tmp eccube bash -c "rm -rf /var/www/html; tar xf /tmp/eccube.tar.gz -C /var/www; mv /var/www/ec-cube /var/www/html; chown -R www-data: /var/www/html"
+          docker exec -e DATABASE_URL="sqlite:///var/eccube.db" -e DATABASE_SERVER_VERSION=3 -u www-data eccube bin/console eccube:install -n
+
+      - name: setup-chromedriver
+        uses: nanasess/setup-chromedriver@master
+
+      - name: Prepare test
+        run: |
+          export DISPLAY=:99
+          chromedriver --url-base=/wd/hub &
+          echo ">>> Started chrome-driver"
+          sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
+          echo ">>> Started xvfb"
+          composer install --no-scripts --no-interaction --optimize-autoloader
+          echo "modules:
+              enabled:
+              - REST:
+                  depends: PhpBrowser
+                  url: 'http://127.0.0.1:8080'
+              config:
+                  WebDriver:
+                      host: '127.0.0.1'
+                      port: 9515
+                      url: 'http://127.0.0.1:8080'" > codeception/_envs/local.yml
+
+      - name: Run tests
+        env:
+          APP_ENV: 'codeception'
+          DATABASE_URL: postgres://postgres:password@127.0.0.1:5432/eccube_db
+          DATABASE_SERVER_VERSION: 11
+        run: |
+          vendor/bin/codecept -vvv run acceptance --env chrome,local CL01DenyCest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index a748febbacf..71d9bc33966 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -4,7 +4,7 @@ on:
     types: [ published ]
 jobs:
   deploy:
-    name: Deploy
+    name: Deny Check
     runs-on: ubuntu-18.04
     services:
       postgres:
@@ -80,47 +80,7 @@ jobs:
         working-directory: ../
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
-          REPOSITORY_NAME: ${{ github.event.repository.name }}
-          PATH_NAME: eccube-${{ github.event.release.tag_name }}
-        run: |
-          rm -rf $GITHUB_WORKSPACE/.editorconfig
-          rm -rf $GITHUB_WORKSPACE/.gitignore
-          rm -rf $GITHUB_WORKSPACE/.buildpath
-          rm -rf $GITHUB_WORKSPACE/.gitmodules
-          rm -rf $GITHUB_WORKSPACE/.php_cs.dist
-          rm -rf $GITHUB_WORKSPACE/phpunit.xml.dist
-          rm -rf $GITHUB_WORKSPACE/phpstan.neon.dist
-          rm -rf $GITHUB_WORKSPACE/app.json
-          rm -rf $GITHUB_WORKSPACE/Procfile
-          rm -rf $GITHUB_WORKSPACE/LICENSE.txt
-          rm -rf $GITHUB_WORKSPACE/README.md
-          rm -rf $GITHUB_WORKSPACE/codeception.yml
-          rm -rf $GITHUB_WORKSPACE/var/*
-          rm -rf $GITHUB_WORKSPACE/.env
-          rm -rf $GITHUB_WORKSPACE/codeception
-          rm -rf $GITHUB_WORKSPACE/tests
-          rm -rf $GITHUB_WORKSPACE/.github
-          rm -rf $GITHUB_WORKSPACE/zap
-          rm -rf $GITHUB_WORKSPACE/docker-compose.owaspzap.yml
-          find $GITHUB_WORKSPACE -name "dummy" -print0 | xargs -0 rm -rf
-          find $GITHUB_WORKSPACE -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
-          find $GITHUB_WORKSPACE -name ".git*" -type d -print0 | xargs -0 rm -rf
-
-          echo "set permissions..."
-          chmod -R o+w $GITHUB_WORKSPACE
-
-          echo "complession files..."
-          mv $REPOSITORY_NAME $PATH_NAME
-          tar czfp eccube-$TAG_NAME.tar.gz $PATH_NAME
-          zip -ry eccube-$TAG_NAME.zip $PATH_NAME 1> /dev/null
-          md5sum eccube-$TAG_NAME.tar.gz | awk '{ print $1 }' > eccube-$TAG_NAME.tar.gz.checksum.md5
-          md5sum eccube-$TAG_NAME.zip | awk '{ print $1 }' > eccube-$TAG_NAME.zip.checksum.md5
-          sha1sum eccube-$TAG_NAME.tar.gz | awk '{ print $1 }' > eccube-$TAG_NAME.tar.gz.checksum.sha1
-          sha1sum eccube-$TAG_NAME.zip | awk '{ print $1 }' > eccube-$TAG_NAME.zip.checksum.sha1
-          sha256sum eccube-$TAG_NAME.tar.gz | awk '{ print $1 }' > eccube-$TAG_NAME.tar.gz.checksum.sha256
-          sha256sum eccube-$TAG_NAME.zip | awk '{ print $1 }' > eccube-$TAG_NAME.zip.checksum.sha256
-          mv $PATH_NAME $REPOSITORY_NAME
-          ls -al
+        run: ${{ github.event.repository.name }}/package.sh
 
       - name: Upload binaries to release of TGZ
         uses: svenstaro/upload-release-action@v1-release
diff --git a/package.sh b/package.sh
new file mode 100755
index 00000000000..0cde1393239
--- /dev/null
+++ b/package.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+set -o errexit
+
+declare -r CURRENT_DIR=$PWD
+declare -r TEMP_DIR="$(mktemp -d)"
+declare -r WORKSPACE=$TEMP_DIR/ec-cube
+declare -r PACKAGE_SUFFIX=${TAG_NAME:+-${TAG_NAME}}
+
+cp -a $(dirname $0) $WORKSPACE
+
+rm -rf $WORKSPACE/.editorconfig
+rm -rf $WORKSPACE/.gitignore
+rm -rf $WORKSPACE/.buildpath
+rm -rf $WORKSPACE/.gitmodules
+rm -rf $WORKSPACE/.php_cs.dist
+rm -rf $WORKSPACE/phpunit.xml.dist
+rm -rf $WORKSPACE/phpstan.neon.dist
+rm -rf $WORKSPACE/app.json
+rm -rf $WORKSPACE/Procfile
+rm -rf $WORKSPACE/LICENSE.txt
+rm -rf $WORKSPACE/README.md
+rm -rf $WORKSPACE/codeception.yml
+rm -rf $WORKSPACE/app/Plugin/*
+rm -rf $WORKSPACE/codeception
+rm -rf $WORKSPACE/tests
+rm -rf $WORKSPACE/.github
+rm -rf $WORKSPACE/zap
+rm -rf $WORKSPACE/docker-compose-owaspzap.yml
+rm -rf $WORKSPACE/package.sh
+find $WORKSPACE -name "dummy" -print0 | xargs -0 rm -rf
+find $WORKSPACE -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
+find $WORKSPACE -name ".git*" -type d -print0 | xargs -0 rm -rf
+
+echo "set permissions..."
+chmod -R o+w $WORKSPACE
+
+echo "complession files..."
+(cd $TEMP_DIR; tar --preserve-permissions -czf ${CURRENT_DIR}/eccube${PACKAGE_SUFFIX}.tar.gz ec-cube)
+(cd $TEMP_DIR; zip -ry ${CURRENT_DIR}/eccube${PACKAGE_SUFFIX}.zip ec-cube 1> /dev/null)
+md5sum eccube${PACKAGE_SUFFIX}.tar.gz | awk '{ print $1 }' > eccube${PACKAGE_SUFFIX}.tar.gz.checksum.md5
+md5sum eccube${PACKAGE_SUFFIX}.zip | awk '{ print $1 }' > eccube${PACKAGE_SUFFIX}.zip.checksum.md5
+sha1sum eccube${PACKAGE_SUFFIX}.tar.gz | awk '{ print $1 }' > eccube${PACKAGE_SUFFIX}.tar.gz.checksum.sha1
+sha1sum eccube${PACKAGE_SUFFIX}.zip | awk '{ print $1 }' > eccube${PACKAGE_SUFFIX}.zip.checksum.sha1
+sha256sum eccube${PACKAGE_SUFFIX}.tar.gz | awk '{ print $1 }' > eccube${PACKAGE_SUFFIX}.tar.gz.checksum.sha256
+sha256sum eccube${PACKAGE_SUFFIX}.zip | awk '{ print $1 }' > eccube${PACKAGE_SUFFIX}.zip.checksum.sha256
+
+ls -al