diff --git a/.github/workflows/acceptance-test.yaml b/.github/workflows/acceptance-test.yaml
new file mode 100644
index 0000000..327ebc2
--- /dev/null
+++ b/.github/workflows/acceptance-test.yaml
@@ -0,0 +1,34 @@
+name: acceptance-test
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - .github/workflows/acceptance-test.yaml
+      - acceptance_test/**
+  push:
+    branches:
+      - master
+    paths:
+      - .github/workflows/acceptance-test.yaml
+      - acceptance_test/**
+
+jobs:
+  test-makefile:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          go-version-file: go.mod
+          cache-dependency-path: go.sum
+      - run: make -C acceptance_test check
+      - run: make -C acceptance_test
+        env:
+          OIDC_ISSUER_URL: https://accounts.google.com
+          OIDC_CLIENT_ID: REDACTED.apps.googleusercontent.com
+          YOUR_EMAIL: REDACTED@gmail.com
+      - run: make -C acceptance_test delete-cluster
+      - run: make -C acceptance_test clean
diff --git a/acceptance_test/Makefile b/acceptance_test/Makefile
index 06f0cb2..d85dc87 100644
--- a/acceptance_test/Makefile
+++ b/acceptance_test/Makefile
@@ -4,33 +4,38 @@ OUTPUT_DIR := $(CURDIR)/output
 KUBECONFIG := $(OUTPUT_DIR)/kubeconfig.yaml
 export KUBECONFIG
 
-# create a Kubernetes cluster
 .PHONY: cluster
 cluster:
-	# create a cluster
+	# Create a cluster.
 	mkdir -p $(OUTPUT_DIR)
 	sed -e "s|OIDC_ISSUER_URL|$(OIDC_ISSUER_URL)|" -e "s|OIDC_CLIENT_ID|$(OIDC_CLIENT_ID)|" cluster.yaml > $(OUTPUT_DIR)/cluster.yaml
 	kind create cluster --name $(CLUSTER_NAME) --config $(OUTPUT_DIR)/cluster.yaml
-	# set up access control
+
+	# Set up the access control.
 	kubectl create clusterrole cluster-readonly --verb=get,watch,list --resource='*.*'
 	kubectl create clusterrolebinding cluster-readonly --clusterrole=cluster-readonly --user=$(YOUR_EMAIL)
-	# set up kubectl
+
+	# Set up kubectl.
 	kubectl config set-credentials oidc \
-		--exec-api-version=client.authentication.k8s.io/v1beta1 \
+		--exec-api-version=client.authentication.k8s.io/v1 \
+		--exec-interactive-mode=Never \
 		--exec-command=$(CURDIR)/../kubelogin \
 		--exec-arg=get-token \
 		--exec-arg=--token-cache-dir=$(OUTPUT_DIR)/token-cache \
 		--exec-arg=--oidc-issuer-url=$(OIDC_ISSUER_URL) \
 		--exec-arg=--oidc-client-id=$(OIDC_CLIENT_ID) \
-		--exec-arg=--oidc-client-secret=$(OIDC_CLIENT_SECRET) \
 		--exec-arg=--oidc-extra-scope=email
-	# switch the default user
+
+	# Switch the default user.
 	kubectl config set-context --current --user=oidc
 
-# clean up the resources
+	# Show the kubeconfig.
+	kubectl config view
+
 .PHONY: clean
 clean:
 	-rm -r $(OUTPUT_DIR)
+
 .PHONY: delete-cluster
 delete-cluster:
 	kind delete cluster --name $(CLUSTER_NAME)
diff --git a/acceptance_test/README.md b/acceptance_test/README.md
index 7e90e11..f1ca191 100644
--- a/acceptance_test/README.md
+++ b/acceptance_test/README.md
@@ -1,16 +1,14 @@
 # kubelogin/acceptance_test
 
-This is a manual test for verifying Kubernetes OIDC authentication with your OIDC provider.
-
+This is a manual test to verify if the Kubernetes OIDC authentication works with your OIDC provider.
 
 ## Purpose
 
 This test checks the following points:
 
-1. You can set up your OIDC provider using [setup guide](../docs/setup.md).
+1. You can set up your OIDC provider using the [setup guide](../docs/setup.md).
 1. The plugin works with your OIDC provider.
 
-
 ## Getting Started
 
 ### Prerequisite
@@ -22,7 +20,7 @@ make -C ..
 ```
 
 You need to set up your provider.
-See [setup guide](../docs/setup.md) for more.
+See the [setup guide](../docs/setup.md) for more.
 
 You need to install the following tools:
 
@@ -44,7 +42,6 @@ For example, you can create a cluster with Google account authentication.
 ```sh
 make OIDC_ISSUER_URL=https://accounts.google.com \
   OIDC_CLIENT_ID=REDACTED.apps.googleusercontent.com \
-  OIDC_CLIENT_SECRET=REDACTED \
   YOUR_EMAIL=REDACTED@gmail.com
 ```
 
diff --git a/system_test/README.md b/system_test/README.md
index 25b297b..58fca40 100644
--- a/system_test/README.md
+++ b/system_test/README.md
@@ -2,12 +2,11 @@
 
 This is an automated test for verifying behavior of the plugin with a real Kubernetes cluster and OIDC provider.
 
-
 ## Purpose
 
 This test checks the following points:
 
-1. User can set up Kubernetes OIDC authentication using [setup guide](../docs/setup.md).
+1. User can set up Kubernetes OIDC authentication using the [setup guide](../docs/setup.md).
 1. User can log in to an OIDC provider on a browser.
 1. User can access the cluster using a token returned from the plugin.
 
@@ -18,7 +17,6 @@ It depends on the following components:
 - Browser (Chrome)
 - kubectl command
 
-
 ## How it works
 
 Let's take a look at the diagram.
@@ -45,7 +43,6 @@ It performs the test by the following steps:
 1. kube-apiserver verifies the token by Dex.
 1. Check if kubectl exited with code 0.
 
-
 ## Run locally
 
 You need to set up the following components:
@@ -80,7 +77,6 @@ make terminate
 make clean
 ```
 
-
 ## Technical consideration
 
 ### Network and DNS
diff --git a/system_test/cluster/Makefile b/system_test/cluster/Makefile
index 2e8fc28..5037e67 100644
--- a/system_test/cluster/Makefile
+++ b/system_test/cluster/Makefile
@@ -8,13 +8,16 @@ export KUBECONFIG
 cluster:
 	cp $(CERT_DIR)/ca.crt /tmp/kubelogin-system-test-dex-ca.crt
 	kind create cluster --name $(CLUSTER_NAME) --config cluster.yaml
-	# add the Dex container IP to /etc/hosts
+
+	# Add the Dex container IP to /etc/hosts.
 	docker inspect -f '{{.NetworkSettings.Networks.kind.IPAddress}}' dex-server | sed -e 's,$$, dex-server,' | \
 		docker exec -i $(CLUSTER_NAME)-control-plane tee -a /etc/hosts
-	# wait for kube-apiserver oidc initialization
-	# (oidc authenticator will retry oidc discovery every 10s)
+
+	# Wait for kube-apiserver oidc initialization.
+	# oidc authenticator will retry oidc discovery every 10s.
 	sleep 10
-	# add the cluster role
+
+	# Add the cluster role.
 	kubectl create clusterrole cluster-readonly --verb=get,watch,list --resource='*.*'
 	kubectl create clusterrolebinding cluster-readonly --clusterrole=cluster-readonly --user=admin@example.com
 
diff --git a/system_test/dex/Makefile b/system_test/dex/Makefile
index 2741856..1289238 100644
--- a/system_test/dex/Makefile
+++ b/system_test/dex/Makefile
@@ -2,15 +2,18 @@ CERT_DIR := ../cert
 
 .PHONY: dex
 dex: dex.yaml
-	# wait for kind network
-	while true; do if docker network inspect kind; then break; fi; sleep 1; done
-	# create a container
+	# Wait for kind network.
+	until docker network inspect kind; do sleep 1; done
+
+	# Create a container.
 	docker create -q --name dex-server -p 10443:10443 --network kind ghcr.io/dexidp/dex:v2.39.0 dex serve /dex.yaml
-	# deploy the config
+
+	# Deploy the config.
 	docker cp $(CERT_DIR)/server.crt dex-server:/
 	docker cp $(CERT_DIR)/server.key dex-server:/
 	docker cp dex.yaml dex-server:/
-	# start the container
+
+	# Start the container.
 	docker start dex-server
 	docker logs dex-server