diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
index 7884b7e..298b5d9 100644
--- a/.github/workflows/publish-image.yml
+++ b/.github/workflows/publish-image.yml
@@ -16,10 +16,8 @@ env:
 
 jobs:
   build-and-push-image:
+    permissions: write-all
     runs-on: ubuntu-20.04
-    permissions:
-      contents: read
-      packages: write
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
@@ -39,13 +37,41 @@ jobs:
         with:
           images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
 
+      - name: Create Release
+        if: github.ref == 'refs/heads/main'
+        id: release
+        uses: rymndhng/release-on-push-action@v0.28.0
+        with:
+          bump_version_scheme: 'patch'
+          tag_prefix: 'v'
+          use_github_release_notes: 'true'
+          release_name: 'Release <RELEASE_VERSION>'
+          max_commits: 100 # default is 50
+
+      - id: get-tag
+        name: Get Tag
+        run: |
+          echo "release_tag=${{ endsWith(github.ref, '/main') && steps.release.outputs.tag_name || steps.meta.outputs.version }}" >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: ${{ runner.os }}-buildx-
+
       - name: Build and push Docker image
         uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
         with:
           context: app
           push: true
-          tags: ${{ steps.meta.outputs.tags }}
+          tags: ${{ endsWith(github.ref, '/main') && format('{0}/{1}:{2}', env.GITHUB_REGISTRY, env.IMAGE_NAME, steps.release.outputs.tag_name) || steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
 
       - name: Set env to development
         if: (github.ref == 'refs/heads/dev' && github.event_name == 'push')
@@ -76,16 +102,5 @@ jobs:
           namespace=${{ env.OPENSHIFT_NAMESPACE }}
           helm dep up
           helm upgrade --install --atomic realm-registry . -n ${namespace} \
-          -f values.yaml -f "values-${namespace}.yaml"
+          -f values.yaml -f "values-${namespace}.yaml" --set image.tag="${{ steps.get-tag.outputs.release_tag }}"
         working-directory: ./helm/webapp
-
-      - name: Create Release
-        if: github.ref == 'refs/heads/main'
-        id: release
-        uses: rymndhng/release-on-push-action@v0.28.0
-        with:
-          bump_version_scheme: 'patch'
-          tag_prefix: 'v'
-          use_github_release_notes: 'true'
-          release_name: 'Release <RELEASE_VERSION>'
-          max_commits: 100 # default is 50