diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml
index 8cdb2e4efc..dda51f892c 100644
--- a/.github/workflows/build_image.yml
+++ b/.github/workflows/build_image.yml
@@ -26,9 +26,26 @@ on:
         type: string
         default: 'latest'
         description: 'Image tags (comma-separated)'
+      want_push:
+        required: false
+        type: boolean
+        default: true
+      want_load:
+        required: false
+        type: boolean
+        default: true
+      want_artifact:
+        required: false
+        type: boolean
+        default: false
+      artifact_name:
+        required: false
+        type: string
+        default: 'image.tar'
+
 
 jobs:
-  build-and-push:
+  build-image:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -61,15 +78,30 @@ jobs:
           tags: |
             type=raw,value=${{ inputs.tags }}
 
-      - name: Build and push
+      - name: Build Image
         uses: docker/build-push-action@v5
         with:
           context: .
           file: docker/wesqlscale/Dockerfile.release
           platforms: ${{ inputs.platforms }}
-          push: true
+          push: ${{ inputs.want_push }}
+          load: ${{ inputs.want_load }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-          provenance: false
\ No newline at end of file
+          provenance: false
+
+      - name: Save Docker image
+        if: inputs.want_artifact
+        run: |
+          IMAGE_NAME="${{ steps.meta.outputs.tags }}"
+          docker save $IMAGE_NAME > /tmp/image.tar
+
+      - name: Upload artifact
+        if: inputs.want_artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ inputs.artifact_name }}
+          path: /tmp/image.tar
+          retention-days: 1
\ No newline at end of file
diff --git a/.github/workflows/cluster_endtoend_mtr_docker.yml b/.github/workflows/cluster_endtoend_mtr_docker.yml
index f8ccb3f687..edbf62991e 100644
--- a/.github/workflows/cluster_endtoend_mtr_docker.yml
+++ b/.github/workflows/cluster_endtoend_mtr_docker.yml
@@ -31,8 +31,11 @@ jobs:
       branch: ${{ github.ref }}
       image_name: ${{ github.repository_owner }}/wescale_ci_image
       tags: test-${{ github.sha }}
-      registry: ghcr.io
       platforms: linux/amd64
+      want_push: false
+      want_load: true
+      want_artifact: true
+      artifact_name: 'image.tar'
 
   setup:
     name: "MTR Test - Ubuntu Docker Cluster"
@@ -61,6 +64,17 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
+      - name: Download Docker image
+        uses: actions/download-artifact@v3
+        with:
+          name: image.tar
+          path: /tmp
+
+      - name: Load Docker image
+        run: |
+          docker load < /tmp/image.tar
+          echo "Verifying image loaded:"
+          docker images
 
       - name: Set up cluster
         run: |
@@ -121,39 +135,4 @@ jobs:
           fi
       - name: Print Wescale logs
         run: |
-          docker logs wescale
-
-      - name: Clean up
-        if: always()
-        run: |
-          TOKEN="${{ github.token }}"
-          OWNER="${{ github.repository_owner }}"
-          PACKAGE_NAME="${{ env.IMAGE_NAME }}"
-          TAG="${{ env.IMAGE_TAG }}"
-
-          VERSIONS_JSON=$(curl -s \
-            -H "Authorization: Bearer $TOKEN" \
-            -H "Accept: application/vnd.github+json" \
-            "https://api.github.com/orgs/$OWNER/packages/container/$PACKAGE_NAME/versions")
-
-          PACKAGE_VERSION_ID=$(echo "$VERSIONS_JSON" | jq -r ".[] | select(.metadata.container.tags[] | contains(\"$TAG\")) | .id")
-
-          if [ ! -z "$PACKAGE_VERSION_ID" ]; then
-            echo "Found image version ID: $PACKAGE_VERSION_ID"
-
-            DELETE_RESPONSE=$(curl -X DELETE -s -H "Authorization: Bearer $TOKEN" \
-              -H "Accept: application/vnd.github+json" \
-              "https://api.github.com/orgs/$OWNER/packages/container/$PACKAGE_NAME/versions/$PACKAGE_VERSION_ID")
-
-            if [ -z "$DELETE_RESPONSE" ]; then
-              echo "✅ Successfully deleted image version: $PACKAGE_VERSION_ID"
-            else
-              echo "❌ Failed to delete image version. Response: $DELETE_RESPONSE"
-              exit 1
-            fi
-          else
-            echo "❌ Could not find image version with tag: $TAG"
-            echo "Available versions:"
-            echo "$VERSIONS_JSON" | jq -r '.[].names'
-            exit 1
-          fi
\ No newline at end of file
+          docker logs wescale
\ No newline at end of file
diff --git a/.github/workflows/pick-and-release.yaml b/.github/workflows/pick-and-release.yaml
index 7502867d2e..363262753e 100644
--- a/.github/workflows/pick-and-release.yaml
+++ b/.github/workflows/pick-and-release.yaml
@@ -10,6 +10,11 @@ jobs:
     if: github.event.issue.pull_request != null && contains(github.event.comment.body, '/pick-and-release')
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
@@ -25,6 +30,8 @@ jobs:
 
       - name: Add Tag to Target Branch
         id: add_tag
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           COMMENT="${{ github.event.comment.body }}"
           TARGET_BRANCH=$(echo "$COMMENT" | awk '{print $2}')
@@ -72,6 +79,8 @@ jobs:
             --body "🤖 says: tagged branch $TARGET_BRANCH with $TAG_NAME successfully."
 
       - name: Trigger Image Release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           TAG_NAME="${{ steps.add_tag.outputs.tag_name }}"