diff --git a/.github/workflows/docker-cd.yml b/.github/workflows/docker-cd.yml
index 5aac0f503..5f00a79b1 100644
--- a/.github/workflows/docker-cd.yml
+++ b/.github/workflows/docker-cd.yml
@@ -1,7 +1,6 @@
 name: CD - Publish Docker image on ghcr.io
 
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
+# cos
 # separate terms of service, privacy policy, and support
 # documentation.
 
@@ -38,33 +37,39 @@ jobs:
 
       - name: Install Cosign
         uses: sigstore/cosign-installer@v3.5.0
+        # with:
+        #   cosign-release: 'v2.2.4' # optional
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2.2.0
+        uses: docker/setup-qemu-action@v3.2.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2.10.0
+        uses: docker/setup-buildx-action@v3.5.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.3.0
         with:
-          registry: ghcr.io
+          registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - id: docker_meta
         uses: docker/metadata-action@v4.6.0
         with:
-          images: ghcr.io/sigstore/sample-honk
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: type=sha,format=long
 
       - name: Build and Push container images
-        uses: docker/build-push-action@v4.2.1
+        uses: docker/build-push-action@v6.5.0
         id: build-and-push
         with:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          # outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.description'] }}
 
       # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
       - name: Sign image with a key
diff --git a/cosign.pub b/cosign.pub
new file mode 100644
index 000000000..bfb0a6de3
--- /dev/null
+++ b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/6fPQhwVsFvcfGtSFBIwdHbTxkF3
+KaNOdpXBpmyrM/y1TM5YgTYl5mVq7km/LPukbXslcrVX1dT5H+FUP6+onQ==
+-----END PUBLIC KEY-----