diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0854d67..a155edc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,9 @@
 stages:
   - build
 
+variables:
+  COSIGN_PASSWORD: ""
+
 default:
   image: registry.gitlab.com/wunker-bunker/ci-builder
   before_script:
@@ -9,12 +12,13 @@ default:
       IMAGE_DESCRIPTION=$(yq '.description' ./$RECIPE)
       FEDORA_MAJOR_VERSION=$(yq '.fedora-version' ./$RECIPE)
       BASE_IMAGE_URL=$(yq '.base-image' ./$RECIPE)
+      FULL_IMAGE_NAME=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/$IMAGE_NAME
       # Generate a timestamp for creating an image version history
       TIMESTAMP="$(date +%Y%m%d)"
       COMMIT_TAGS=()
       BUILD_TAGS=()
       # Have tags for tracking builds during pull request
-      COMMIT_TAGS+=("pr-${CI_MERGE_REQUEST_IID}-${FEDORA_MAJOR_VERSION}")
+      COMMIT_TAGS+=("mr-${CI_MERGE_REQUEST_IID}-${FEDORA_MAJOR_VERSION}")
       COMMIT_TAGS+=("${CI_COMMIT_SHORT_SHA}-${FEDORA_MAJOR_VERSION}")
 
       BUILD_TAGS=("${FEDORA_MAJOR_VERSION}" "${FEDORA_MAJOR_VERSION}-${TIMESTAMP}")
@@ -46,5 +50,11 @@ build:
         - recipe-desktop.yml
         - recipe-framework.yml
   script:
-    - buildah build --build-arg=RECIPE=$RECIPE --build-arg=FEDORA_MAJOR_VERSION=$FEDORA_MAJOR_VERSION --build-arg BASE_IMAGE_URL=$BASE_IMAGE_URL -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$IMAGE_NAME:${TAGS} .
-    - cosign sign -y --key $SIGNING_SECRET $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$IMAGE_NAME@${TAGS}
\ No newline at end of file
+    - buildah build --build-arg=RECIPE=$RECIPE --build-arg=FEDORA_MAJOR_VERSION=$FEDORA_MAJOR_VERSION --build-arg BASE_IMAGE_URL=$BASE_IMAGE_URL -t $FULL_IMAGE_NAME:${TAGS} .
+    - |
+      for TAG in "${TAGS[@]}"; do
+        buildah tag $FULL_IMAGE_NAME:${TAGS} $FULL_IMAGE_NAME:${TAG}
+      done
+    - buildah push --all $FULL_IMAGE_NAME
+    - DIGEST=$(buildah images --format '{{.Digest}}' $FULL_IMAGE_NAME:$TAGS | head -n 1)
+    - cosign sign -y --key $SIGNING_SECRET $FULL_IMAGE_NAME@$DIGEST
\ No newline at end of file
diff --git a/cosign.pub b/cosign.pub
index f4c464d..af5a961 100644
--- a/cosign.pub
+++ b/cosign.pub
@@ -1,4 +1,4 @@
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4K2T9VlxksEr9vVuFbR5R6RKVSrl
-fOqdOsIjcea0vWt5McZpGp9AraxS7gduJb8x6z5cDxc0GULB08C11q6X+A==
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAyTphXdVzd8Yt5ZK+Hry/xPasjwJ
+EKXoUFZ4ZFvXFAmv9g4QACwx0fpzn8B6qG3b4yj0R0mmaD3bw9sIt8wUzA==
 -----END PUBLIC KEY-----
diff --git a/scripts/pre/setup-kubectl.sh b/scripts/pre/setup-kubectl.sh
index 7ed09c4..9bef272 100644
--- a/scripts/pre/setup-kubectl.sh
+++ b/scripts/pre/setup-kubectl.sh
@@ -2,7 +2,7 @@
 
 set -oue pipefail
 
-cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
+cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
 [kubernetes]
 name=Kubernetes
 baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch