diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 081f992..598a585 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,12 +7,9 @@ on:
     workflows: ["Integration Tests"]
     types:
       - completed
-    branches:
-      - main
   push:
     tags:
       - 'v*.*.*'
-      - '*.*.*'
 
 permissions:
   contents: write
@@ -22,8 +19,8 @@ jobs:
   publish-ea:
     if: |
       github.event_name == 'workflow_run' &&
-      github.event.workflow_run.head_branch == 'main' &&
-      github.event.workflow_run.event == 'push'
+      github.event.workflow_run.event == 'push' &&
+      github.event.workflow_run.head_branch == 'main'
     runs-on: ubuntu-latest
     name: Publish EA release to NPM
     steps:
@@ -70,11 +67,8 @@ jobs:
         run: |
           SHORT_SHA=$(git rev-parse --short "${{ github.event.workflow_run.head_sha }}")
           EA_VERSION="${{ steps.current-version.outputs.base-version }}-ea.${SHORT_SHA}"
-          # Temporarily update version for publish
           npm version "$EA_VERSION" --no-git-tag-version
           npm publish --verbose --tag ea --access public --provenance
-          # Restore original version
-          npm version "${{ steps.current-version.outputs.base-version }}" --no-git-tag-version
 
   publish-release:
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
diff --git a/.github/workflows/push-to-registry.yml b/.github/workflows/push-to-registry.yml
index a3585d6..1bf89b2 100644
--- a/.github/workflows/push-to-registry.yml
+++ b/.github/workflows/push-to-registry.yml
@@ -3,12 +3,13 @@
 name: Push to registry
 
 on:
+  workflow_run:
+    workflows: ["Integration Tests"]
+    types:
+      - completed
   push:
-    branches:
-      - main
-      - 'release/*'
     tags:
-      - '*'
+      - 'v*.*.*'
   workflow_dispatch:
 
 env:
@@ -17,6 +18,19 @@ env:
 
 jobs:
   build-and-push:
+    if: |
+      (
+        github.event_name == 'workflow_run' &&
+        github.event.workflow_run.event == 'push' &&
+        github.event.workflow_run.head_branch == 'main'
+      )
+      ||
+      (
+        github.event_name == 'push' &&
+        startsWith(github.ref, 'refs/tags/')
+      )
+      ||
+      github.event_name == 'workflow_dispatch'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -38,19 +52,26 @@ jobs:
       - name: Compile project
         run: npm run compile
 
-      - name: Get package version
-        id: package-version
+      - name: Determine package version
+        id: version
         run: |
-          # Use git tag if available (for tag-triggered builds), otherwise use package.json
-          if [ -n "${{ github.ref_type }}" ] && [ "${{ github.ref_type }}" = "tag" ]; then
-            # Remove 'v' prefix if present (e.g., v1.0.0 -> 1.0.0)
-            VERSION="${{ github.ref_name }}"
-            VERSION="${VERSION#v}"
+          if [ "${GITHUB_EVENT_NAME}" = "push" ] && [[ "${GITHUB_REF}" =~ refs/tags/ ]]; then
+            # Release tag
+            VERSION="${GITHUB_REF#refs/tags/v}"
+            EA_BUILD=false
+          elif [ "${GITHUB_REF}" = "refs/heads/main" ]; then
+            # EA build for main
+            BASE=$(node -p "require('./package.json').version" | sed -E 's/-ea[.-][0-9]+$//')
+            SHORT_SHA=$(git rev-parse --short "${GITHUB_SHA}")
+            VERSION="${BASE}-ea.${SHORT_SHA}"
+            EA_BUILD=true
           else
-            VERSION=$(node -p "require('./package.json').version")
+            echo "Not building image for this branch"
+            exit 0
           fi
+
           echo "version=$VERSION" >> $GITHUB_OUTPUT
-          echo "Package version: $VERSION"
+          echo "ea_build=$EA_BUILD" >> $GITHUB_OUTPUT
 
       - name: Get image metadata
         id: image-meta
@@ -68,14 +89,14 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Extract metadata (tags, labels) for Docker
+      - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=raw,value=latest,enable={{is_default_branch}}
-            type=raw,value=${{ steps.package-version.outputs.version }}
+            type=raw,value=latest,enable=${{ steps.version.outputs.ea_build == 'true' }}
+            type=raw,value=${{ steps.version.outputs.version }}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
diff --git a/docker-image/Dockerfiles/Dockerfile b/docker-image/Dockerfiles/Dockerfile
index 5837821..6e1432d 100644
--- a/docker-image/Dockerfiles/Dockerfile
+++ b/docker-image/Dockerfiles/Dockerfile
@@ -20,7 +20,7 @@ RUN curl -kL https://go.dev/dl/go1.21.5.linux-amd64.tar.gz -o /tmp/golang-packag
 RUN curl -kL https://github.com/jqlang/jq/releases/download/jq-1.8.1/jq-linux64 -o /usr/bin/jq
 
 # Copy RHDA script (before changing WORKDIR)
-COPY docker-image/scripts/rhda.sh /rhda.sh
+COPY docker-image/scripts/trustify-da.sh /trustify-da.sh
 
 # Copy project files and install Exhort javascript API locally
 WORKDIR /app
@@ -38,7 +38,7 @@ RUN chmod +x /usr/jdk-21.0.1/bin/java \
     && chmod +x /usr/bin/jq \
     && chmod +x /app/dist/src/cli.js \
     && chmod +x /app/node_modules/.bin/trustify-da-javascript-client \
-    && chmod +x /rhda.sh
+    && chmod +x /trustify-da.sh
 
 # use default user
 USER default
@@ -91,5 +91,5 @@ COPY --from=builder /usr/bin/jq /usr/bin/jq
 # Copy trustify-da-javascript-client from the builder stage
 COPY --from=builder /app /app
 
-# Copy RHDA executable script from the builder stage
-COPY --from=builder /rhda.sh /rhda.sh
+# Copy trustify-da-javascript-client executable script from the builder stage
+COPY --from=builder /trustify-da.sh /trustify-da.sh
diff --git a/docker-image/scripts/rhda.sh b/docker-image/scripts/trustify-da.sh
similarity index 100%
rename from docker-image/scripts/rhda.sh
rename to docker-image/scripts/trustify-da.sh