diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml
index 792c1323..1af449fb 100644
--- a/.github/actions/publish-image/action.yml
+++ b/.github/actions/publish-image/action.yml
@@ -8,9 +8,6 @@ inputs:
   release_version:
     required: true
     description: The version to build type semver tags from
-  git_ref:
-    required: true
-    description: The git reference to build image from
   no_cache:
     description: Skip using cache when building the image.
     required: false
@@ -52,7 +49,7 @@ runs:
       uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # pin@v5
       id: build-and-export
       with:
-        context: "${{ github.server_url }}/${{ github.repository }}.git#${{ inputs.git_ref }}"
+        context: "."
         load: true
         no-cache: ${{ inputs.no_cache == 'true' }}
         cache-from: type=gha
@@ -81,7 +78,7 @@ runs:
       uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # pin@v5
       id: build-and-push
       with:
-        context: "${{ github.server_url }}/${{ github.repository }}.git#${{ inputs.git_ref }}"
+        context: "."
         push: true
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e90bb067..aaf810ec 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -46,11 +46,6 @@ jobs:
           password: ${{ secrets.QUAY_TOKEN }}
           registry: ${{ env.IMAGE_REGISTRY }}
 
-      - name: Check out
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
-        with:
-          persist-credentials: false
-
       - name: Set up cosign
         uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # pin@v3.5.0
 
@@ -97,6 +92,12 @@ jobs:
           } >> "$GITHUB_ENV"
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      
+      - name: Check out
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
+        with:
+          ref: ${{ env.BUILD_GIT_REF }}
+          persist-credentials: false
 
       - name: Build and Publish the image
         uses: ./.github/actions/publish-image
@@ -105,7 +106,6 @@ jobs:
           image: ${{ env.IMAGE_REGISTRY }}/${{ vars.QUAY_ORG }}/${{ env.IMAGE_NAME }}
           release_version: ${{ env.TAG }}
           no_cache: ${{ env.NO_CACHE }}
-          git_ref: ${{ env.BUILD_GIT_REF }}
           skip_tests: ${{ env.SKIP_TESTS }}
 
       - name: Sign the image with GitHub OIDC Token