diff --git a/.github/workflows/nightly-docker-build.yaml b/.github/workflows/nightly-docker-build.yaml
index 0b9d7c1b524..d9818390d22 100644
--- a/.github/workflows/nightly-docker-build.yaml
+++ b/.github/workflows/nightly-docker-build.yaml
@@ -1,9 +1,12 @@
 name: Nighly Docker Build
 
 on:
-  schedule:
-    - cron: '15 22 * * 1-5'  # 22:15 UTC, Monday through Friday
-  workflow_dispatch:
+  # schedule:
+  #   - cron: '15 22 * * 1-5'  # 22:15 UTC, Monday through Friday
+  # workflow_dispatch:
+  push:
+    branches-ignore:
+      - "master"
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -44,6 +47,14 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+
+          
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5.3.0
+        with:
+          images: ghcr.io/${{ github.repository }}:dev
+
       - name: Build and push
         uses: docker/build-push-action@v2
         with:
@@ -51,5 +62,25 @@ jobs:
           file: ./Dockerfile-offline
           # build-args: 
           platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ghcr.io/${{ github.repository }}:nightly
+          push: false
+          # tags: ghcr.io/${{ github.repository }}:nightly
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+
+      - uses: sigstore/cosign-installer@main
+
+      - name: Get signing key
+        run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key
+
+      - name: Container Signing
+        run: |
+          cosign sign --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}" \
+            -a "owner=Spectro Cloud" \
+            ${{ steps.meta.outputs.tags }}
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+
diff --git a/cosign.key b/cosign.key
new file mode 100644
index 00000000000..c74aca521c1
--- /dev/null
+++ b/cosign.key
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED SIGSTORE PRIVATE KEY-----
+eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjo2NTUzNiwiciI6
+OCwicCI6MX0sInNhbHQiOiJRNksxaW1abkR3QmZkeFJldENRV2IwOTdsLy9ROHdh
+M1BRcFhWZitMR2YwPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94
+Iiwibm9uY2UiOiJXcWpTZmxLQWxPT2FudU14eG0wQm9vYnZVWU1nQW8zaiJ9LCJj
+aXBoZXJ0ZXh0IjoiRDBoUUM1MDBsdUFqVndOUkhoUkh0d2lPWUtuR08ya1h4MFI3
+YllrczkzQTA1YWlDaWFWTTRzUGQ4cGUvdS9uTm5MSmxyL2YzdlkrYzdBdVJ3b2dq
+RWg1UTIzUGJ2eUJIaWoxNUc0REVBdWdIUnNWUDdHQmR5UWEvWU10Vmozdm9mSzVr
+V2VvSVhWS2p1NEI1MDZ6MVBUYi9NTEhETEYyVFgvODVxSVQyck5YNXRyS2dWS245
+Lzk1TzdVUXlGN2pRRmNzTkFpMkpaVkJiVmc9PSJ9
+-----END ENCRYPTED SIGSTORE PRIVATE KEY-----
diff --git a/cosign.pub b/cosign.pub
new file mode 100644
index 00000000000..7be6f7b62d5
--- /dev/null
+++ b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtCnsM75A7+LkOXh3K/VQ9rDEq3ce
+HIV3za5vbmuv+14JBceGx78eJl2o0LJHN/BZPBRa2q7p1Y4imxmeYWUDvg==
+-----END PUBLIC KEY-----