diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index c46822c..8ff9b30 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,14 +1,20 @@
 name: Docker
 
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
 on:
   schedule:
     - cron: '27 4 * * 1'
   push:
     branches: [ "main" ]
     # Publish semver tags as releases.
-    tags: [ 'latest' ]
+    tags: [ 'latest']
   pull_request:
     branches: [ "main"]
+    tags: [ 'latest']
 
 env:
   # Use docker.io for Docker Hub if empty
@@ -16,6 +22,7 @@ env:
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
 
+
 jobs:
   build:
 
@@ -72,7 +79,7 @@ jobs:
           context: .
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
-          tags: don-swanson/postfix:latest
+          tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -86,7 +93,7 @@ jobs:
         if: ${{ github.event_name != 'pull_request' }}
         env:
           # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: don-swanson/postfix:latest
+          TAGS: ${{ steps.meta.outputs.tags }}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.