diff --git a/.github/workflows/ucm-docker-image.yaml b/.github/workflows/ucm-docker-image.yaml
index 26cbe66141..634d509b84 100644
--- a/.github/workflows/ucm-docker-image.yaml
+++ b/.github/workflows/ucm-docker-image.yaml
@@ -16,15 +16,47 @@ on:
         required: false
         default: false
 
+  push:
+    branches:
+      - cp/test-ucm-docker-image
+
 jobs:
   docker-image:
     name: Build and push ucm docker image
     runs-on: ubuntu-20.04
+
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      # Allow uploading the docker image to the container registry
+      packages: write
+      # Allow creating and updating the artifact attestation
+      attestations: write
+      # Required to get user information for building attestations
+      id-token: write
+
+    env:
+      container_registry: ghcr.io
+      docker_image_name: ${{ github.repository }}
+
+
     steps:
+      - uses: actions/checkout@v4
+
       - name: Download ucm executable and ucm UI
         uses: actions/download-artifact@v4
         with:
-          path: /tmp/ucm
+          name: bundle-linux
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: 8975410616
+          path: ./tmp/downloads
+
+      - name: Unpack ucm bundle tar
+        run: |
+          ls -lah ./tmp/downloads
+          mkdir -p ./tmp/ucm
+          tar -xvf ./tmp/downloads/ucm-*.tar.gz -C ./tmp/ucm
+          ls -lah ./tmp/ucm
 
       # Configure Docker's builder,
       # This seems necessary to support docker cache layers.
@@ -49,15 +81,13 @@ jobs:
             # We tag latest manually below.
             latest=false
           tags: |
-            type=schedule,pattern={{date 'YYYY-MM-DD'}}
-            type=raw,value=v${{ inputs.version }},enable=${{ github.event.inputs.is_release }}
+            type=schedule
+            type=raw,value=v0.5.19,enable=true
             type=ref,event=tag
-            type=ref,event=push
             type=sha,format=long
-            type=raw,tag=${{ inputs.image_tag }}
             # set latest tag for pushes to trunk
-            type=raw,value=latest,enable=${{ github.event.inputs.is_release }}
-            type=raw,value=nightly,enable=${{ !github.event.inputs.is_release }}
+            type=raw,value=latest,enable=true
+            type=raw,value=nightly,enable=false
 
 
       # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
@@ -67,7 +97,8 @@ jobs:
         id: push
         uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
         with:
-          context: ./docker/
+          context: ./
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}