diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d7963e0..b712017 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -7,30 +7,26 @@ on:
   workflow_dispatch:
 
 jobs:
-  build_custom_silverblue:
-    name: main
+  build-custom-silverblue:
+    name: Build, sign, then push
     runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write
       id-token: write
-    strategy:
-      fail-fast: false
 
     steps:
-      - name: Checkout repo
+      - name: Checkout
         uses: actions/checkout@v4
       
-      # https://github.com/marketplace/actions/cosign-installer
       - name: Install cosign
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' }}
         uses: sigstore/cosign-installer@v3.6.0
         with:
           cosign-release: 'v2.4.0'
 
-      # Build image using Buildah action
-      - name: Build Image
-        id: build_image
+      - name: Build image
+        id: build
         uses: redhat-actions/buildah-build@v2
         with:
           containerfiles: |
@@ -39,56 +35,35 @@ jobs:
           tags: |
             ${{ github.sha }}
             40
-          oci: false
       
-      - name: Log in to GitHub Container Registry (ghcr.io)
+      - name: Log in to GitHub Container Registry
         uses: redhat-actions/podman-login@v1
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io/${{ github.repository_owner }}
 
-      - name: Push To GitHub Container Registry
+      - name: Push to GitHub Container Registry
         uses: redhat-actions/push-to-registry@v2
         id: push
-        if: github.event_name != 'pull_request'
+        if: ${{ github.event_name != 'pull_request' }}
         with:
-          image: ${{ steps.build_image.outputs.image }}
-          tags: ${{ steps.build_image.outputs.tags }}
+          image: ${{ steps.build.outputs.image }}
+          tags: ${{ steps.build.outputs.tags }}
           registry: ghcr.io/${{ github.repository_owner }}
-          # username: ${{ github.actor }}
-          # password: ${{ github.token }}
-          # extra-args: |
-          #   --disable-content-trust
-
-      # - name: Login to GitHub Container Registry
-      #   uses: docker/login-action@v3
-      #   if: github.event_name != 'pull_request'
-      #   with:
-      #     registry: ghcr.io
-      #     username: ${{ github.actor }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
-      
-      # - name: Copy Podman login to Docker location for Cosign
-      #   if: github.event_name != 'pull_request'
-      #   run: |
-      #     cat /run/containers/0/auth.json > ~/.docker/config.json
 
       - name: Sign the published OCI image
         if: ${{ github.event_name != 'pull_request' }}
         env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          # IMAGE: ghcr.io/${{ github.repository_owner }}/${{ steps.build_image.outputs.regis }}
-          # TAGS: ${{ steps.build_image.outputs.tags }}
           digest: ${{ steps.push.outputs.digest }}
           fully_qualified_image_names_json: ${{ steps.push.registry-paths }} 
-          # SIGSTORE_ID_TOKEN: ${{ GITHUB_TOKEN }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${fully_qualified_image_names_json}" | jq -r '.[]' | xargs -I {} cosign sign --yes "{}@${digest}"
+        run: >
+          echo "${fully_qualified_image_names_json}" 
+          | jq -r '.[]' 
+          | xargs -I {} cosign sign --yes "{}@${digest}"
 
-      - name: Echo outputs
+      - name: Echo outputs for auditing
         if: github.event_name != 'pull_request'
         run: |
           echo "${{ toJSON(steps.push.outputs) }}"
-