diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4e4112341199ac50a7b39d5251a204751b253971..d26690728055b51a427dddd188fc058f05e9fe02 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -198,61 +198,41 @@ test:
       - playwright-report/
       - test-results/i
 
-nginx-docker-push:
-  image: docker:latest
-  stage: release
-  variables:
-    NGINX_IMAGE_NAME: 'autoradio/nginx-unprivileged-certbot'
-  services:
-    - docker:dind
-  before_script:
-    - docker pull nginxinc/nginx-unprivileged:1.25
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
-  script:
-    - docker build -t $NGINX_IMAGE_NAME -t $CI_REGISTRY_IMAGE:nginx-unprivileged-certbot ./nginx/
-    - docker push $CI_REGISTRY_IMAGE:nginx-unprivileged-certbot
-
-dashboard-docker-push:
+docker-push:
   # Use the official docker image.
   image: docker:latest
   stage: release
   variables:
     # the name of the image without version
-    AURA_IMAGE_NAME: 'autoradio/dashboard'
+    AURA_IMAGE_NAME: "autoradio/dashboard"
   services:
     - docker:dind
-  before_script:
-    # on a feature branch will login to gitlab registry
-    # else to docker hub
-    # hint: feature branches must begin with "feat"
-    - |
-      if expr "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" : ^feat > /dev/null
-        then docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
-      else docker login -u "$DOCKER_ID" -p "$DOCKER_HUB_AUTH"
-      fi
   script:
     # every commit on main branch should build and push image as unstable
-    # elseif its a feature branch build and push to gitlab registry
+    # elseif its a protected branch and push to gitlab registry
     # else it is from a tag (enforced by gitlab-ci rules)
     # hint: tags are references independent of branches
     # hint: feature branches must begin with "feat"
     - |
       if [ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]
-        then docker build -t $AURA_IMAGE_NAME:unstable .
-        docker push $AURA_IMAGE_NAME:unstable 
-      elif expr "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" : ^feat > /dev/null
-        then docker build -t $AURA_IMAGE_NAME -t $CI_REGISTRY_IMAGE:$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME .
-        docker push $CI_REGISTRY_IMAGE:$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
-      else docker build -t $AURA_IMAGE_NAME -t $AURA_IMAGE_NAME:$CI_COMMIT_TAG .
-      docker push $AURA_IMAGE_NAME:$CI_COMMIT_TAG
+        then docker login -u "$DOCKER_ID" -p "$DOCKER_HUB_AUTH"
+        docker build -t $AURA_IMAGE_NAME:main -t $AURA_IMAGE_NAME:main-$CI_COMMIT_SHORT_SHA .
+        docker push --all-tags
+      elif [ "$CI_COMMIT_REF_PROTECTED" = "true" ] && [ "$CI_COMMIT_BRANCH" != "$CI_DEFAULT_BRANCH" ]
+        then docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+        docker build -t $AURA_IMAGE_NAME -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA .
+        docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
+      else
+        docker login -u "$DOCKER_ID" -p "$DOCKER_HUB_AUTH"
+        docker build -t $AURA_IMAGE_NAME -t $AURA_IMAGE_NAME:$CI_COMMIT_TAG .
+        docker push $AURA_IMAGE_NAME:$CI_COMMIT_TAG
       fi
   rules:
     - *release-rules
     # every commit on master/main or feature branch should trigger a push
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^feat/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_PROTECTED =~ "true"
       exists:
         - Dockerfile
-
 release_job:
   stage: release
   needs: