diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2b12bdb050bc6c14d162db179f3ef7c4c2a6f77c..5c70d8f162c9317908aac1248aca2feb16b5f512 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -47,35 +47,30 @@ docker-push:
     AURA_IMAGE_NAME: "autoradio/engine-core"
   services:
     - docker:dind
-  before_script:
-    # on a feature branch will login to gitlab registry
-    # else to docker hub
-    # hint: feature branches must begin with "feat"
-    - |
-      if expr "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" : ^feat > /dev/null
-        then docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
-      else docker login -u "$DOCKER_ID" -p "$DOCKER_HUB_AUTH"
-      fi
   script:
     # every commit on main branch should build and push image as unstable
-    # elseif its a feature branch build and push to gitlab registry
+    # elseif its a protected branch and push to gitlab registry
     # else it is from a tag (enforced by gitlab-ci rules)
     # hint: tags are references independent of branches
     # hint: feature branches must begin with "feat"
     - |
       if [ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]
-        then docker build -t $AURA_IMAGE_NAME:unstable .
-        docker push $AURA_IMAGE_NAME:unstable 
-      elif expr "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" : ^feat > /dev/null
-        then docker build -t $AURA_IMAGE_NAME -t $CI_REGISTRY_IMAGE:$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME .
-        docker push $CI_REGISTRY_IMAGE:$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
-      else docker build -t $AURA_IMAGE_NAME -t $AURA_IMAGE_NAME:$CI_COMMIT_TAG .
-      docker push $AURA_IMAGE_NAME:$CI_COMMIT_TAG
+        then docker login -u "$DOCKER_ID" -p "$DOCKER_HUB_AUTH"
+        docker build -t $AURA_IMAGE_NAME:main -t $AURA_IMAGE_NAME:main-$CI_COMMIT_SHORT_SHA .
+        docker push --all-tags
+      elif [ "$CI_COMMIT_REF_PROTECTED" = "true" ] && [ "$CI_COMMIT_BRANCH" != "$CI_DEFAULT_BRANCH" ]
+        then docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+        docker build -t $AURA_IMAGE_NAME -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA .
+        docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
+      else
+        docker login -u "$DOCKER_ID" -p "$DOCKER_HUB_AUTH"
+        docker build -t $AURA_IMAGE_NAME -t $AURA_IMAGE_NAME:$CI_COMMIT_TAG .
+        docker push $AURA_IMAGE_NAME:$CI_COMMIT_TAG
       fi
   rules:
     - *release-rules
     # every commit on master/main or feature branch should trigger a push
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^feat/
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_PROTECTED =~ "true"
       exists:
         - Dockerfile