diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index e937d5a..d4045c6 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -9,34 +9,9 @@ env:
   DEFAULT_BRANCH: main
 
 jobs:
-  prepare:
-    name: Prepare
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      actions: read
-    steps:
-    - name: Determine tags
-      id: tags
-      env:
-        BRANCH: ${{ github.ref_name }}
-        SHA: ${{ github.sha }}
-      run: |
-        export TAGS="$BRANCH;$BRANCH-${SHA:0:7}"
-
-        if [ "$BRANCH" = "$DEFAULT_BRANCH" ]; then
-            export TAGS="$TAGS;latest"
-        fi
-
-        echo "tags=$TAGS" >>$GITHUB_OUTPUT
-    outputs:
-        tags: ${{ steps.tags.outputs.tags }}
-
   build:
     name: Build
     uses: freedomofpress/actionslib/.github/workflows/oci-build.yaml@main
-    needs:
-    - prepare
     permissions:
       contents: read
       actions: read
@@ -44,7 +19,7 @@ jobs:
     with:
       context: "."
       containerfile: docker/Dockerfile
-      tags: ${{ needs.prepare.outputs.tags }}
       registry: ghcr.io/freedomofpress/securedrop-https-everywhere-ruleset
+      add-branch-tags: true
     secrets:
       registry-password: ${{ secrets.GITHUB_TOKEN }}