diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index 07dd8687..af73a0d3 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -66,10 +66,13 @@ jobs:
 
       - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml
         env:
-          PULL_BASE_REF: ${{ PULL_BASE_REF }}
-          BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+          PULL_BASE_REF: ${{ github.event.inputs.name }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.inputs.name }}"
+          MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned"
+          KUSTOMIZE_VERSION: "v4.5.6"
         run: |
-          ./scripts/render_and_upload_manifests.sh ${{ PULL_BASE_REF }} ${{ BOT_GITHUB_TOKEN }}
+          ./scripts/render_and_upload_manifests.sh
 
     outputs:
       release_id: ${{ steps.create-draft.outputs.release_id }}
diff --git a/internal/controller/operator/eventing/eventmesh.go b/internal/controller/operator/eventing/eventmesh.go
index 5013f99f..c2fec08a 100644
--- a/internal/controller/operator/eventing/eventmesh.go
+++ b/internal/controller/operator/eventing/eventmesh.go
@@ -234,7 +234,6 @@ func (r *Reconciler) getOAuth2ClientCredentials(ctx context.Context, secretNames
 	var exists bool
 	var clientID, clientSecret, tokenURL, certsURL []byte
 
-	oauth2Secret := new(kcorev1.Secret)
 	oauth2SecretNamespacedName := types.NamespacedName{
 		Namespace: secretNamespace,
 		Name:      r.backendConfig.EventingWebhookAuthSecretName,
@@ -242,8 +241,9 @@ func (r *Reconciler) getOAuth2ClientCredentials(ctx context.Context, secretNames
 
 	r.namedLogger().Infof("Reading secret %s", oauth2SecretNamespacedName.String())
 
-	if getErr := r.Get(ctx, oauth2SecretNamespacedName, oauth2Secret); getErr != nil {
-		return nil, getErr
+	var oauth2Secret *kcorev1.Secret
+	if oauth2Secret, err = r.kubeClient.GetSecret(ctx, oauth2SecretNamespacedName.String()); err != nil {
+		return nil, err
 	}
 
 	if clientID, exists = oauth2Secret.Data[secretKeyClientID]; !exists {
diff --git a/internal/controller/operator/eventing/eventmesh_test.go b/internal/controller/operator/eventing/eventmesh_test.go
index b203f5c8..5903115a 100644
--- a/internal/controller/operator/eventing/eventmesh_test.go
+++ b/internal/controller/operator/eventing/eventmesh_test.go
@@ -3,6 +3,7 @@ package eventing
 import (
 	"context"
 	"errors"
+	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/mock"
@@ -10,7 +11,6 @@ import (
 	kcorev1 "k8s.io/api/core/v1"
 	kmetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 
 	"github.com/kyma-project/eventing-manager/api/operator/v1alpha1"
 	"github.com/kyma-project/eventing-manager/internal/label"
@@ -31,9 +31,10 @@ const (
 )
 
 var (
-	ErrFailedToStart  = errors.New("failed to start")
-	ErrFailedToStop   = errors.New("failed to stop")
+	ErrFailedToStart = errors.New("failed to start")
+	ErrFailedToStop  = errors.New("failed to stop")
 	ErrFailedToRemove = errors.New("failed to remove")
+	errNotFound      = errors.New("secret not found")
 )
 
 //nolint:goerr113 // all tests here need to be fixed, as they use require.ErrorAs and use it wrongly
@@ -95,7 +96,13 @@ func Test_reconcileEventMeshSubManager(t *testing.T) {
 			givenManagerFactoryMock: func(_ *submgrmanagermocks.Manager) *submgrmocks.ManagerFactory {
 				return nil
 			},
-			wantError:     errors.New("failed to sync OAuth secret"),
+			givenKubeClientMock: func() k8s.Client {
+				mockKubeClient := new(k8smocks.Client)
+				mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return(
+					nil, errNotFound).Once()
+				return mockKubeClient
+			},
+			wantError:     fmt.Errorf("failed to sync OAuth secret: %w", errNotFound),
 			wantHashAfter: int64(0),
 		},
 		{
@@ -116,11 +123,11 @@ func Test_reconcileEventMeshSubManager(t *testing.T) {
 			givenKubeClientMock: func() k8s.Client {
 				mockKubeClient := new(k8smocks.Client)
 				mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return(
-					utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Once()
+					utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Once()
 				mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(errors.New("failed to apply patch")).Once()
 				return mockKubeClient
 			},
-			wantError: errors.New("failed to sync Publisher Proxy secret"),
+			wantError: errors.New("failed to sync Publisher Proxy secret: failed to apply patch"),
 		},
 		{
 			name:                              "it should do nothing because subscription manager is already started",
@@ -144,7 +151,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) {
 				mockKubeClient.On("GetConfigMap", ctx, mock.Anything, mock.Anything).Return(givenConfigMap, nil).Once()
 				mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once()
 				mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return(
-					utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Once()
+					utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Once()
 				return mockKubeClient
 			},
 			wantHashAfter: int64(4922936597877296700),
@@ -175,7 +182,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) {
 				mockKubeClient.On("GetConfigMap", ctx, mock.Anything, mock.Anything).Return(givenConfigMap, nil).Once()
 				mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once()
 				mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return(
-					utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Once()
+					utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Once()
 				return mockKubeClient
 			},
 			wantAssertCheck: true,
@@ -206,7 +213,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) {
 				mockKubeClient := new(k8smocks.Client)
 				mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Twice()
 				mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return(
-					utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Twice()
+					utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Twice()
 				return mockKubeClient
 			},
 			wantAssertCheck:  true,
@@ -240,7 +247,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) {
 				mockKubeClient := new(k8smocks.Client)
 				mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Twice()
 				mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return(
-					utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Twice()
+					utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Twice()
 				return mockKubeClient
 			},
 			wantAssertCheck: true,
@@ -301,7 +308,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) {
 			// then
 			if tc.wantError != nil {
 				require.Error(t, err)
-				require.ErrorAs(t, err, &tc.wantError)
+				require.Equal(t, err.Error(), tc.wantError.Error())
 			} else {
 				require.NoError(t, err)
 				require.NotNil(t, testEnv.Reconciler.eventMeshSubManager)
@@ -372,6 +379,7 @@ func Test_reconcileEventMeshSubManager_ReadClusterDomain(t *testing.T) {
 			},
 			givenKubeClientMock: func() (k8s.Client, *k8smocks.Client) {
 				mockKubeClient := new(k8smocks.Client)
+				mockKubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(givenOauthSecret, nil).Once()
 				mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once()
 				return mockKubeClient, mockKubeClient
 			},
@@ -402,6 +410,7 @@ func Test_reconcileEventMeshSubManager_ReadClusterDomain(t *testing.T) {
 			},
 			givenKubeClientMock: func() (k8s.Client, *k8smocks.Client) {
 				mockKubeClient := new(k8smocks.Client)
+				mockKubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(givenOauthSecret, nil).Once()
 				mockKubeClient.On("GetConfigMap", ctx, mock.Anything, mock.Anything).Return(givenConfigMap, nil).Once()
 				mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once()
 				return mockKubeClient, mockKubeClient
@@ -703,7 +712,7 @@ func Test_GetSecretForPublisher(t *testing.T) {
 func Test_getOAuth2ClientCredentials(t *testing.T) {
 	testCases := []struct {
 		name             string
-		givenSecrets     []*kcorev1.Secret
+		givenSecret      *kcorev1.Secret
 		wantError        bool
 		wantClientID     []byte
 		wantClientSecret []byte
@@ -711,42 +720,36 @@ func Test_getOAuth2ClientCredentials(t *testing.T) {
 		wantCertsURL     []byte
 	}{
 		{
-			name:         "secret does not exist",
-			givenSecrets: nil,
-			wantError:    true,
+			name:        "secret does not exist",
+			givenSecret: nil,
+			wantError:   true,
 		},
 		{
 			name: "secret exists with missing data",
-			givenSecrets: []*kcorev1.Secret{
-				// required secret
-				{
-					ObjectMeta: kmetav1.ObjectMeta{
-						Name:      defaultEventingWebhookAuthSecretName,
-						Namespace: defaultEventingWebhookAuthSecretNamespace,
-					},
-					Data: map[string][]byte{
-						secretKeyClientID: []byte("test-client-id-0"),
-						// missing data
-					},
+			givenSecret: &kcorev1.Secret{
+				ObjectMeta: kmetav1.ObjectMeta{
+					Name:      defaultEventingWebhookAuthSecretName,
+					Namespace: defaultEventingWebhookAuthSecretNamespace,
+				},
+				Data: map[string][]byte{
+					secretKeyClientID: []byte("test-client-id-0"),
+					// missing data
 				},
 			},
 			wantError: true,
 		},
 		{
 			name: "secret exists with all data",
-			givenSecrets: []*kcorev1.Secret{
-				// required secret
-				{
-					ObjectMeta: kmetav1.ObjectMeta{
-						Name:      defaultEventingWebhookAuthSecretName,
-						Namespace: defaultEventingWebhookAuthSecretNamespace,
-					},
-					Data: map[string][]byte{
-						secretKeyClientID:     []byte("test-client-id-0"),
-						secretKeyClientSecret: []byte("test-client-secret-0"),
-						secretKeyTokenURL:     []byte("test-token-url-0"),
-						secretKeyCertsURL:     []byte("test-certs-url-0"),
-					},
+			givenSecret: &kcorev1.Secret{
+				ObjectMeta: kmetav1.ObjectMeta{
+					Name:      defaultEventingWebhookAuthSecretName,
+					Namespace: defaultEventingWebhookAuthSecretNamespace,
+				},
+				Data: map[string][]byte{
+					secretKeyClientID:     []byte("test-client-id-0"),
+					secretKeyClientSecret: []byte("test-client-secret-0"),
+					secretKeyTokenURL:     []byte("test-token-url-0"),
+					secretKeyCertsURL:     []byte("test-certs-url-0"),
 				},
 			},
 			wantError:        false,
@@ -765,20 +768,23 @@ func Test_getOAuth2ClientCredentials(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			// given
 			ctx := context.Background()
+
+			kubeClient := new(k8smocks.Client)
+
+			if tc.givenSecret != nil {
+				kubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(tc.givenSecret, nil).Once()
+			} else {
+				kubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(nil, errNotFound).Once()
+			}
+
 			r := Reconciler{
-				Client: fake.NewClientBuilder().WithObjects().Build(),
-				logger: l,
+				kubeClient: kubeClient,
+				logger:     l,
 				backendConfig: env.BackendConfig{
 					EventingWebhookAuthSecretName:      defaultEventingWebhookAuthSecretName,
 					EventingWebhookAuthSecretNamespace: defaultEventingWebhookAuthSecretNamespace,
 				},
 			}
-			if len(tc.givenSecrets) > 0 {
-				for _, secret := range tc.givenSecrets {
-					err := r.Client.Create(ctx, secret)
-					require.NoError(t, err)
-				}
-			}
 
 			// when
 			credentials, err := r.getOAuth2ClientCredentials(ctx, defaultEventingWebhookAuthSecretNamespace)
diff --git a/scripts/render_and_upload_manifests.sh b/scripts/render_and_upload_manifests.sh
index 16a1e773..8ca2f33a 100755
--- a/scripts/render_and_upload_manifests.sh
+++ b/scripts/render_and_upload_manifests.sh
@@ -8,7 +8,7 @@ set -o pipefail # prevents errors in a pipeline from being masked
 
 # Expected variables:
 #   PULL_BASE_REF - name of the tag
-#   BOT_GITHUB_TOKEN - github token used to upload the template yaml
+#   GITHUB_TOKEN - github token used to upload the template yaml
 
 uploadFile() {
 	filePath=${1}
@@ -17,7 +17,7 @@ uploadFile() {
 	echo "Uploading ${filePath} as ${ghAsset}"
 	response=$(curl -s -o output.txt -w "%{http_code}" \
 		--request POST --data-binary @"$filePath" \
-		-H "Authorization: token $BOT_GITHUB_TOKEN" \
+		-H "Authorization: token $GITHUB_TOKEN" \
 		-H "Content-Type: text/yaml" \
 		$ghAsset)
 	if [[ "$response" != "201" ]]; then
@@ -37,8 +37,7 @@ MODULE_VERSION=${PULL_BASE_REF} make render-manifest
 echo "Generated eventing-manager.yaml:"
 cat eventing-manager.yaml
 
-MODULE_VERSION=${PULL_BASE_REF} make module-build
-
+# MODULE_VERSION=${PULL_BASE_REF} make module-build
 # TODO completly remove the rendering of the module-template from the repository.
 # echo "Generated moduletemplate.yaml:"
 # cat module-template.yaml
@@ -48,7 +47,7 @@ echo "Updating github release with eventing-manager.yaml"
 echo "Finding release id for: ${PULL_BASE_REF}"
 CURL_RESPONSE=$(curl -w "%{http_code}" -sL \
 	-H "Accept: application/vnd.github+json" \
-	-H "Authorization: Bearer $BOT_GITHUB_TOKEN" \
+	-H "Authorization: Bearer $GITHUB_TOKEN" \
 	https://api.github.com/repos/kyma-project/eventing-manager/releases)
 JSON_RESPONSE=$(sed '$ d' <<<"${CURL_RESPONSE}")
 HTTP_CODE=$(tail -n1 <<<"${CURL_RESPONSE}")