diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a5f3cac..d5e6c7b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -75,3 +75,8 @@ jobs:
         with:
           files: |
             _output/*.rpm
+
+  deploy:
+    needs: ["build"]
+    if: startsWith(github.ref, 'refs/tags/v')
+    uses: ./.github/workflows/deploy.yaml
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 4746dbc..082c52b 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -7,6 +7,7 @@ concurrency:
 on:
   release:
     types: [released]
+  workflow_call:
 
 jobs:
   build-repo:
@@ -18,7 +19,7 @@ jobs:
       - name: "Download release"
         uses: robinraju/release-downloader@v1.8
         with:
-          tag: ${{ github.ref_name }}
+          latest: true
           fileName: "*"
           out-file-path: "_output"
 
@@ -26,7 +27,7 @@ jobs:
         run: |
           docker run -t \
             -v $PWD:/repo \
-            ghcr.io/t2linux/fedora-kernel-build:latest \
+            ghcr.io/t2linux/fedora-dev:latest \
             /repo/generate-dnf-repo.sh
 
       - name: "Upload DNF Repo"
@@ -52,3 +53,4 @@ jobs:
           NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
         with:
           publish-dir: dnf-repo
+          production-deploy: ${{ startsWith(github.ref, 'refs/tags/v') }}
diff --git a/sign-packages.sh b/sign-packages.sh
index e7c4d4a..091d100 100755
--- a/sign-packages.sh
+++ b/sign-packages.sh
@@ -2,5 +2,5 @@
 cd /repo/_output || exit 2
 
 echo "$RPM_SIGNING_PRIVATE_KEY_B64" | base64 -d | gpg --import
-rpm --addsign ./*.rpm
 echo -e "%_signature gpg\n%_gpg_name T2Linux Fedora" > ~/.rpmmacros
+rpm --addsign ./*.rpm