diff --git a/.github/pull.yml b/.github/pull.yml
deleted file mode 100644
index f91827a..0000000
--- a/.github/pull.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-version: "1"
-rules:                                                    # Array of rules
-  - base: staging                                         # Required. Target branch
-    upstream: Ocelot-Social-Community/stage.ocelot.social # Required. Must be in the same fork network.
-    mergeMethod: merge                                    # Optional, one of [none, merge, squash, rebase, hardreset], Default: none.
-    mergeUnstable: false                                  # Optional, merge pull request even when the mergeable_state is not clean. Default: false
-#   - base: dev
-#     upstream: master        # Required. Can be a branch in the same forked repo.
-#     assignees:              # Optional
-#       - wei
-#     reviewers:              # Optional
-#       - wei
-#     conflictReviewers:      # Optional, on merge conflict assign a reviewer
-#       - wei
-# label: ":arrow_heading_down: pull"  # Optional
-# conflictLabel: "merge-conflict"
diff --git a/.github/workflows/push.yml b/.github/workflows/publish.yml
similarity index 75%
rename from .github/workflows/push.yml
rename to .github/workflows/publish.yml
index 20c4576..fcddbf9 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/publish.yml
@@ -1,6 +1,16 @@
 name: publish
 
-on: push
+on:
+  workflow_dispatch:
+    inputs:
+      ocelot_version:
+        description: Ocelot build image version
+        required: true
+        type: string
+      deploy:
+        description: Deploy to cluster
+        required: true
+        type: boolean
 
 jobs:
   build-and-push-images:
@@ -38,13 +48,13 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=schedule
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=ref,event=branch
-            type=ref,event=pr
-            type=sha
+            type=schedule,prefix=${{ inputs.ocelot_version }}_
+            type=semver,pattern={{version}},prefix=${{ inputs.ocelot_version }}_
+            type=semver,pattern={{major}}.{{minor}},prefix=${{ inputs.ocelot_version }}_
+            type=semver,pattern={{major}},prefix=${{ inputs.ocelot_version }}_
+            type=ref,event=branch,prefix=${{ inputs.ocelot_version }}_
+            type=ref,event=pr,prefix=${{ inputs.ocelot_version }}_
+            type=sha,prefix=${{ inputs.ocelot_version }}_
       - name: Build and push Docker images
         id: push
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
@@ -53,13 +63,13 @@ jobs:
           context: .
           push: true
           build-args: |
-              OCELOT_VERSION=hetzner
+              OCELOT_VERSION=${{ inputs.ocelot_version }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
   deploy-to-kubernetes:
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/staging'
+    if: ${{ inputs.deploy }}
     needs: build-and-push-images
     steps:
       - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0
diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile
index e152205..5e5fbda 100644
--- a/docker/backend.Dockerfile
+++ b/docker/backend.Dockerfile
@@ -1,6 +1,6 @@
 ARG OCELOT_VERSION=master
 
-FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-code AS build
+FROM ghcr.io/ocelot-social-community/ocelot-social/backend-build:${OCELOT_VERSION} AS build
 
-FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-base AS branded
+FROM ghcr.io/ocelot-social-community/ocelot-social/backend-base:${OCELOT_VERSION} AS branded
 COPY --from=build /build .
diff --git a/docker/maintenance.Dockerfile b/docker/maintenance.Dockerfile
index 32ae532..b471bbd 100644
--- a/docker/maintenance.Dockerfile
+++ b/docker/maintenance.Dockerfile
@@ -1,7 +1,7 @@
 ARG OCELOT_VERSION=master
 
-FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance:${OCELOT_VERSION}-code AS build
+FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-build:${OCELOT_VERSION} AS build
 
-FROM nginx:alpine AS branded
+FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-base:${OCELOT_VERSION} AS branded
 COPY --from=build ./app/dist/ /usr/share/nginx/html/
 COPY --from=build ./app/maintenance/nginx/custom.conf /etc/nginx/conf.d/default.conf
diff --git a/docker/webapp.Dockerfile b/docker/webapp.Dockerfile
index e4abd38..1a6b024 100644
--- a/docker/webapp.Dockerfile
+++ b/docker/webapp.Dockerfile
@@ -1,6 +1,6 @@
 ARG OCELOT_VERSION=master
 
-FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-code AS build
+FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-build:${OCELOT_VERSION} AS build
 
-FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-base AS branded
+FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-base:${OCELOT_VERSION} AS branded
 COPY --from=build /build .
diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl
index 856b3b4..987469d 100644
--- a/helmfile/environments/default.yaml.gotmpl
+++ b/helmfile/environments/default.yaml.gotmpl
@@ -1,5 +1,6 @@
+{{ $branch := env "BRANCH" | default (exec "../scripts/branch.sh" (list) | trim) }}
 {{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }}
 
-domain: reformer-network-staging.roschaefer.de
-namespace: reformer-network-staging
+domain: {{ env "DOMAIN" | default (printf "%s.git.reformer-network.roschaefer.de" $branch ) }}
+namespace: {{ env "NAMESPACE" | default (printf "reformer-network-git-%s" $branch ) }}
 image_tag: {{ $image_tag }}
diff --git a/helmfile/environments/production.yaml.gotmpl b/helmfile/environments/production.yaml.gotmpl
index ee69a67..07b9d62 100644
--- a/helmfile/environments/production.yaml.gotmpl
+++ b/helmfile/environments/production.yaml.gotmpl
@@ -1,3 +1,3 @@
-domain: reformer-network.roschaefer.de
+domain: staging.reformer-network.roschaefer.de
 namespace: reformer-network-production
 image_tag: production
diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl
index 856b3b4..90e599f 100644
--- a/helmfile/environments/staging.yaml.gotmpl
+++ b/helmfile/environments/staging.yaml.gotmpl
@@ -1,5 +1,5 @@
 {{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }}
 
-domain: reformer-network-staging.roschaefer.de
+domain: staging.reformer-network.roschaefer.de
 namespace: reformer-network-staging
 image_tag: {{ $image_tag }}
diff --git a/helmfile/scripts/branch.sh b/helmfile/scripts/branch.sh
new file mode 100755
index 0000000..c63d5e4
--- /dev/null
+++ b/helmfile/scripts/branch.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+# source https://stackoverflow.com/a/63286099
+git rev-parse --abbrev-ref HEAD | iconv -c -t ascii//TRANSLIT | sed -E 's/[~^]+//g' | sed -E 's/[^a-zA-Z0-9]+/-/g' | sed -E 's/^-+|-+$//g' | tr A-Z a-z
diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh
index f921945..0d336d4 100755
--- a/helmfile/scripts/image_tag.sh
+++ b/helmfile/scripts/image_tag.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-echo "sha-$(git rev-parse HEAD | cut -c 1-7)"
+echo "master_sha-$(git rev-parse HEAD | cut -c 1-7)"