diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 5dc1229..bac72d5 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -23,13 +23,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.3.0
+        uses: actions/checkout@v4
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -44,8 +38,6 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@v5.5.1
@@ -55,9 +47,8 @@ jobs:
             type=ref,event=pr
             type=sha,enable={{is_default_branch}},prefix={{date 'YYYYMMDD-HHmmss'}}-,suffix=,format=short
 
-      # Uses the cached prebuilt image and adds
-      # devcontainer features and metadata before pushing
-      - name: Add devcontainer extras and push
+      # this action will take features and extensions into account
+      - name: Build and Push devcontainer
         uses: devcontainers/ci@v0.3
         with:
           cacheFrom: ghcr.io/${{ github.repository }}
@@ -66,11 +57,3 @@ jobs:
           skipContainerUserIdUpdate: true
           platform: linux/amd64,linux/arm64
           runCmd: spin --version
-
-      # Sign the resulting Docker image digest except on PRs.
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
\ No newline at end of file