diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index f96d7ba90..0c153f7f7 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -30,9 +30,6 @@ jobs:
   docker:
     needs: semantic-release
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        deployment: [incident-manager-ui, canary-checker-ui]
     if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
     steps:
       - name: Harden Runner
@@ -41,22 +38,73 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
-      - name: Publish to Registry
+
+      - name: Publish canary-checker-ui to Registry
         uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4
         env:
-          APP_DEPLOYMENT: ${{ matrix.deployment == 'canary-checker-ui' && 'CANARY_CHECKER' || 'INCIDENT_MANAGER' }}
-          WITHOUT_AUTH: ${{ matrix.deployment == 'canary-checker-ui' && 'true' || 'false' }}
+          APP_DEPLOYMENT: CANARY_CHECKER
+          WITHOUT_AUTH: 'true'
         with:
-          name: flanksource/${{ matrix.deployment }}
+          name: flanksource/canary-checker-ui
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
           buildargs: APP_DEPLOYMENT,WITHOUT_AUTH
           snapshot: true
           tags: "latest,v${{ needs.semantic-release.outputs.release-version }}"
 
+      - name: Publish incident-manager-ui to Registry
+        uses: elgohr/Publish-Docker-Github-Action@742a180fa47f3adfb5115902ae4955acc6ad769b # v4
+        env:
+          APP_DEPLOYMENT: 'INCIDENT_MANAGER'
+          WITHOUT_AUTH: 'false'
+        with:
+          name: flanksource/incident-manager-ui
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          buildargs: APP_DEPLOYMENT,WITHOUT_AUTH
+          snapshot: true
+          tags: "latest,v${{ needs.semantic-release.outputs.release-version }}"
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR Public
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+
+      - name: Publish canary-checker-ui to ECR Public
+        env:
+          REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
+          REGISTRY_ALIAS: k4y9r6y5
+          REPOSITORY: canary-checker-ui
+          IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}"
+          APP_DEPLOYMENT: CANARY_CHECKER
+          WITHOUT_AUTH: 'true'
+        run: |
+          docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG .
+          docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG
+
+      - name: Publish incident-manager-ui to ECR Public
+        env:
+          REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
+          REGISTRY_ALIAS: k4y9r6y5
+          REPOSITORY: incident-manager-ui
+          IMAGE_TAG: "v${{ needs.semantic-release.outputs.release-version }}"
+          APP_DEPLOYMENT: 'INCIDENT_MANAGER'
+          WITHOUT_AUTH: 'false'
+        run: |
+          docker build --build-arg APP_DEPLOYMENT --build-arg WITHOUT_AUTH -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG .
+          docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG
+
   helm:
     runs-on: ubuntu-latest
-    needs: semantic-release
+    needs: [semantic-release, docker]
     if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
     steps:
       - name: Harden Runner