diff --git a/.github/workflows/ubi-rust-builder.yml b/.github/workflows/ubi-rust-builder.yml
index 4f5abcdec..94638515e 100644
--- a/.github/workflows/ubi-rust-builder.yml
+++ b/.github/workflows/ubi-rust-builder.yml
@@ -21,27 +21,31 @@ jobs:
   build:
     permissions:
       id-token: write
+    runs-on: ${{ matrix.runner }}
     strategy:
       fail-fast: false
       matrix:
         runner: ["ubuntu-latest", "ubicloud-standard-8-arm-ubuntu-2404"]
         ubi-version: ["ubi9"]
-    runs-on: ${{ matrix.runner }}
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
+
       - name: Login to Stackable Harbor
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: oci.stackable.tech
           username: robot$sdp+github-action-build
           password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
+
       - name: Set up Cosign
         uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
+
       - name: Determine Architecture
         run: |
           echo "TAG=$(git rev-parse --short HEAD)-$(arch)" >> "$GITHUB_ENV"
+
       - name: Build and push
         id: build-and-push
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
@@ -50,6 +54,8 @@ jobs:
           file: ./${{ matrix.ubi-version }}-rust-builder/Dockerfile
           push: true
           tags: oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder:${{ env.TAG }}
+          provenance: false
+
       - name: Sign the published builder image
         shell: bash
         env:
@@ -59,28 +65,33 @@ jobs:
           # This generates a signature and publishes it to the registry, next to the image
           # Uses the keyless signing flow with Github Actions as identity provider
           cosign sign -y "oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder@$DIGEST"
+
   create_manifest:
+    name: Create and Push Image Index Manifest
+    needs: ["build"]
     permissions:
       id-token: write
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         ubi-version: ["ubi9"]
-    runs-on: ubuntu-latest
-    needs: ["build"]
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
+
       - name: Login to Stackable Harbor
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: oci.stackable.tech
           username: robot$sdp+github-action-build
           password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
+
       - name: Set up Cosign
         uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
-      - name: Build Manifest List
+
+      - name: Create and Push Image Index Manifest
         shell: bash
         run: |
           COMMIT_ID=$(git rev-parse --short HEAD)