diff --git a/.github/actions/build-sign-publish-chainlink/action.yml b/.github/actions/build-sign-publish-chainlink/action.yml
index cc425105534..73b1533b559 100644
--- a/.github/actions/build-sign-publish-chainlink/action.yml
+++ b/.github/actions/build-sign-publish-chainlink/action.yml
@@ -171,7 +171,9 @@ runs:
       run: |
         IMAGES_NAME_RAW=${{ fromJSON(steps.buildpush-root.outputs.metadata)['image.name'] }}
         IMAGE_NAME=$(echo "$IMAGES_NAME_RAW" | cut -d"," -f1)
+        IMAGE_DIGEST=${{ fromJSON(steps.buildpush-root.outputs.metadata)['containerimage.digest'] }}
         echo "root_image_name=${IMAGE_NAME}" >> $GITHUB_ENV
+        echo "root_image_digest=${IMAGE_DIGEST}" >> $GITHUB_ENV
 
     - name: Generate docker metadata for non-root image
       id: meta-nonroot
@@ -217,6 +219,7 @@ runs:
         IMAGE_NAME=$(echo "$IMAGES_NAME_RAW" | cut -d"," -f1)
         IMAGE_TAG=$(echo "$IMAGES_NAME_RAW" | cut -d":" -f2)
         echo "nonroot_image_name=${IMAGE_NAME}" >> $GITHUB_ENV
+        echo "nonroot_image_digest=${IMAGE_DIGEST}" >> $GITHUB_ENV
         echo '### Docker Image' >> $GITHUB_STEP_SUMMARY
         echo "Image Name: ${IMAGE_NAME}"  >> $GITHUB_STEP_SUMMARY
         echo "Image Digest: ${IMAGE_DIGEST}"  >> $GITHUB_STEP_SUMMARY
@@ -250,7 +253,7 @@ runs:
         COSIGN_PASSWORD: "${{ inputs.cosign-password }}"
       run: |
         echo "${{ inputs.cosign-private-key }}" > cosign.key
-        cosign sign --key cosign.key "${{ env.root_image_name }}"
+        cosign sign --key cosign.key "${{ env.root_image_digest }}"
         rm -f cosign.key
 
     - if: inputs.verify-signature == 'true' && inputs.sign-method == 'keypair'
@@ -265,7 +268,7 @@ runs:
       name: Sign the published root Docker image using keyless method
       shell: sh
       run: |
-        cosign sign "${{ env.root_image_name }}"
+        cosign sign "${{ env.root_image_digest }}"
 
     - if: inputs.verify-signature == 'true' && inputs.sign-method == 'keyless'
       name: Verify the signature of the published root Docker image using keyless
@@ -282,7 +285,7 @@ runs:
         COSIGN_PASSWORD: "${{ inputs.cosign-password }}"
       run: |
         echo "${{ inputs.cosign-private-key }}" > cosign.key
-        cosign sign --key cosign.key "${{ env.nonroot_image_name }}"
+        cosign sign --key cosign.key "${{ env.nonroot_image_digest }}"
         rm -f cosign.key
 
     - if: inputs.verify-signature == 'true' && inputs.sign-method == 'keypair'
@@ -297,7 +300,7 @@ runs:
       name: Sign the published non-root Docker image using keyless method
       shell: sh
       run: |
-        cosign sign "${{ env.nonroot_image_name }}"
+        cosign sign "${{ env.nonroot_image_digest }}"
 
     - if: inputs.verify-signature == 'true' && inputs.sign-method == 'keyless'
       name: Verify the signature of the published non-root Docker image using keyless