diff --git a/src/commands/build.rs b/src/commands/build.rs
index b6d8aa5..cb27cf7 100644
--- a/src/commands/build.rs
+++ b/src/commands/build.rs
@@ -593,6 +593,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
         env::var("CI_SERVER_PROTOCOL"),
         env::var("CI_SERVER_HOST"),
         env::var("SIGSTORE_ID_TOKEN"),
+        env::var("GITHUB_TOKEN"),
         env::var("GITHUB_EVENT_NAME"),
         env::var("GITHUB_REF_NAME"),
         env::var("GITHUB_WORKFLOW_REF"),
@@ -609,6 +610,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
             _,
             _,
             _,
+            _,
         ) if ci_default_branch == ci_commit_ref => {
             trace!("CI_PROJECT_URL={ci_project_url}, CI_DEFAULT_BRANCH={ci_default_branch}, CI_COMMIT_REF_NAME={ci_commit_ref}, CI_SERVER_PROTOCOL={ci_server_protocol}, CI_SERVER_HOST={ci_server_host}");
 
@@ -655,6 +657,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
             _,
             _,
             _,
+            _,
             Ok(_),
             Ok(github_event_name),
             Ok(github_ref_name),
@@ -694,7 +697,7 @@ fn sign_images(image_name: &str, tag: Option<&str>) -> Result<()> {
                 bail!("Failed to verify image!");
             }
         }
-        (_, _, _, _, _, _, Ok(github_event_name), Ok(github_ref_name), _, Ok(_))
+        (_, _, _, _, _, _, _, Ok(github_event_name), Ok(github_ref_name), _, Ok(_))
             if github_event_name != "pull_request"
                 && (github_ref_name == "live" || github_ref_name == "main") =>
         {