diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
index 53bfb091..806833b1 100644
--- a/.github/workflows/__shared-ci.yml
+++ b/.github/workflows/__shared-ci.yml
@@ -22,7 +22,7 @@ jobs:
       contents: read
       packages: write
 
-  test-action-docker-prune-pull-requests-package-version:
+  test-action-docker-prune-pull-requests-image-tags:
     needs: linter
     # yamllint disable-line rule:line-length
     uses: ./.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml
diff --git a/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml b/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml
index 82765aa6..173a0849 100644
--- a/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml
+++ b/.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml
@@ -55,10 +55,11 @@ jobs:
             core.setOutput("tag", `pr-${prNumber}`);
 
             // Define expected packages
-            const packages = [
-              `ci-github-container/${process.env.IMAGE_NAME}`,
-              `ci-github-container/${process.env.IMAGE_NAME}/cache`,
-            ];
+            const packages = [`ci-github-container/${process.env.IMAGE_NAME}`];
+            const isTagPush = context.eventName === "push" && context.ref.startsWith("refs/tags/");
+            if (!isTagPush) {
+              packages.push(`ci-github-container/${process.env.IMAGE_NAME}/cache`);
+            }
 
             core.setOutput("packages", packages.join("\n"));
 
@@ -97,6 +98,7 @@ jobs:
       packages: read
     outputs:
       base-image: ${{ steps.assert-built-images.outputs.base-image }}
+      preserve-tags-filter: ${{ steps.assert-built-images.outputs.preserve-tags-filter }}
     steps:
       - name: Assert - Ensure images have been built
         id: assert-built-images
@@ -129,11 +131,28 @@ jobs:
             if (!builtImages[process.env.IMAGE_NAME] || !builtImages[process.env.IMAGE_NAME].images.length) {
               return core.setFailed(`No built images found for image name "${process.env.IMAGE_NAME}"`);
             }
-            const baseImage = builtImages[process.env.IMAGE_NAME].images[0];
+            const builtImage = builtImages[process.env.IMAGE_NAME];
+            const baseImage = builtImage.images[0];
             await exec.exec("docker", ["pull", baseImage]);
 
             core.setOutput("base-image", baseImage);
 
+            const isPullRequestEvent = ["pull_request", "pull_request_review", "issue_comment"].includes(context.eventName);
+            if (isPullRequestEvent) {
+              return;
+            }
+
+            const escapeRegex = (value) => value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+            const publishedTags = (builtImage.tags || []).filter(Boolean);
+            if (!publishedTags.length) {
+              return;
+            }
+
+            core.setOutput(
+              "preserve-tags-filter",
+              `^(?:${publishedTags.map(escapeRegex).join("|")})$`
+            );
+
   act:
     name: Act - Prune pull requests image tags
     runs-on: ubuntu-latest
@@ -169,6 +188,7 @@ jobs:
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           image: ${{ env.IMAGE_NAME }}
+          preserve-tags-filter: ${{ needs.arrange-verify.outputs.preserve-tags-filter }}
 
   assert:
     name: Assert - Verify deleted image tags
@@ -211,14 +231,12 @@ jobs:
             }
 
       - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        if: ${{ github.event_name == 'pull_request' }}
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Assert - Ensure current image tag didn't get deleted
-        if: ${{ github.event_name == 'pull_request' }}
         env:
           IMAGE_NAME: ${{ env.IMAGE_NAME }}
         run: |