diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml
index 76f726b..09a8352 100644
--- a/.github/workflows/build-and-push-image.yml
+++ b/.github/workflows/build-and-push-image.yml
@@ -14,6 +14,9 @@ on:
     branches:
       - develop
 
+permissions:
+  contents: write
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -30,7 +33,11 @@ jobs:
       - name: Get the last Git tag
         id: get_last_tag
         run: |
-          LAST_TAG=$(git describe --tags --abbrev=0 || echo "0.0.0")
+          git fetch --tags --force
+          LAST_TAG=$(git tag --sort=-creatordate | head -n 1)
+          if [ -z "$LAST_TAG" ]; then
+            LAST_TAG="0.0.0"
+          fi
           echo "LAST_TAG=${LAST_TAG}" >> $GITHUB_ENV
 
       - name: Calculate new version
@@ -62,10 +69,25 @@ jobs:
           docker push $IMAGE
           docker logout "${NEXUS_DOCKER_URL}"
 
+      - name: Set up SSH for CI
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
+
       - name: Create and push Git tag
         if: github.event_name != 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           git config user.name "GitHub Actions"
           git config user.email "actions@github.com"
           git tag -a "${NEW_VERSION}" -m "Release ${NEW_VERSION}"
-          git push origin "${NEW_VERSION}"
+          git push origin "${NEW_VERSION}" --no-verify
+
+      - name: Remove SSH keys
+        run: rm -rf ~/.ssh
+
+      - name: Output new version
+        run: echo "New version is ${{ env.NEW_VERSION }}"