diff --git a/.github/workflows/.act/README.md b/.github/workflows/.act/README.md
new file mode 100644
index 0000000..0085b24
--- /dev/null
+++ b/.github/workflows/.act/README.md
@@ -0,0 +1,24 @@
+# Act events
+
+This project uses [act](https://github.com/nektos/act) to help test GitHub Actions locally. This directory contains act event definitions.
+
+## Requirements
+
+- [act](https://github.com/nektos/act), this guide assumes you have installed act as a [GitHub CLI extension](https://github.com/nektos/act#installation-as-github-cli-extension).
+- [Docker](https://www.docker.com/)
+
+## Running act
+
+The following commands can be run to exercise the GitHub Actions locally.
+
+Will pass the `main` conditional and run the `build-and-sign-image` job.
+
+```bash
+gh act  -W .github/workflows/build-and-sign-image.yml -e .github/workflows/.act/push-event-valid.json
+```
+
+Will fail the `main` conditional and not run the `build-and-sign-image` job.
+
+```bash
+gh act  -W .github/workflows/build-and-sign-image.yml -e .github/workflows/.act/push-event-invalid.json
+```
diff --git a/.github/workflows/.act/push-event-invalid.json b/.github/workflows/.act/push-event-invalid.json
new file mode 100644
index 0000000..5751c99
--- /dev/null
+++ b/.github/workflows/.act/push-event-invalid.json
@@ -0,0 +1,3 @@
+{
+  "ref": "refs/tags/v200.3.0"
+}
diff --git a/.github/workflows/.act/push-event-valid.json b/.github/workflows/.act/push-event-valid.json
new file mode 100644
index 0000000..4790538
--- /dev/null
+++ b/.github/workflows/.act/push-event-valid.json
@@ -0,0 +1,3 @@
+{
+  "ref": "refs/tags/v0.3.0"
+}
diff --git a/.github/workflows/build-and-sign-image.yml b/.github/workflows/build-and-sign-image.yml
index 2fbf227..3d2faff 100644
--- a/.github/workflows/build-and-sign-image.yml
+++ b/.github/workflows/build-and-sign-image.yml
@@ -11,8 +11,30 @@ env:
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
+  find_origin_branch:
+    runs-on: ubuntu-latest
+    outputs:
+      branch: ${{ steps.find_origin_branch.outputs.branch }}
+    steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Get the tag's SHA
+          id: get_tag_sha
+          run: |
+            echo "**************** Looking for SHA of tag: ${{ github.ref }}"
+            echo "::set-output name=sha::$(git rev-parse ${{ github.ref }})"
+
+        - name: Find origin branch
+          id: find_origin_branch
+          run: |
+            echo "**************** Looking for branch containing: ${{ steps.get_tag_sha.outputs.sha }}"
+            echo "::set-output name=branch::$(git branch -r --contains ${{ steps.get_tag_sha.outputs.sha }} | grep -v HEAD | sed -e 's/^[[:space:]]*origin\///' | grep -e '^main$')"
+
   build_and_sign_image:
     runs-on: ubuntu-latest
+    needs: find_origin_branch
+    if: needs.find_origin_branch.outputs.branch == 'main'
     permissions:
       contents: write
       packages: write
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index 454c716..dc9aa86 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -11,10 +11,8 @@ on:
   push:
     branches:
       - main
-      - *
-
+      - '*'
 jobs:
-
   build:
     runs-on: ubuntu-latest
     steps: