diff --git a/.github/workflows/normal.yaml b/.github/workflows/normal.yaml
index c82ba45..7a718d5 100644
--- a/.github/workflows/normal.yaml
+++ b/.github/workflows/normal.yaml
@@ -138,7 +138,7 @@ jobs:
 
       - name: Build package (nix)
         run: |
-          just nix-develop-ci nix-package
+          just nix-develop-ci just nix-package
 
       - name: Build container image (nix)
         run: |
@@ -155,6 +155,8 @@ jobs:
 
     env:
       CI_IS_RELEASE: true
+      REGISTRY_USERNAME: ${{ github.repository_owner }}
+      REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
 
     steps:
       - name: Checkout
diff --git a/tools/ci/upload-image.sh b/tools/ci/upload-image.sh
index 13b873c..8968694 100755
--- a/tools/ci/upload-image.sh
+++ b/tools/ci/upload-image.sh
@@ -11,6 +11,14 @@ ROOT_DIR=$(git rev-parse --show-toplevel)
 cd "$ROOT_DIR"
 
 function main() {
+
+    local username=${REGISTRY_USERNAME:-$USERNAME}
+    local password=${REGISTRY_PASSWORD:-$PASSWORD}
+
+    if [ -z "$username" ] || [ -z "$password" ]; then
+        die "'USERNAME' or 'PASSWORD' env. variables not set."
+    fi
+
     if ! ci_is_running; then
         die "This script should only be executed in CI"
     fi
@@ -30,9 +38,13 @@ function main() {
         print_info "Read the image from file '$image_path' and " \
             "directly push to registry '$image_name'."
 
+        cat "$HOME/.docker/config.json"
+
         skopeo \
             --insecure-policy \
             copy \
+            --dest-username <(echo "$username") \
+            --dest-password <(echo "$password") \
             --dest-authfile "$HOME/.docker/config.json" \
             "docker-archive://$image_path" \
             "docker://$image_name"