diff --git a/.github/workflows/image-signer.yaml b/.github/workflows/image-signer.yaml
new file mode 100644
index 0000000..ad03bd7
--- /dev/null
+++ b/.github/workflows/image-signer.yaml
@@ -0,0 +1,72 @@
+name: Pull and Sign Container Image
+
+on:
+  repository_dispatch:
+    types: [sign-image]  
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write # Required for OIDC token access
+
+jobs:
+  build-and-sign:
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Log in to Docker Hub
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ github.event.client_payload.docker_username }}
+          password: ${{ github.event.client_payload.docker_password }}
+
+      # Pull the container image
+      - name: Pull Image
+        run: docker pull ${{ github.event.client_payload.pull_tag }}
+
+      - name: Extract image name
+        run: |
+          IMAGE_TAG=${{ github.event.client_payload.push_tag }}
+          IMAGE_NAME=$(echo $IMAGE_TAG | sed 's/:.*//')
+          echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
+
+      - name: Get Image Digest
+        id: get-digest
+        run: |
+          DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ github.event.client_payload.pull_tag }} | cut -d'@' -f2)
+          echo "digest=$DIGEST" >> $GITHUB_OUTPUT
+
+
+      # Install Cosign
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3
+        with:
+          cosign-release: 'v2.2.1' # Use a specific version for stability
+
+      - name: Tag changed
+        run: docker tag ${{ github.event.client_payload.pull_tag }} ${{ github.event.client_payload.push_tag }}
+      
+      - name: Push Tagged Image
+        run: docker push ${{ github.event.client_payload.push_tag }}
+          
+      - name: Sign container image
+        env:
+          COSIGN_EXPERIMENTAL: "1"
+        run: |
+          cosign sign --yes ${{ github.event.client_payload.push_tag }}
+
+      - name: Sign image Verification
+        run: |
+          cosign verify $IMAGE_NAME@${{ steps.get-digest.outputs.digest }}
+
+      # Output the digest for reference
+      - name: Output Digest for Verification
+        run: |
+          echo "Image pushed and signed as ${{ github.event.client_payload.push_tag }} with digest $IMAGE_NAME@${{ steps.get-digest.outputs.digest }}"
+          echo "Verify with: cosign verify $IMAGE_NAME@${{ steps.get-digest.outputs.digest }}"
+