diff --git a/.github/workflow/docker.yml b/.github/workflow/docker.yml
deleted file mode 100644
index 4653fb7..0000000
--- a/.github/workflow/docker.yml
+++ /dev/null
@@ -1,197 +0,0 @@
-# Example modified from https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
-name: Create and publish a Docker image
-
-# Configures this workflow to run every time a change is pushed to selected tags and branches
-on:
-  pull_request:
-    branches:
-      - main
-  push:
-    branches:
-      - main
-    tags:
-      - v**
-
-# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
-# This job is configured to run on the latest available version of Ubuntu.
-jobs:
-  build-and-push-image:
-    runs-on: ubuntu-latest
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
-    permissions:
-      contents: read
-      packages: write
-    outputs:
-      commit_hash: ${{ steps.get_commit_hash.outputs.commit_hash }}
-      sha256: ${{ steps.calculate_checksum.outputs.sha256 }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      # Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
-      - name: Log in to the Container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.PAT_TOKEN }}
-      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
-      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
-      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-      - name: Build connector definition
-        run: |
-          set -e pipefail
-          export DOCKER_IMAGE=$(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[0]')
-          make build
-        working-directory: ./connector-definition
-      - name: Build connector definition
-        run: |
-          set -e pipefail
-          export DOCKER_IMAGE=$(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[0]')
-          make build
-        working-directory: ./connector-definition
-      - uses: actions/upload-artifact@v4
-        with:
-          name: connector-definition.tgz
-          path: ./connector-definition/dist/connector-definition.tgz
-          compression-level: 0 # Already compressed
-
-      - name: Calculate SHA256 checksum
-        id: calculate_checksum
-        run: |
-          SHA256=$(sha256sum ./connector-definition/dist/connector-definition.tgz | awk '{ print $1 }')
-          echo "sha256=$SHA256" >> $GITHUB_OUTPUT
-
-      - name: Get commit hash
-        id: get_commit_hash
-        run: |
-          COMMIT_HASH=$(git rev-parse HEAD)
-          echo "commit_hash=$COMMIT_HASH" >> $GITHUB_OUTPUT
-
-  release-connector:
-    name: Release connector
-    runs-on: ubuntu-latest
-    needs: build-and-push-image
-    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@v4
-        with:
-          name: connector-definition.tgz
-          path: ./connector-definition/dist
-      - name: Get version from tag
-        id: get-version
-        run: |
-          echo "tagged_version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
-        shell: bash
-      - uses: mindsers/changelog-reader-action@v2
-        id: changelog-reader
-        with:
-          version: ${{ steps.get-version.outputs.tagged_version }}
-          path: ./CHANGELOG.md
-      - uses: softprops/action-gh-release@v1
-        with:
-          draft: false
-          tag_name: v${{ steps.get-version.outputs.tagged_version }}
-          body: ${{ steps.changelog-reader.outputs.changes }}
-          files: |
-            ./connector-definition/dist/connector-definition.tgz
-          fail_on_unmatched_files: true
-      - name: Update ndc-hub
-        env:
-          REGISTRY_NAME: hasura
-          CONNECTOR_NAME: singlestore
-          COMMIT_HASH: ${{ needs.build-and-push-image.outputs.commit_hash }}
-          SHA256: ${{ needs.build-and-push-image.outputs.sha256 }}
-          GH_TOKEN: ${{ secrets.PAT_TOKEN }}
-        run: |
-          # Clone ndc-hub repository
-          git clone https://github.com/hasura/ndc-hub.git
-          cd ndc-hub
-
-          # Create a new branch
-          NEW_BRANCH="update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }}"
-          git checkout -b $NEW_BRANCH
-
-          # Create releases directory if it doesn't exist
-          mkdir -p registry/${{ env.REGISTRY_NAME }}/${{ env.CONNECTOR_NAME }}/releases/v${{ steps.get-version.outputs.tagged_version }}
-
-          cd registry/${{ env.REGISTRY_NAME }}/${{ env.CONNECTOR_NAME }}
-
-          # Create connector-packaging.json
-          cat << EOF > releases/v${{ steps.get-version.outputs.tagged_version }}/connector-packaging.json
-          {
-            "version": "${{ steps.get-version.outputs.tagged_version }}",
-            "uri": "https://github.com/${{ github.repository }}/releases/download/v${{ steps.get-version.outputs.tagged_version }}/connector-definition.tgz",
-            "checksum": {
-              "type": "sha256",
-              "value": "$SHA256"
-            },
-            "source": {
-              "hash": "$COMMIT_HASH"
-            }
-          }
-          EOF
-
-          # Update metadata.json to remove 'packages' field if it exists and update 'latest_version'
-          jq --arg version_tag "v${{ steps.get-version.outputs.tagged_version }}" \
-            --arg commit_hash "$COMMIT_HASH" \
-            'if has("packages") then del(.packages) else . end | 
-              .overview.latest_version = $version_tag |
-              if has("source_code") then
-                .source_code.version += [{
-                  "tag": $version_tag,
-                  "hash": $commit_hash,
-                  "is_verified": false
-                }]
-              else
-                . + {"source_code": {"version": [{
-                  "tag": $version_tag,
-                  "hash": $commit_hash,
-                  "is_verified": false
-                }]}}
-              end' \
-            metadata.json > tmp.json && mv tmp.json metadata.json
-
-          cp ../../../../README.md ./README.md
-
-          # Commit changes
-          git config user.name "GitHub Action"
-          git config user.email "action@github.com"
-          git add metadata.json README.md releases
-          git commit -m "Update ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}"
-
-          # Push changes
-          git push https://${{ secrets.PAT_TOKEN }}@github.com/hasura/ndc-hub.git HEAD:update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }}
-
-
-          # Create PR using GitHub CLI
-          cd ../..
-          gh pr create --repo hasura/ndc-hub \
-            --base main \
-            --head $NEW_BRANCH \
-            --title "Update ${{ env.CONNECTOR_NAME }} connector to v${{ steps.get-version.outputs.tagged_version }}" \
-            --body "This PR updates the ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}."
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 4653fb7..07e55fb 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -25,6 +25,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+      attestations: write
+      id-token: write
     outputs:
       commit_hash: ${{ steps.get_commit_hash.outputs.commit_hash }}
       sha256: ${{ steps.calculate_checksum.outputs.sha256 }}
@@ -126,7 +128,7 @@ jobs:
           CONNECTOR_NAME: singlestore
           COMMIT_HASH: ${{ needs.build-and-push-image.outputs.commit_hash }}
           SHA256: ${{ needs.build-and-push-image.outputs.sha256 }}
-          GH_TOKEN: ${{ secrets.PAT_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           # Clone ndc-hub repository
           git clone https://github.com/hasura/ndc-hub.git