diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 1b93903..e6854ae 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -15,7 +15,12 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Free disk space
+        run: |
+          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache
+          sudo apt-get clean
+          df -h
+      - uses: actions/checkout@v4
       - name: Build the full Docker image
         run: docker build --file Dockerfile --tag streamlitapp:latest --build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} --output type=tar,dest=/dev/null .
 
@@ -26,6 +31,11 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Free disk space
+        run: |
+          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache
+          sudo apt-get clean
+          df -h
+      - uses: actions/checkout@v4
       - name: Build the ARM64 Docker image
         run: docker build --file Dockerfile.arm --tag streamlitapp:latest-arm64 --build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} --output type=tar,dest=/dev/null .
\ No newline at end of file
diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml
index 7f6514b..714e854 100644
--- a/.github/workflows/publish-docker-images.yml
+++ b/.github/workflows/publish-docker-images.yml
@@ -8,7 +8,7 @@ on:
     inputs:
       tag:
         description: 'Release tag to build (e.g., v0.9.15)'
-        required: true
+        required: false
 
 jobs:
 
@@ -31,15 +31,23 @@ jobs:
         run: |
           if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
             TAG="${{ github.event.inputs.tag }}"
-            SHA=$(gh api repos/${{ github.repository }}/git/ref/tags/${TAG} --jq '.object.sha')
+            if [ -n "$TAG" ]; then
+              SHA=$(gh api repos/${{ github.repository }}/git/ref/tags/${TAG} --jq '.object.sha')
+              VERSION="${TAG#v}"
+            else
+              # No tag — build from branch HEAD
+              SHA="${{ github.sha }}"
+              VERSION="${{ github.ref_name }}"
+            fi
           else
             # workflow_run: get the tag from the head branch (release events set head_branch to the tag)
             TAG="${{ github.event.workflow_run.head_branch }}"
             SHA="${{ github.event.workflow_run.head_sha }}"
+            VERSION="${TAG#v}"
           fi
 
-          # Strip leading 'v' for version
-          VERSION="${TAG#v}"
+          # Sanitize VERSION for valid Docker tags: replace / with -, strip invalid chars
+          VERSION=$(echo "$VERSION" | tr '/' '-' | tr -cd 'A-Za-z0-9_.-')
 
           echo "Resolved tag=${TAG} version=${VERSION} sha=${SHA}"
           echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
@@ -82,6 +90,7 @@ jobs:
           file: Dockerfile
           push: true
           tags: ${{ env.IMAGE }}:${{ needs.resolve-tag.outputs.version }}-amd64
+          provenance: false
           build-args: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
           cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache-amd64
@@ -124,6 +133,7 @@ jobs:
           file: Dockerfile.arm
           push: true
           tags: ${{ env.IMAGE }}:${{ needs.resolve-tag.outputs.version }}-arm64
+          provenance: false
           build-args: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
           cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache-arm64
diff --git a/Dockerfile b/Dockerfile
index 383be30..628c2a0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,7 +32,6 @@ ARG OPENMS_BRANCH=FVdeploy
 ARG PORT=8501
 # GitHub token to download latest OpenMS executable for Windows from Github action artifact.
 ARG GITHUB_TOKEN
-ENV GH_TOKEN=${GITHUB_TOKEN}
 # Streamlit app Gihub user name (to download artifact from).
 ARG GITHUB_USER=OpenMS
 # Streamlit app Gihub repository name (to download artifact from).
@@ -90,7 +89,7 @@ RUN mkdir /thirdparty && \
     cp -r THIRDPARTY/All/* /thirdparty && \
     cp -r THIRDPARTY/Linux/x86_64/* /thirdparty && \
     chmod -R +x /thirdparty
-ENV PATH="/thirdparty/LuciPHOr2:/thirdparty/MSGFPlus:/thirdparty/Sirius:/thirdparty/ThermoRawFileParser:/thirdparty/Comet:/thirdparty/Fido:/thirdparty/MaRaCluster:/thirdparty/MyriMatch:/thirdparty/OMSSA:/thirdparty/Percolator:/thirdparty/SpectraST:/thirdparty/XTandem:/thirdparty/crux:${PATH}"
+ENV PATH="/thirdparty/LuciPHOr2:/thirdparty/MSGFPlus:/thirdparty/ThermoRawFileParser:/thirdparty/Comet:/thirdparty/Percolator:/thirdparty/Sage:${PATH}"
 
 # Build OpenMS and pyOpenMS.
 FROM setup-build-system AS compile-openms
@@ -190,7 +189,7 @@ service cron start\n\
 \n\
 # Start Redis server in background\n\
 echo "Starting Redis server..."\n\
-redis-server --daemonize yes --dir /var/lib/redis --appendonly no\n\
+redis-server --daemonize yes --dir /var/lib/redis --appendonly no --ignore-warnings ARM64-COW-BUG\n\
 \n\
 # Wait for Redis to be ready\n\
 until redis-cli ping > /dev/null 2>&1; do\n\
@@ -250,11 +249,15 @@ RUN mamba run -n streamlit-env python hooks/hook-analytics.py
 RUN jq '.online_deployment = true' settings.json > tmp.json && mv tmp.json settings.json
 
 # Download latest OpenMS App executable as a ZIP file
-RUN if [ -n "$GH_TOKEN" ]; then \
-        echo "GH_TOKEN is set, proceeding to download the release asset..."; \
-        gh release download -R ${GITHUB_USER}/${GITHUB_REPO} -p "OpenMS-App.zip" -D /app; \
+# Re-declare ARGs needed in this stage (ARGs don't persist across FROM)
+ARG GITHUB_TOKEN
+ARG GITHUB_USER=OpenMS
+ARG GITHUB_REPO=FLASHApp
+RUN if [ -n "$GITHUB_TOKEN" ]; then \
+        echo "Downloading release asset..."; \
+        GH_TOKEN="$GITHUB_TOKEN" gh release download -R ${GITHUB_USER}/${GITHUB_REPO} -p "OpenMS-App.zip" -D /app; \
     else \
-        echo "GH_TOKEN is not set, skipping the release asset download."; \
+        echo "No token, skipping download."; \
     fi
 
 
diff --git a/Dockerfile.arm b/Dockerfile.arm
index 6666104..92c9c84 100644
--- a/Dockerfile.arm
+++ b/Dockerfile.arm
@@ -32,7 +32,6 @@ ARG OPENMS_BRANCH=FVdeploy
 ARG PORT=8501
 # GitHub token to download latest OpenMS executable for Windows from Github action artifact.
 ARG GITHUB_TOKEN
-ENV GH_TOKEN=${GITHUB_TOKEN}
 # Streamlit app Gihub user name (to download artifact from).
 ARG GITHUB_USER=OpenMS
 # Streamlit app Gihub repository name (to download artifact from).
@@ -192,7 +191,7 @@ service cron start\n\
 \n\
 # Start Redis server in background\n\
 echo "Starting Redis server..."\n\
-redis-server --daemonize yes --dir /var/lib/redis --appendonly no\n\
+redis-server --daemonize yes --dir /var/lib/redis --appendonly no --ignore-warnings ARM64-COW-BUG\n\
 \n\
 # Wait for Redis to be ready\n\
 until redis-cli ping > /dev/null 2>&1; do\n\
@@ -252,11 +251,15 @@ RUN mamba run -n streamlit-env python hooks/hook-analytics.py
 RUN jq '.online_deployment = true' settings.json > tmp.json && mv tmp.json settings.json
 
 # Download latest OpenMS App executable as a ZIP file
-RUN if [ -n "$GH_TOKEN" ]; then \
-        echo "GH_TOKEN is set, proceeding to download the release asset..."; \
-        gh release download -R ${GITHUB_USER}/${GITHUB_REPO} -p "OpenMS-App.zip" -D /app; \
+# Re-declare ARGs needed in this stage (ARGs don't persist across FROM)
+ARG GITHUB_TOKEN
+ARG GITHUB_USER=OpenMS
+ARG GITHUB_REPO=FLASHApp
+RUN if [ -n "$GITHUB_TOKEN" ]; then \
+        echo "Downloading release asset..."; \
+        GH_TOKEN="$GITHUB_TOKEN" gh release download -R ${GITHUB_USER}/${GITHUB_REPO} -p "OpenMS-App.zip" -D /app; \
     else \
-        echo "GH_TOKEN is not set, skipping the release asset download."; \
+        echo "No token, skipping download."; \
     fi