diff --git a/.github/workflows/_container.yml b/.github/workflows/_container.yml
index da5e4936..c6cd4697 100644
--- a/.github/workflows/_container.yml
+++ b/.github/workflows/_container.yml
@@ -1,5 +1,9 @@
 on:
   workflow_call:
+    inputs:
+      publish:
+        type: boolean
+        description: If true, pushes image to container registry
 
 jobs:
   build:
@@ -47,7 +51,7 @@ jobs:
             type=raw,value=latest
 
       - name: Push cached image to container registry
-        if: github.ref_type == 'tag'
+        if: inputs.publish && github.ref_type == 'tag'
         uses: docker/build-push-action@v6
         env:
           DOCKER_BUILD_RECORD_UPLOAD: false
diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml
index a1cafcae..e9e8ad97 100644
--- a/.github/workflows/_docs.yml
+++ b/.github/workflows/_docs.yml
@@ -1,5 +1,10 @@
 on:
   workflow_call:
+    inputs:
+      publish:
+        type: boolean
+        description: If true, publishes docs to gh-pages
+
 
 jobs:
   build:
@@ -44,7 +49,7 @@ jobs:
         run: python .github/pages/make_switcher.py --add $DOCS_VERSION ${{ github.repository }} .github/pages/switcher.json
 
       - name: Publish Docs to gh-pages
-        if: github.ref_type == 'tag' || github.ref_name == 'main'
+        if: inputs.publish && (github.ref_type == 'tag' || github.ref_name == 'main')
         # We pin to the SHA, not the tag, for security reasons.
         # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
         uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 223b73ec..4db61ffc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,6 +24,8 @@ jobs:
 
   docs:
     uses: ./.github/workflows/_docs.yml
+    with:
+      publish: ${{needs.test.result == 'success'}}
     permissions:
       contents: write
 
@@ -35,8 +37,8 @@ jobs:
       EXAMPLE_DEPLOY_KEY: ${{ secrets.EXAMPLE_DEPLOY_KEY }}
 
   release:
+    needs: [test, docs]
     if: github.ref_type == 'tag'
-    needs: docs
     uses: ./.github/workflows/_release.yml
     permissions:
       contents: write
diff --git "a/template/{% if git_platform==\"github.com\" %}.github{% endif %}/workflows/ci.yml.jinja" "b/template/{% if git_platform==\"github.com\" %}.github{% endif %}/workflows/ci.yml.jinja"
index cf2f0799..3879925a 100644
--- "a/template/{% if git_platform==\"github.com\" %}.github{% endif %}/workflows/ci.yml.jinja"	
+++ "b/template/{% if git_platform==\"github.com\" %}.github{% endif %}/workflows/ci.yml.jinja"	
@@ -27,29 +27,36 @@ jobs:
       python-version: ${{ matrix.python-version }}
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-{% endraw %}{% if docker %}
+{% endraw %}{% if docker %}{% raw %}
   container:
+    needs: test
+    if: always()
     uses: ./.github/workflows/_container.yml
+    with:
+      publish: ${{ needs.test.result == 'success' }}
     permissions:
       contents: read
       packages: write
-{% endif %}{% if sphinx %}
+{% endraw %}{% endif %}{% if sphinx %}{% raw %}
   docs:
     uses: ./.github/workflows/_docs.yml
-{% endif %}
+    with:
+      publish: ${{ needs.test.result == 'success' }}
+
+{% endraw %}{% endif %}
   dist:
     uses: ./.github/workflows/_dist.yml
   {% if pypi %}
   pypi:
+    needs: [dist, test]
     if: github.ref_type == 'tag'
-    needs: dist
     uses: ./.github/workflows/_pypi.yml
     permissions:
       id-token: write
   {% endif %}
   release:
+    needs: [dist, test{% if sphinx %}, docs{% endif %}]
     if: github.ref_type == 'tag'
-    needs: [dist{% if sphinx %}, docs{% endif %}]
     uses: ./.github/workflows/_release.yml
     permissions:
       contents: write