diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7de41cb..d1ab9d2 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -36,12 +36,12 @@ jobs:
     runs-on: ubuntu-24.04
 
     permissions:
-      contents: 'read'
-      id-token: 'write'
+      contents: "read"
+      id-token: "write"
 
     env:
-      IMAGE_NAME: 'hexdocs'
-      PROJECT_ID: 'hexpm-prod'
+      IMAGE_NAME: "hexdocs"
+      PROJECT_ID: "hexpm-prod"
       SERVICE_ACCOUNT: ${{ secrets.GCLOUD_SERVICE_ACCOUNT }}
       WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCLOUD_WORKFLOW_IDENTITY_POOL_PROVIDER }}
 
@@ -59,20 +59,22 @@ jobs:
 
       - name: Google auth
         id: auth
-        uses: 'google-github-actions/auth@v2'
+        uses: "google-github-actions/auth@v2"
+        if: ${{ github.event_name != 'pull_request' }}
         with:
-          token_format: 'access_token'
+          token_format: "access_token"
           project_id: ${{ env.PROJECT_ID }}
           service_account: ${{ env.SERVICE_ACCOUNT }}
           workload_identity_provider: ${{ env.WORKLOAD_IDENTITY_PROVIDER }}
 
       - name: Docker Auth
         id: docker-auth
-        uses: 'docker/login-action@v3'
+        uses: "docker/login-action@v3"
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           registry: gcr.io
-          username: 'oauth2accesstoken'
-          password: '${{ steps.auth.outputs.access_token }}'
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
 
       - name: Build and push
         uses: docker/build-push-action@v6