diff --git a/.gitea/workflows/server.yaml b/.gitea/workflows/server.yaml
index 2914a0a..d1f7afe 100644
--- a/.gitea/workflows/server.yaml
+++ b/.gitea/workflows/server.yaml
@@ -3,6 +3,15 @@ run-name: ${{ gitea.actor }} is building the Server application
 on: [ push ]
 
 jobs:
+  preprocess:
+    runs-on: ubuntu-latest
+    outputs:
+      sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }}
+    steps:
+      - name: Sanitize branch name
+        id: sanitize
+        run: echo "::set-output name=sanitized_branch_name::$(echo $BRANCH_NAME | sed 's/\//-/g')"
+
   build:
     runs-on: ubuntu-latest
     steps:
@@ -17,6 +26,7 @@ jobs:
         run: |
           dotnet build Server -c Release
       #         dotnet test Server.Tests -c Release
+
   sonarqube:
     needs: build
     runs-on: ubuntu-latest
@@ -48,6 +58,7 @@ jobs:
       - name: Sonarqube End
         run: |
           dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+
   sbom-scan:
     needs: build
     runs-on: ubuntu-latest
@@ -77,10 +88,11 @@ jobs:
           # set projectversion to be the branch name
           projectVersion: "${{ github.ref_name }}"
           bomFilename: "${{ github.workspace }}/bom.xml"
+
   container-build:
     runs-on: ubuntu-latest
     container: catthehacker/ubuntu:act-latest
-    needs: build
+    needs: [ build, preprocess ]
     steps:
       - uses: actions/checkout@v3
       - name: Setup dotnet
@@ -105,10 +117,20 @@ jobs:
           context: .
           file: Server/Dockerfile
           push: true
-          tags: forge.rainote.dev/${{ github.repository }}:${{ github.ref_name }}
+          tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
           platforms: linux/amd64
+      - name: Build and push to latest
+        if: github.ref_name == 'master'
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Server/Dockerfile
+          push: true
+          tags: forge.rainote.dev/${{ github.repository }}:latest
+          platforms: linux/amd64
+
   container-sbom-scan:
-    needs: container-build
+    needs: [ container-build, preprocess ]
     runs-on: ubuntu-latest
     container: catthehacker/ubuntu:act-latest
     steps:
@@ -133,7 +155,7 @@ jobs:
           password: ${{ secrets.REGISTRY_TOKEN }}
       - name: Generate SBOM
         run: |
-          docker sbom forge.rainote.dev/${{ github.repository }}:${{ github.ref_name }} --format cyclonedx-json --output bom.json
+          docker sbom forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }} --format cyclonedx-json --output bom.json
       - name: Upload SBOM
         uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
         with:
@@ -144,3 +166,4 @@ jobs:
           # set projectversion to be the branch name
           projectVersion: "${{ github.ref_name }}"
           bomFilename: "${{ github.workspace }}/bom.json"
+