diff --git a/.github/scripts/variables.sh b/.github/scripts/variables.sh
index 726ed04d8b..5742c99cf9 100755
--- a/.github/scripts/variables.sh
+++ b/.github/scripts/variables.sh
@@ -51,11 +51,11 @@ case $INPUT in
     ;;
 
   build_tag)
-    echo "build_tag=$(get_build_tag)"
+    echo "build_tag=t-$(get_build_tag)"
     ;;
 
   stable_tag)
-    echo "stable_tag=$(get_stable_tag)"
+    echo "stable_tag=s-$(get_stable_tag)"
     ;;
 
   *)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 18137512b7..85f92c7287 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -46,6 +46,7 @@ jobs:
       stable_tag: ${{ steps.vars.outputs.stable_tag }}
       forked_workflow: ${{ steps.vars.outputs.forked_workflow }}
       stable_image_exists: ${{ steps.stable_exists.outputs.exists }}
+      additional_tag: ${{ steps.vars.outputs.additional_tag }}
     steps:
       - name: Checkout Repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -104,6 +105,13 @@ jobs:
           ./.github/scripts/variables.sh docker_md5 >> $GITHUB_OUTPUT
           ./.github/scripts/variables.sh build_tag >> $GITHUB_OUTPUT
           ./.github/scripts/variables.sh stable_tag >> $GITHUB_OUTPUT
+          ref=${{ github.ref_name }}
+          if [[ $ref =~ merge ]]; then
+            additional_tag="pr-${ref%*/merge}"
+          else
+            additional_tag="${ref//\//-}"
+          fi
+          echo "additional_tag=${additional_tag}" >> $GITHUB_OUTPUT
           cat $GITHUB_OUTPUT
 
       - name: Fetch Cached Binary Artifacts
@@ -166,6 +174,7 @@ jobs:
           echo stable_tag: ${{ steps.vars.outputs.stable_tag }}
           echo forked_workflow: ${{ steps.vars.outputs.forked_workflow }}
           echo stable_image_exists: ${{ steps.stable_exists.outputs.exists }}
+          echo additional_tag: ${{ steps.vars.outputs.additional_tag }}
 
   unit-tests:
     name: Unit Tests
@@ -411,6 +420,20 @@ jobs:
       pull-requests: write # for scout report
     secrets: inherit
 
+  tag-target:
+    name: Tag untested image with PR number
+    needs: [checks, build-docker, build-docker-plus, build-docker-nap]
+    permissions:
+      contents: read # To checkout repository
+      id-token: write # To sign into Google Container Registry
+    uses: ./.github/workflows/retag-images.yml
+    with:
+      source_tag: ${{ needs.checks.outputs.build_tag }}
+      target_tag: ${{ needs.checks.outputs.additional_tag }}
+      dry_run: false
+    secrets: inherit
+    if: ${{ inputs.force || (needs.checks.outputs.forked_workflow == 'false' && needs.checks.outputs.stable_image_exists != 'true' && needs.checks.outputs.docs_only == 'false') }}
+
   helm-tests:
     if: ${{ needs.checks.outputs.docs_only != 'true' }}
     name: Helm Tests ${{ matrix.base-os }}