diff --git a/.github/workflows/chicmoz-prod.yml b/.github/workflows/chicmoz-prod.yml
index af41be93..f40a98f7 100644
--- a/.github/workflows/chicmoz-prod.yml
+++ b/.github/workflows/chicmoz-prod.yml
@@ -36,8 +36,10 @@ jobs:
       - name: Log in to DigitalOcean Container Registry with short-lived credentials
         run: doctl registry login --expiry-seconds 600
 
-      - name: Remove all old images
-        run: if [ ! -z "$(doctl registry repository list | grep "$(echo $IMAGE_NAME)")" ]; then doctl registry repository delete-manifest $(echo $IMAGE_NAME) $(doctl registry repository list-tags $(echo $IMAGE_NAME) | grep -o "sha.*") --force; else echo "No repository"; fi
+      - name: Cleanup old images
+        run: |
+          chmod +x "./cleanup-script.sh"
+          "./cleanup-script.sh"
 
       - name: Save DigitalOcean kubeconfig
         run: doctl kubernetes cluster kubeconfig save chicmoz-prod
diff --git a/.github/workflows/cleanup-script.sh b/.github/workflows/cleanup-script.sh
new file mode 100644
index 00000000..30e3660a
--- /dev/null
+++ b/.github/workflows/cleanup-script.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Function to delete old tags for a given repository
+delete_old_tags() {
+    local repo="$1"
+    echo "Processing repository: $repo"
+    
+    # List tags and filter for SHA-based tags, excluding the most recent 5
+    SHA_TAGS=$(doctl registry repository list-tags "$repo" --format Tag --no-header | grep -E '^sha' | sort -r | tail -n +6)
+    
+    # Delete each old SHA-based tag
+    while IFS= read -r tag; do
+        echo "Deleting tag: $tag from repository: $repo"
+        doctl registry repository delete-manifest "$repo" "$tag" --force
+    done <<< "$SHA_TAGS"
+}
+
+# List all repositories in the registry
+REPOS=$(doctl registry repository list --format Name --no-header)
+
+# Process each repository
+while IFS= read -r repo; do
+    delete_old_tags "$repo"
+done <<< "$REPOS"
+
+echo "Cleanup completed."