diff --git a/.github/workflows/cli.yml b/.github/workflows/cli.yml
index ceb666c67d..512f716f98 100644
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -1,16 +1,17 @@
 name: CLI Build
 on:
-  workflow_dispatch:
   push:
     branches: [main]
     paths:
-      - "cli/**"
-      - ".github/workflows/cli.yml"
+      - 'cli/**'
+      - '.github/workflows/cli.yml'
   pull_request:
     branches: [main]
     paths:
-      - "cli/**"
-      - ".github/workflows/cli.yml"
+      - 'cli/**'
+      - '.github/workflows/cli.yml'
+  release:
+    types: [published]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -32,8 +33,8 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:
-          node-version: "20.x"
-          registry-url: "https://registry.npmjs.org"
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
       - name: Prepare SDK
         run: npm ci --prefix ../open-api/typescript-sdk/
       - name: Build SDK
@@ -41,7 +42,7 @@ jobs:
       - run: npm ci
       - run: npm run build
       - run: npm publish
-        if: ${{ github.event_name == 'workflow_dispatch' }}
+        if: ${{ github.event_name == 'release' }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
@@ -83,15 +84,15 @@ jobs:
           images: |
             name=ghcr.io/${{ github.repository_owner }}/immich-cli
           tags: |
-            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'workflow_dispatch' }}
-            type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' }}
+            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'release' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and push image
         uses: docker/build-push-action@v5.4.0
         with:
           file: cli/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name == 'workflow_dispatch' }}
+          push: ${{ github.event_name == 'release' }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: ${{ steps.metadata.outputs.tags }}
diff --git a/misc/release/pump-version.sh b/misc/release/pump-version.sh
index 81c9cbabb3..b90d265bf9 100755
--- a/misc/release/pump-version.sh
+++ b/misc/release/pump-version.sh
@@ -66,10 +66,12 @@ if [ "$CURRENT_SERVER" != "$NEXT_SERVER" ]; then
   npm --prefix server run build
   make open-api
   npm --prefix open-api/typescript-sdk version "$SERVER_PUMP"
-  npm --prefix web version "$SERVER_PUMP"
-  npm --prefix e2e version "$SERVER_PUMP"
-  npm --prefix web i --package-lock-only
+  # TODO use $SERVER_PUMP once we pass 2.2.x
+  npm --prefix cli version patch
   npm --prefix cli i --package-lock-only
+  npm --prefix web version "$SERVER_PUMP"
+  npm --prefix web i --package-lock-only
+  npm --prefix e2e version "$SERVER_PUMP"
   npm --prefix e2e i --package-lock-only
   poetry --directory machine-learning version "$SERVER_PUMP"
 fi