diff --git a/.github/workflows/empty-worksapce-smoke-test-on-minikube-ubi10.yaml b/.github/workflows/empty-worksapce-smoke-test-on-minikube-ubi10.yaml
new file mode 100644
index 00000000..b5e79fa6
--- /dev/null
+++ b/.github/workflows/empty-worksapce-smoke-test-on-minikube-ubi10.yaml
@@ -0,0 +1,254 @@
+#
+# Copyright (c) 2019-2025 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+# Contributors:
+#   Red Hat, Inc. - initial API and implementation
+#
+
+name: Empty workspace smoke test on udi10
+on:
+  workflow_run:
+    workflows: ["Pull Request Check UBI 10"]
+    types:
+      - completed
+    branches:
+      - '**'
+
+env:
+  # Use repository variable if set, otherwise fallback to default registry
+  REGISTRY: ${{ vars.REGISTRY || 'quay.io/devfile' }}
+  TS_API_TEST_KUBERNETES_COMMAND_LINE_TOOL: kubectl
+  DEPLOYMENT_TIMEOUT: 90s
+
+jobs:
+  workspace-api-tests-on-minikube:
+    if: github.event.workflow_run.conclusion == 'success'
+    strategy:
+      fail-fast: false
+      matrix:
+        runners: ['ubuntu-22.04', 'ubuntu-22.04-arm']
+    runs-on: ${{matrix.runners}}
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Free runner space
+      run: |
+        sudo rm -rf /usr/local/lib/android
+    - name: Get PR number
+      run: |
+        pr_number="${{ github.event.workflow_run.pull_requests[0].number }}"
+        if [ -z "$pr_number" ] || [ "$pr_number" == "null" ]; then
+          pr_number=$(echo "${{ github.event.workflow_run.head_branch }}" | grep -oE '[0-9]+' | head -1 || echo "")
+        fi
+        if [ -z "$pr_number" ]; then
+          echo "Error: Could not extract PR number from workflow_run event"
+          exit 1
+        fi
+        echo "PR_NUMBER=$pr_number" >> $GITHUB_ENV
+        echo ">>>>>>>>>>>$pr_number"
+
+    - name: Cleanup build-in images
+      run: |
+        # remove build-in images from the VM because it is not used
+        docker rmi -f $(docker images -aq)
+
+    - name: Set arch environment variable
+      run: |
+        if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then
+          echo arch="amd64" >> $GITHUB_ENV
+        else
+          echo arch="arm64" >> $GITHUB_ENV
+        fi
+
+    - name: Start minikube cluster
+      run: |
+        curl -LO https://github.com/kubernetes/minikube/releases/latest/download/minikube-linux-${{env.arch}}
+        install minikube-linux-${{env.arch}} /usr/local/bin/minikube && rm minikube-linux-${{env.arch}}
+        minikube start --vm-driver=docker --addons=ingress --cpus 2 --memory 6500
+
+    - name: Login to Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
+
+    - name: Pull UDI image into minikube
+      run: |
+        eval $(minikube docker-env)
+        docker pull ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-ubi10-pr-${{ env.PR_NUMBER }}
+        docker tag ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-ubi10-pr-${{ env.PR_NUMBER }} ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{ env.PR_NUMBER }}
+
+    - name: Checkout DWO
+      uses: actions/checkout@master
+      with:
+        repository: devfile/devworkspace-operator
+        path: devworkspace-operator
+
+    - name: Setup cert manager
+      run: |
+        cd devworkspace-operator
+        make install_cert_manager
+        kubectl wait deployment -n cert-manager cert-manager --for condition=Available=True --timeout=$DEPLOYMENT_TIMEOUT
+        kubectl wait deployment -n cert-manager cert-manager-cainjector --for condition=Available=True --timeout=$DEPLOYMENT_TIMEOUT
+        kubectl wait deployment -n cert-manager cert-manager-webhook --for condition=Available=True --timeout=$DEPLOYMENT_TIMEOUT
+
+    - name: Setup DWO
+      run: |
+        cd devworkspace-operator
+        make install
+        kubectl rollout status deployment -n devworkspace-controller devworkspace-controller-manager --timeout=$DEPLOYMENT_TIMEOUT
+        kubectl rollout status deployment -n devworkspace-controller devworkspace-webhook-server --timeout=$DEPLOYMENT_TIMEOUT
+        kubectl wait deployment -n devworkspace-controller devworkspace-webhook-server --for condition=Available=True --timeout=$DEPLOYMENT_TIMEOUT
+        kubectl wait deployment -n devworkspace-controller devworkspace-controller-manager --for condition=Available=True --timeout=$DEPLOYMENT_TIMEOUT
+
+    - name: Check that UDI is present in the image list
+      run: |
+        minikube image list --format table
+
+    - name: Install NodeJs
+      uses: actions/setup-node@v4
+
+    - name: Checkout tests codebase
+      uses: actions/checkout@master
+      with:
+        ref: api-test-with-clone-project-without-generating
+        repository: eclipse/che
+        path: che
+
+    # Host devfile locally.
+    # Use the insiders tag for the che-code image and the PR number for the universal-developer-image
+    - name: Host devfile locally
+      run: |
+        kubectl apply -f - <<EOF
+        apiVersion: v1
+        kind: ConfigMap
+        metadata:
+          name: devfile.yaml
+        data:
+          devfile.yaml: |
+            schemaVersion: 2.2.2
+            metadata:
+              name: che-code
+            commands:
+              - id: init-container-command
+                apply:
+                  component: che-code-injector
+              - id: init-che-code-command
+                exec:
+                  component: che-code-runtime-description
+                  commandLine: nohup /checode/entrypoint-volume.sh > /checode/entrypoint-logs.txt 2>&1 &
+            events:
+              preStart:
+                - init-container-command
+              postStart:
+                - init-che-code-command
+            components:
+              - name: che-code-injector
+                container:
+                  image: quay.io/che-incubator/che-code:insiders
+                  command:
+                    - /entrypoint-init-container.sh
+                  volumeMounts:
+                    - name: checode
+                      path: /checode
+                  memoryLimit: 256Mi
+                  memoryRequest: 32Mi
+                  cpuLimit: 500m
+                  cpuRequest: 30m
+              - name: che-code-runtime-description
+                container:
+                  image: ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{ env.PR_NUMBER }}
+                  memoryLimit: 1024Mi
+                  memoryRequest: 256Mi
+                  cpuLimit: 500m
+                  cpuRequest: 30m
+                  volumeMounts:
+                    - name: checode
+                      path: /checode
+                  endpoints:
+                    - name: che-code
+                      attributes:
+                        type: main
+                        cookiesAuthEnabled: true
+                        discoverable: false
+                        urlRewriteSupported: true
+                      targetPort: 3100
+                      exposure: public
+                      secure: true
+                      protocol: https
+                    - name: code-redirect-1
+                      targetPort: 13131
+                      exposure: public
+                      protocol: https
+                      attributes:
+                        discoverable: false
+                        urlRewriteSupported: false
+                    - name: code-redirect-2
+                      targetPort: 13132
+                      exposure: public
+                      protocol: https
+                      attributes:
+                        discoverable: false
+                        urlRewriteSupported: false
+                    - name: code-redirect-3
+                      targetPort: 13133
+                      exposure: public
+                      protocol: https
+                      attributes:
+                        discoverable: false
+                        urlRewriteSupported: false
+                attributes:
+                  app.kubernetes.io/component: che-code-runtime
+                  app.kubernetes.io/part-of: che-code.eclipse.org
+                  controller.devfile.io/container-contribution: true
+              - name: checode
+                volume: {}
+        ---
+        apiVersion: v1
+        kind: Pod
+        metadata:
+          name: file-server
+          labels:
+            app: file-server
+        spec:
+          containers:
+            - name: nginx-container
+              image: nginx
+              ports:
+                - containerPort: 80
+              volumeMounts:
+                - name: server-volume
+                  mountPath: /usr/share/nginx/html
+                  readOnly: true
+          volumes:
+            - name: server-volume
+              configMap:
+                name: devfile.yaml
+        ---        
+        apiVersion: v1
+        kind: Service
+        metadata:
+          name: file-service
+        spec:
+          selector:
+            app: file-server
+          ports:
+            - protocol: TCP
+              port: 80
+              targetPort: 80
+        EOF
+
+    - name: Run Empty workspace smoke test
+      run: |
+        export TS_API_TEST_UDI_IMAGE=${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{ env.PR_NUMBER }}
+        export TS_API_TEST_CHE_CODE_EDITOR_DEVFILE_URI=http://file-service.default.svc:80/devfile.yaml
+        cd che/tests/e2e
+        npm i
+        npm run driver-less-test
diff --git a/.github/workflows/empty-worksapce-smoke-test-on-minikube-ubi9.yaml b/.github/workflows/empty-worksapce-smoke-test-on-minikube-ubi9.yaml
index 58105d4e..d33496ba 100644
--- a/.github/workflows/empty-worksapce-smoke-test-on-minikube-ubi9.yaml
+++ b/.github/workflows/empty-worksapce-smoke-test-on-minikube-ubi9.yaml
@@ -12,22 +12,22 @@
 
 name: Empty workspace smoke test on udi9
 on:
-  pull_request:
-    paths-ignore:
-      - '**/*.md'
-      - .devfile.yaml
-      - LICENSE
+  workflow_run:
+    workflows: ["Pull Request Check"]
+    types:
+      - completed
+    branches:
+      - '**'
 
 env:
-   # Use repository variable if set, otherwise fallback to default registry
-   REGISTRY: ${{ vars.REGISTRY || 'quay.io/devfile' }}
-   USERSTORY: CloneGitRepoAPI
-   TS_API_TEST_KUBERNETES_COMMAND_LINE_TOOL: kubectl
-   DEPLOYMENT_TIMEOUT: 90s
-   PULL_POLICY: IfNotPresent
+  # Use repository variable if set, otherwise fallback to default registry
+  REGISTRY: ${{ vars.REGISTRY || 'quay.io/devfile' }}
+  TS_API_TEST_KUBERNETES_COMMAND_LINE_TOOL: kubectl
+  DEPLOYMENT_TIMEOUT: 90s
 
 jobs:
   workspace-api-tests-on-minikube:
+    if: github.event.workflow_run.conclusion == 'success'
     strategy:
       fail-fast: false
       matrix:
@@ -36,15 +36,20 @@ jobs:
     steps:
 
     - name: Checkout
-      uses: actions/checkout@master
+      uses: actions/checkout@v4
     - name: Free runner space
       run: |
         sudo rm -rf /usr/local/lib/android
-      # obtain the PR number for tegging the image
     - name: Get PR number
-      id: get_pr_number
       run: |
-        pr_number=$(echo $GITHUB_REF | awk 'BEGIN { FS = "/" } ; { print $3 }')
+        pr_number="${{ github.event.workflow_run.pull_requests[0].number }}"
+        if [ -z "$pr_number" ] || [ "$pr_number" == "null" ]; then
+          pr_number=$(echo "${{ github.event.workflow_run.head_branch }}" | grep -oE '[0-9]+' | head -1 || echo "")
+        fi
+        if [ -z "$pr_number" ]; then
+          echo "Error: Could not extract PR number from workflow_run event"
+          exit 1
+        fi
         echo "PR_NUMBER=$pr_number" >> $GITHUB_ENV
         echo ">>>>>>>>>>>$pr_number"
 
@@ -67,18 +72,18 @@ jobs:
         install minikube-linux-${{env.arch}} /usr/local/bin/minikube && rm minikube-linux-${{env.arch}}
         minikube start --vm-driver=docker --addons=ingress --cpus 2 --memory 6500
 
-     # connect with docker daemon in the minikube and build an image there
-     # we need to build the image in the minikube because we have just 14 GB of space on the runner
-     # the UBI have more than 9 GB size this approach saves the disk space
-    - name: Build base image
-      run: |
-       eval $(minikube docker-env)
-       cd base/ubi9 && docker build -t ${{ env.REGISTRY }}/base-developer-image:ubi9-latest .
+    - name: Login to Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ secrets.QUAY_USERNAME }}
+        password: ${{ secrets.QUAY_PASSWORD }}
 
-    - name: Build universal image
+    - name: Pull UDI image into minikube
       run: |
         eval $(minikube docker-env)
-        cd universal/ubi9 && docker build -t ${{ env.REGISTRY }}/universal-developer-image:${{ env.PR_NUMBER }} .
+        docker pull ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-pr-${{ env.PR_NUMBER }}
+        docker tag ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-pr-${{ env.PR_NUMBER }} ${{ env.REGISTRY }}/universal-developer-image:ubi9-pr-${{ env.PR_NUMBER }}
 
     - name: Checkout DWO
       uses: actions/checkout@master
@@ -105,8 +110,6 @@ jobs:
 
     - name: Check that UDI is present in the image list
       run: |
-        # we used it for the build above and do not need it anymore. It saves the disk space
-        minikube image rm ${{ env.REGISTRY }}/base-developer-image:ubi9-latest
         minikube image list --format table
 
     - name: Install NodeJs
@@ -161,7 +164,7 @@ jobs:
                   cpuRequest: 30m
               - name: che-code-runtime-description
                 container:
-                  image: ${{ env.REGISTRY }}/universal-developer-image:${{ env.PR_NUMBER }}
+                  image: ${{ env.REGISTRY }}/universal-developer-image:ubi9-pr-${{ env.PR_NUMBER }}
                   memoryLimit: 1024Mi
                   memoryRequest: 256Mi
                   cpuLimit: 500m
@@ -244,9 +247,8 @@ jobs:
 
     - name: Run Empty workspace smoke test
       run: |
-        export TS_API_TEST_UDI_IMAGE=${{ env.REGISTRY }}/universal-developer-image:${{ env.PR_NUMBER }}
+        export TS_API_TEST_UDI_IMAGE=${{ env.REGISTRY }}/universal-developer-image:ubi9-pr-${{ env.PR_NUMBER }}
         export TS_API_TEST_CHE_CODE_EDITOR_DEVFILE_URI=http://file-service.default.svc:80/devfile.yaml
         cd che/tests/e2e
         npm i
         npm run driver-less-test
-        
diff --git a/.github/workflows/pr-check-ubi10.yaml b/.github/workflows/pr-check-ubi10.yaml
index 414196e5..ab11d73f 100644
--- a/.github/workflows/pr-check-ubi10.yaml
+++ b/.github/workflows/pr-check-ubi10.yaml
@@ -18,7 +18,7 @@ env:
 
 jobs:
   build-base-image:
-    name: Build base image
+    name: Build base image (UBI10)
     strategy:
       fail-fast: false
       matrix:
@@ -27,6 +27,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - name: Set arch environment variable
         run: |
           if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then
@@ -38,36 +40,100 @@ jobs:
         run: sudo rm -rf /usr/local/lib/android
       - name: Cleanup docker images
         run: docker system prune -af
-      - name: Build base image
+      - name: Add expiration label to base Dockerfile (UBI10)
+        run: sed -i '/^FROM/a LABEL quay.expires-after=4w' base/ubi10/Dockerfile
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Build base image (UBI10)
         run: |
+            echo "=========================================="
+            echo "Building UBI10 base image for ${{env.arch}}"
+            echo "=========================================="
             cd base/ubi10 && docker buildx build \
             --platform linux/${{env.arch}} \
             --progress=plain \
-            -t base-developer-image-${{env.arch}} .
+            --push \
+            -t ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}} .
+      - name: Verify base image is available (UBI10)
+        run: |
+            echo "Verifying base image is available in registry..."
+            for i in {1..5}; do
+              if docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}} >/dev/null 2>&1; then
+                echo "Base image is available!"
+                exit 0
+              fi
+              echo "Waiting for image to be available... ($i/5)"
+              sleep 10
+            done
+            echo "ERROR: Base image not available after 5 attempts"
+            exit 1
       - name: Display docker images
         run: docker images
+
+
+  build-udi:
+    name: Build udi (UDI10)
+    strategy:
+      fail-fast: false
+      matrix:
+        runners: ['ubuntu-22.04', 'ubuntu-22.04-arm']
+    runs-on: ${{matrix.runners}}
+    needs: build-base-image
+    steps:
+      - name: Set arch environment variable
+        run: |
+          if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then
+            echo arch="amd64" >> $GITHUB_ENV
+          else
+            echo arch="arm64" >> $GITHUB_ENV
+          fi
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Free runner space
+        run: sudo rm -rf /usr/local/lib/android
+      - name: Cleanup docker images
+        run: docker system prune -af
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to Registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
-      # TODO: Remove this step once UDI on UBI 10 is ready and we have proper PR workflow for UDI
-      # This temporary step pushes base image to registry for testing purposes
-      - name: Tag and push base image for testing
+      - name: Verify base image exists before UDI build (UDI10)
         run: |
-          docker tag base-developer-image-${{env.arch}} ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}}
-          docker push ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}}
-      - name: Compress image to a file
-        run: docker save base-developer-image-${{env.arch}} | gzip > base-developer-image-${{env.arch}}.tgz
-      - name: Upload image artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: base-developer-image-${{env.arch}}
-          path: base-developer-image-${{env.arch}}.tgz
+            echo "Verifying base image exists in registry..."
+            docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}} || {
+              echo "ERROR: Base image not found: ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}}"
+              exit 1
+            }
+            echo "Base image verified successfully!"
+      - name: Update UDI Dockerfile (UDI10)
+        run: sed "s|quay.io/devfile/base-developer-image:ubi10-latest|${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}}|" -i "universal/ubi10/Dockerfile"
+      - name: Add expiration label to UDI Dockerfile (UDI10)
+        run: sed -i '/^FROM/a LABEL quay.expires-after=4w' universal/ubi10/Dockerfile
+      - name: Build udi (UDI10)
+        run: |
+          echo "=========================================="
+          echo "Building UDI10 image for ${{env.arch}}"
+          echo "=========================================="
+          cd universal/ubi10 && docker buildx build \
+            --platform linux/${{env.arch}} \
+            --progress=plain \
+            --push \
+            -t ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}} .
 
   publish-base-image:
-    name: Publish base image
+    name: Publish base image (UBI10)
     runs-on: ubuntu-22.04
     needs: build-base-image
     steps:
@@ -77,22 +143,94 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
-      # TODO: Remove this job once UDI on UBI 10 is ready and we have proper PR workflow for UDI
-      # This temporary job publishes base image manifest for testing purposes
-      - name: publish base image manifest
+      - name: Publish UBI10 base image manifest
         run: |
+          echo "=========================================="
+          echo "Publishing UBI10 base image manifest"
+          echo "=========================================="
+          echo "Verifying both architecture images exist..."
+          docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:amd64-ubi10-pr-${{github.event.number}} || {
+            echo "ERROR: amd64 base image not found"
+            exit 1
+          }
+          docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:arm64-ubi10-pr-${{github.event.number}} || {
+            echo "ERROR: arm64 base image not found"
+            exit 1
+          }
+          echo "Both images verified, extracting digests..."
+
+          # Extract the actual image digest for each architecture from the manifest list
+          AMD64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:amd64-ubi10-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest')
+          ARM64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:arm64-ubi10-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest')
+
+          echo "AMD64 digest: $AMD64_DIGEST"
+          echo "ARM64 digest: $ARM64_DIGEST"
+
+          echo "Creating multi-arch manifest..."
           docker manifest create ${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}} \
-            --amend ${{ env.REGISTRY }}/base-developer-image:amd64-ubi10-pr-${{github.event.number}} \
-            --amend ${{ env.REGISTRY }}/base-developer-image:arm64-ubi10-pr-${{github.event.number}}         
-          
+            --amend ${{ env.REGISTRY }}/base-developer-image@$AMD64_DIGEST \
+            --amend ${{ env.REGISTRY }}/base-developer-image@$ARM64_DIGEST
+
           docker manifest annotate ${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}} \
-            ${{ env.REGISTRY }}/base-developer-image:amd64-ubi10-pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/base-developer-image@$AMD64_DIGEST \
             --os linux --arch amd64
           docker manifest annotate ${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}} \
-            ${{ env.REGISTRY }}/base-developer-image:arm64-ubi10-pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/base-developer-image@$ARM64_DIGEST \
             --os linux --arch arm64
-           
+
           docker manifest push ${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}}
+
+  publish-udi:
+    name: Publish udi (UDI10)
+    runs-on: ubuntu-22.04
+    needs: build-udi
+    steps:
+      - name: Login to Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Publish UDI10 manifest
+        run: |
+          echo "=========================================="
+          echo "Publishing UDI10 manifest"
+          echo "=========================================="
+          echo "Verifying both architecture images exist..."
+          docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-pr-${{github.event.number}} || {
+            echo "ERROR: amd64 UDI image not found"
+            exit 1
+          }
+          docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-pr-${{github.event.number}} || {
+            echo "ERROR: arm64 UDI image not found"
+            exit 1
+          }
+          echo "Both images verified, extracting digests..."
+
+          # Extract the actual image digest for each architecture from the manifest list
+          AMD64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest')
+          ARM64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest')
+
+          echo "AMD64 digest: $AMD64_DIGEST"
+          echo "ARM64 digest: $ARM64_DIGEST"
+
+          echo "Creating multi-arch manifest..."
+          docker manifest create ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}} \
+            --amend ${{ env.REGISTRY }}/universal-developer-image@$AMD64_DIGEST \
+            --amend ${{ env.REGISTRY }}/universal-developer-image@$ARM64_DIGEST
+
+          docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/universal-developer-image@$AMD64_DIGEST \
+            --os linux --arch amd64
+          docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/universal-developer-image@$ARM64_DIGEST \
+            --os linux --arch arm64
+
+          docker manifest push ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}}
       - name: 'Comment PR'
         uses: actions/github-script@v7
         with:
@@ -102,92 +240,5 @@ jobs:
                issue_number: ${{github.event.number}},
                owner: context.repo.owner,
                repo: context.repo.repo,
-               body: `Pull Request UBI 10 images published ✨\n\nBase Image: [${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}}](https://${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}})`
-             })
-
-  # build-udi:
-  #   name: Build udi
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       runners: ['ubuntu-22.04', 'ubuntu-22.04-arm']
-  #   runs-on: ${{matrix.runners}}
-  #   needs: build-base-image
-  #   steps:
-  #     - name: Set arch environment variable
-  #       run: |
-  #         if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then
-  #           echo arch="amd64" >> $GITHUB_ENV
-  #         else
-  #           echo arch="arm64" >> $GITHUB_ENV
-  #         fi
-  #     - name: Checkout
-  #       uses: actions/checkout@v4
-  #     - name: Free runner space
-  #       run: sudo rm -rf /usr/local/lib/android
-  #     - name: Cleanup docker images
-  #       run: docker system prune -af
-  #     - name: Download BDI artifacts
-  #       uses: actions/download-artifact@v4
-  #       with:
-  #         pattern: base-developer-image-*
-  #         merge-multiple: true
-  #         path: .
-  #     - name: List downloaded files
-  #       run: ls -lah
-  #     - name: Load docker images
-  #       run: docker load -i base-developer-image-${{env.arch}}.tgz
-  #     - name: Display docker images
-  #       run: docker images
-  #     - name: Update UDI Dockerfile
-  #       run: sed "s|${{ env.REGISTRY }}/base-developer-image:ubi10-latest|base-developer-image-${{env.arch}}|" -i "universal/ubi10/Dockerfile"
-  #     - name: Login to Registry
-  #       uses: docker/login-action@v3
-  #       with:
-  #         registry: ${{ env.REGISTRY }}
-  #         username: ${{ secrets.QUAY_USERNAME }}
-  #         password: ${{ secrets.QUAY_PASSWORD }}
-  #     - name: Build udi
-  #       run: |
-  #         cd universal/ubi10 && docker buildx build \
-  #           --platform linux/${{env.arch}} \
-  #           --progress=plain \
-  #           --push \
-  #           -t ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-ubi10-pr-${{github.event.number}} .
-
-  # publish-udi:
-  #   name: Publish udi
-  #   runs-on: ubuntu-22.04
-  #   needs: build-udi
-  #   steps:
-  #     - name: Login to Registry
-  #       uses: docker/login-action@v3
-  #       with:
-  #         registry: ${{ env.REGISTRY }}
-  #         username: ${{ secrets.QUAY_USERNAME }}
-  #         password: ${{ secrets.QUAY_PASSWORD }}
-  #     - name: publish
-  #       run: |
-  #         docker manifest create ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}} \
-  #           --amend ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-pr-${{github.event.number}} \
-  #           --amend ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-pr-${{github.event.number}}         
-  #         
-  #         docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}} \
-  #           ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-pr-${{github.event.number}} \
-  #           --os linux --arch amd64
-  #         docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}} \
-  #           ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-pr-${{github.event.number}} \
-  #           --os linux --arch arm64
-  #          
-  #         docker manifest push ${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}}
-  #     - name: 'Comment PR'
-  #       uses: actions/github-script@v7
-  #       with:
-  #         script: |
-  #           const { repo: { owner, repo } } = context;
-  #           await github.rest.issues.createComment({
-  #              issue_number: ${{github.event.number}},
-  #              owner: context.repo.owner,
-  #              repo: context.repo.repo,
-  #              body: `Pull Request images published ✨\n\nUDI: [${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}}](https://${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}})`
-  #            })
\ No newline at end of file
+               body: `Pull Request UBI 10 images published ✨\n\nBase: [${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}}](https://${{ env.REGISTRY }}/base-developer-image:ubi10-pr-${{github.event.number}})\nUDI: [${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}}](https://${{ env.REGISTRY }}/universal-developer-image:ubi10-pr-${{github.event.number}})`
+             })
\ No newline at end of file
diff --git a/.github/workflows/pr-check.yaml b/.github/workflows/pr-check.yaml
index 485225ac..ee0c271a 100644
--- a/.github/workflows/pr-check.yaml
+++ b/.github/workflows/pr-check.yaml
@@ -18,7 +18,7 @@ env:
 
 jobs:
   build-base-image:
-    name: Build base image
+    name: Build base image (UBI9)
     strategy:
       fail-fast: false
       matrix:
@@ -27,6 +27,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - name: Set arch environment variable
         run: |
           if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then
@@ -38,24 +40,44 @@ jobs:
         run: sudo rm -rf /usr/local/lib/android
       - name: Cleanup docker images
         run: docker system prune -af
-      - name: Build base image
+      - name: Add expiration label to base Dockerfile (UBI9)
+        run: sed -i '/^FROM/a LABEL quay.expires-after=4w' base/ubi9/Dockerfile
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Build base image (UBI9)
         run: |
+            echo "=========================================="
+            echo "Building UBI9 base image for ${{env.arch}}"
+            echo "=========================================="
             cd base/ubi9 && docker buildx build \
             --platform linux/${{env.arch}} \
             --progress=plain \
-            -t base-developer-image-${{env.arch}} .
+            --push \
+            -t ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-pr-${{github.event.number}} .
+      - name: Verify base image is available (UBI9)
+        run: |
+            echo "Verifying base image is available in registry..."
+            for i in {1..5}; do
+              if docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-pr-${{github.event.number}} >/dev/null 2>&1; then
+                echo "Base image is available!"
+                exit 0
+              fi
+              echo "Waiting for image to be available... ($i/5)"
+              sleep 10
+            done
+            echo "ERROR: Base image not available after 5 attempts"
+            exit 1
       - name: Display docker images
         run: docker images
-      - name: Compress image to a file
-        run: docker save base-developer-image-${{env.arch}} | gzip > base-developer-image-${{env.arch}}.tgz
-      - name: Upload image artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: base-developer-image-${{env.arch}}
-          path: base-developer-image-${{env.arch}}.tgz
 
   build-udi:
-    name: Build udi
+    name: Build udi (UDI9)
     strategy:
       fail-fast: false
       matrix:
@@ -72,40 +94,95 @@ jobs:
           fi
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - name: Free runner space
         run: sudo rm -rf /usr/local/lib/android
       - name: Cleanup docker images
         run: docker system prune -af
-      - name: Download BDI artifacts
-        uses: actions/download-artifact@v4
-        with:
-          pattern: base-developer-image-*
-          merge-multiple: true
-          path: .
-      - name: List downloaded files
-        run: ls -lah
-      - name: Load docker images
-        run: docker load -i base-developer-image-${{env.arch}}.tgz
-      - name: Display docker images
-        run: docker images
-      - name: Update UDI Dockerfile
-        run: sed "s|quay.io/devfile/base-developer-image:ubi9-latest|base-developer-image-${{env.arch}}|" -i "universal/ubi9/Dockerfile"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to Registry
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
-      - name: Build udi
+      - name: Verify base image exists before UDI build (UDI9)
+        run: |
+            echo "Verifying base image exists in registry..."
+            docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-pr-${{github.event.number}} || {
+              echo "ERROR: Base image not found: ${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-pr-${{github.event.number}}"
+              exit 1
+            }
+            echo "Base image verified successfully!"
+      - name: Update UDI Dockerfile (UDI9)
+        run: sed "s|quay.io/devfile/base-developer-image:ubi9-latest|${{ env.REGISTRY }}/base-developer-image:${{env.arch}}-pr-${{github.event.number}}|" -i "universal/ubi9/Dockerfile"
+      - name: Add expiration label to UDI Dockerfile (UDI9)
+        run: sed -i '/^FROM/a LABEL quay.expires-after=4w' universal/ubi9/Dockerfile
+      - name: Build udi (UDI9)
         run: |
+          echo "=========================================="
+          echo "Building UDI9 image for ${{env.arch}}"
+          echo "=========================================="
           cd universal/ubi9 && docker buildx build \
             --platform linux/${{env.arch}} \
             --progress=plain \
             --push \
             -t ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-pr-${{github.event.number}} .
 
+  publish-base-image:
+    name: Publish base image (UBI9)
+    runs-on: ubuntu-22.04
+    needs: build-base-image
+    steps:
+      - name: Login to Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Publish UBI9 base image manifest
+        run: |
+          echo "=========================================="
+          echo "Publishing UBI9 base image manifest"
+          echo "=========================================="
+          echo "Verifying both architecture images exist..."
+          docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:amd64-pr-${{github.event.number}} || {
+            echo "ERROR: amd64 base image not found"
+            exit 1
+          }
+          docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:arm64-pr-${{github.event.number}} || {
+            echo "ERROR: arm64 base image not found"
+            exit 1
+          }
+          echo "Both images verified, extracting digests..."
+
+          # Extract the actual image digest for each architecture from the manifest list
+          AMD64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:amd64-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest')
+          ARM64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/base-developer-image:arm64-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest')
+
+          echo "AMD64 digest: $AMD64_DIGEST"
+          echo "ARM64 digest: $ARM64_DIGEST"
+
+          echo "Creating multi-arch manifest..."
+          docker manifest create ${{ env.REGISTRY }}/base-developer-image:pr-${{github.event.number}} \
+            --amend ${{ env.REGISTRY }}/base-developer-image@$AMD64_DIGEST \
+            --amend ${{ env.REGISTRY }}/base-developer-image@$ARM64_DIGEST
+
+          docker manifest annotate ${{ env.REGISTRY }}/base-developer-image:pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/base-developer-image@$AMD64_DIGEST \
+            --os linux --arch amd64
+          docker manifest annotate ${{ env.REGISTRY }}/base-developer-image:pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/base-developer-image@$ARM64_DIGEST \
+            --os linux --arch arm64
+
+          docker manifest push ${{ env.REGISTRY }}/base-developer-image:pr-${{github.event.number}}
+
   publish-udi:
-    name: Publish udi
+    name: Publish udi (UDI9)
     runs-on: ubuntu-22.04
     needs: build-udi
     steps:
@@ -115,19 +192,43 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.QUAY_USERNAME }}
           password: ${{ secrets.QUAY_PASSWORD }}
-      - name: publish
+      - name: Publish UDI9 manifest
         run: |
+          echo "=========================================="
+          echo "Publishing UDI9 manifest"
+          echo "=========================================="
+          echo "Verifying both architecture images exist..."
+          docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:amd64-pr-${{github.event.number}} || {
+            echo "ERROR: amd64 UDI image not found"
+            exit 1
+          }
+          docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:arm64-pr-${{github.event.number}} || {
+            echo "ERROR: arm64 UDI image not found"
+            exit 1
+          }
+          echo "Both images verified, extracting digests..."
+
+          # Extract the actual image digest for each architecture from the manifest list
+          AMD64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:amd64-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest')
+          ARM64_DIGEST=$(docker manifest inspect ${{ env.REGISTRY }}/universal-developer-image:arm64-pr-${{github.event.number}} | \
+            jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest')
+
+          echo "AMD64 digest: $AMD64_DIGEST"
+          echo "ARM64 digest: $ARM64_DIGEST"
+
+          echo "Creating multi-arch manifest..."
           docker manifest create ${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}} \
-            --amend ${{ env.REGISTRY }}/universal-developer-image:amd64-pr-${{github.event.number}} \
-            --amend ${{ env.REGISTRY }}/universal-developer-image:arm64-pr-${{github.event.number}}         
-          
+            --amend ${{ env.REGISTRY }}/universal-developer-image@$AMD64_DIGEST \
+            --amend ${{ env.REGISTRY }}/universal-developer-image@$ARM64_DIGEST
+
           docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}} \
-            ${{ env.REGISTRY }}/universal-developer-image:amd64-pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/universal-developer-image@$AMD64_DIGEST \
             --os linux --arch amd64
           docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}} \
-            ${{ env.REGISTRY }}/universal-developer-image:arm64-pr-${{github.event.number}} \
+            ${{ env.REGISTRY }}/universal-developer-image@$ARM64_DIGEST \
             --os linux --arch arm64
-           
+
           docker manifest push ${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}}
       - name: 'Comment PR'
         uses: actions/github-script@v7
@@ -138,5 +239,5 @@ jobs:
                issue_number: ${{github.event.number}},
                owner: context.repo.owner,
                repo: context.repo.repo,
-               body: `Pull Request images published ✨\n\nUDI: [${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}}](https://${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}})`
+               body: `Pull Request images published ✨\n\nBase: [${{ env.REGISTRY }}/base-developer-image:pr-${{github.event.number}}](https://${{ env.REGISTRY }}/base-developer-image:pr-${{github.event.number}})\nUDI: [${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}}](https://${{ env.REGISTRY }}/universal-developer-image:pr-${{github.event.number}})`
              })
diff --git a/.github/workflows/ubi10-build.yaml b/.github/workflows/ubi10-build.yaml
index 014ffd64..1bc22e40 100644
--- a/.github/workflows/ubi10-build.yaml
+++ b/.github/workflows/ubi10-build.yaml
@@ -12,10 +12,10 @@ on:
         required: true
       QUAY_PASSWORD:
         required: true
-    # outputs:
-    #   uniq_tag:
-    #     description: "The first output string"
-    #     value: ${{ jobs.build_universal_ubi10_image.outputs.output1 }}
+    outputs:
+      uniq_tag:
+        description: "The unique tag for the universal developer image"
+        value: ${{ jobs.publish-udi.outputs.setTagName.uniq_tag }}
 
 env:
   # Use repository variable if set, otherwise fallback to default registry
@@ -93,80 +93,78 @@ jobs:
             docker manifest push ${{ env.REGISTRY }}/base-developer-image:${tag}
           done
 
-  # build-udi:
-  #   name: Build udi
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       runners: ['ubuntu-22.04', 'ubuntu-22.04-arm']
-  #   runs-on: ${{matrix.runners}}
-  #   needs: publish-base-image
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v4
-  #     - name: Set arch environment variable
-  #       run: |
-  #         if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then
-  #           echo arch="amd64" >> $GITHUB_ENV
-  #         else
-  #           echo arch="arm64" >> $GITHUB_ENV
-  #         fi
-  #     - name: Set short_sha environment variable
-  #       run: echo short_sha="$(git rev-parse --short=7 HEAD)" >> $GITHUB_ENV
-  #     - name: Free runner space
-  #       run: sudo rm -rf /usr/local/lib/android
-  #     - name: Cleanup docker images
-  #       run: docker system prune -af
-  #     - name: Login to Registry
-  #       uses: docker/login-action@v3
-  #       with:
-  #         registry: ${{ env.REGISTRY }}
-  #         username: ${{ secrets.QUAY_USERNAME }}
-  #         password: ${{ secrets.QUAY_PASSWORD }}
-  #     - name: Build udi
-  #       run: |
-  #         cd universal/ubi10 && docker buildx build \
-  #           --platform linux/${{env.arch}} \
-  #           --progress=plain \
-  #           --push \
-  #           -t ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-ubi10-${{env.short_sha}} .
+  build-udi:
+    name: Build udi
+    strategy:
+      fail-fast: false
+      matrix:
+        runners: ['ubuntu-22.04', 'ubuntu-22.04-arm']
+    runs-on: ${{matrix.runners}}
+    needs: publish-base-image
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set arch environment variable
+        run: |
+          if [[ ${{matrix.runners}} == 'ubuntu-22.04' ]]; then
+            echo arch="amd64" >> $GITHUB_ENV
+          else
+            echo arch="arm64" >> $GITHUB_ENV
+          fi
+      - name: Set short_sha environment variable
+        run: echo short_sha="$(git rev-parse --short=7 HEAD)" >> $GITHUB_ENV
+      - name: Free runner space
+        run: sudo rm -rf /usr/local/lib/android
+      - name: Cleanup docker images
+        run: docker system prune -af
+      - name: Login to Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: Build udi
+        run: |
+          cd universal/ubi10 && docker buildx build \
+            --platform linux/${{env.arch}} \
+            --progress=plain \
+            --push \
+            -t ${{ env.REGISTRY }}/universal-developer-image:${{env.arch}}-ubi10-${{env.short_sha}} .
 
-  # publish-udi:
-  #   name: Publish udi
-  #   runs-on: ubuntu-22.04
-  #   needs: build-udi
-  #   steps:
-  #     - name: Checkout
-  #       uses: actions/checkout@v4
-  #     - name: Set short_sha environment variable
-  #       run: echo short_sha="$(git rev-parse --short=7 HEAD)" >> $GITHUB_ENV
-  #     - name: Login to Registry
-  #       uses: docker/login-action@v3
-  #       with:
-  #         registry: ${{ env.REGISTRY }}
-  #         username: ${{ secrets.QUAY_USERNAME }}
-  #         password: ${{ secrets.QUAY_PASSWORD }}
-  #     - name: publish
-  #       run: |
-  #         for tag in ubi10-latest ubi10-${{env.short_sha}};
-  #         do
-  #           docker manifest create ${{ env.REGISTRY }}/universal-developer-image:${tag} \
-  #             --amend ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-${{env.short_sha}} \
-  #             --amend ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-${{env.short_sha}}
-  #         
-  #           docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:${tag} \
-  #             ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-${{env.short_sha}} \
-  #             --os linux --arch amd64
-  #         
-  #           docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:${tag} \
-  #              ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-${{env.short_sha}} \
-  #             --os linux --arch arm64
-  #         
-  #           docker manifest push ${{ env.REGISTRY }}/universal-developer-image:${tag}
-  #         done  
-  #     - name: Get tag with uniq prefix
-  #       id: setTagName
-  #       # set the image with uniq tag prefix (for example: quay.io/..../base-developer-image:ubi10-7ad6cab) to env. var
-  #       # and define it for output. This output with tag image will be used in caller job
-  #       run: |
-  #         echo "uniq_tag=${{ env.REGISTRY }}/universal-developer-image:ubi10-${{env.short_sha}}" >> $GITHUB_OUTPUT
+  publish-udi:
+    name: Publish udi
+    runs-on: ubuntu-22.04
+    needs: build-udi
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set short_sha environment variable
+        run: echo short_sha="$(git rev-parse --short=7 HEAD)" >> $GITHUB_ENV
+      - name: Login to Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+      - name: publish
+        run: |
+          for tag in ubi10-latest ubi10-${{env.short_sha}};
+          do
+            docker manifest create ${{ env.REGISTRY }}/universal-developer-image:${tag} \
+              --amend ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-${{env.short_sha}} \
+              --amend ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-${{env.short_sha}}
+          
+            docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:${tag} \
+              ${{ env.REGISTRY }}/universal-developer-image:amd64-ubi10-${{env.short_sha}} \
+              --os linux --arch amd64
+          
+            docker manifest annotate ${{ env.REGISTRY }}/universal-developer-image:${tag} \
+               ${{ env.REGISTRY }}/universal-developer-image:arm64-ubi10-${{env.short_sha}} \
+              --os linux --arch arm64
+          
+            docker manifest push ${{ env.REGISTRY }}/universal-developer-image:${tag}
+          done
+      - name: Get tag with uniq prefix
+        id: setTagName
+        run: |
+          echo "uniq_tag=${{ env.REGISTRY }}/universal-developer-image:ubi10-${{env.short_sha}}" >> $GITHUB_OUTPUT
diff --git a/README.md b/README.md
index f9e9dc7a..bcb8c45a 100644
--- a/README.md
+++ b/README.md
@@ -13,12 +13,14 @@ Containers images with tools for developers 👨‍💻👩‍💻
 ### Red Hat Universal Base Image ([UBI](https://developers.redhat.com/articles/ubi-faq#)) based images
 
 Available versions:
-- **UBI 9**: [quay.io/devfile/base-developer-image:ubi9-latest](https://quay.io/repository/devfile/base-developer-image) 
+
+- **UBI 9**: [quay.io/devfile/base-developer-image:ubi9-latest](https://quay.io/repository/devfile/base-developer-image)
 - **UBI 10**: [quay.io/devfile/base-developer-image:ubi10-latest](https://quay.io/repository/devfile/base-developer-image)
 
 Run the following commands to test with Docker:
 
 **UBI 9:**
+
 ```bash
 $ docker run -ti --rm \
        quay.io/devfile/base-developer-image:ubi9-latest \
@@ -26,11 +28,13 @@ $ docker run -ti --rm \
 ```
 
 **UBI 10:**
+
 ```bash
 $ docker run -ti --rm \
        quay.io/devfile/base-developer-image:ubi10-latest \
        bash
 ```
+
 ### Included Development Tools
 
 | Tool                | ubi9 based image                    | ubi10 based image                   |
@@ -82,8 +86,10 @@ $ docker run -ti --rm \
 | **TOTAL SIZE**      | **800MB** (255MB compressed)        | **789MB** (256MB compressed)   |
 
 ### Extending the base image
+
 When extending the base image, `source kubedock_setup` should be called in the new image's entrypoint to set up kubedock support. This sets up a wrapper for podman to use kubedock for the following podman commands if the `KUBEDOCK_ENABLED` env variable is set to `true`:
-```
+
+```text
 podman run
 podman ps
 podman exec
@@ -97,20 +103,21 @@ podman stop
 podman start
 ```
 
-An example is available in the Universal Developer Image dockerfile [here](https://github.com/devfile/developer-images/blob/main/universal/ubi9/entrypoint.sh#L3).
+An example is available in the [Universal Developer Image dockerfile](https://github.com/devfile/developer-images/blob/main/universal/ubi9/entrypoint.sh#L3).
 
 ## Developer Universal Image
 
-### Red Hat Universal Base Image ([UBI](https://developers.redhat.com/articles/ubi-faq#)) based image ([quay.io/devfile/universal-developer-image:ubi9-latest](https://quay.io/repository/devfile/universal-developer-image))
+### UBI 9 based image
 
-Run the following command to test it with Docker: 
+**Image:** [quay.io/devfile/universal-developer-image:ubi9-latest](https://quay.io/repository/devfile/universal-developer-image)
+
+**Test:**
 
 ```bash
-docker run -ti --rm \
-       quay.io/devfile/universal-developer-image:ubi9-latest \
-       bash
+docker run -ti --rm quay.io/devfile/universal-developer-image:ubi9-latest bash
 ```
-### Included Development Tools
+
+**Included Development Tools:**
 
 | Tool or language    | ubi9 based image                    |
 |---------------------|-------------------------------------|
@@ -119,10 +126,10 @@ docker run -ti --rm \
 | `java`              |`<8.0.432-tem via sdkman>`           |
 | `java`              |`<11.0.25-tem via sdkman>`           |
 | `java`              |`<17.0.13-tem via sdkman>/default`   |
-| `java`              |`<21.0.5-tem via sdkman>`   |
+| `java`              |`<21.0.5-tem via sdkman>`            |
 | `maven`             |`<via sdkman>`                       |
 | `gradle`            |`<via sdkman>`                       |
-| `mandrel`           |`<22.1.2.r21-mandrel via sdkman>`  |
+| `mandrel`           |`<22.1.2.r21-mandrel via sdkman>`    |
 | `jbang`             |`<via sdkman>`                       |
 |--------SCALA--------|-------------------------------------|
 | `cs`                |`<https://get-coursier.io/>`         |
@@ -142,7 +149,7 @@ docker run -ti --rm \
 | `yarn`              |`<via npm>`                          |
 |--------GO-----------|-------------------------------------|
 | `go`                |`go-toolset`                         |
-| `gopls`             |`golang.org/x/tools/gopls v0.16.2`   |
+| `gopls`             |`golang.org/x/tools/gopls v0.21.0`   |
 |--------.NET---------|-------------------------------------|
 | `dotnet`            |`dotnet-sdk-8.0`                     |
 |------PYTHON---------|-------------------------------------|
@@ -175,14 +182,96 @@ docker run -ti --rm \
 | `kamel`             |`<gh release>`                       |
 | **TOTAL SIZE**      | **8.75GB** (3.6GB compressed)       |
 
-### Included libraries
+**Libraries:**
+
+- e2fsprogs v1.46.5
+
+**Environment Variables:**
+
+- JAVA_HOME_8, JAVA_HOME_11, JAVA_HOME_17, JAVA_HOME_21
 
-#### e2fsprogs v1.46.5
+### UBI 10 based image
 
-### Environment Variables
+**Image:** [quay.io/devfile/universal-developer-image:ubi10-latest](https://quay.io/repository/devfile/universal-developer-image)
 
-#### Java
-JAVA_HOME_8, JAVA_HOME_11, JAVA_HOME_17, JAVA_HOME_21
+**Test:**
+
+```bash
+docker run -ti --rm quay.io/devfile/universal-developer-image:ubi10-latest bash
+```
+
+**Included Development Tools:**
+
+| Tool or language    | ubi10 based image                   |
+|---------------------|-------------------------------------|
+|--------JAVA---------|-------------------------------------|
+| `sdk`               |`<https://get.sdkman.io>`            |
+| `java`              |`<8.0.472-tem via sdkman>`           |
+| `java`              |`<11.0.29-tem via sdkman>`           |
+| `java`              |`<17.0.17-tem via sdkman>`           |
+| `java`              |`<21.0.9-tem via sdkman>`            |
+| `java`              |`<23.0.2-tem via sdkman>/default`    |
+| `java`              |`<25.0.1.r25-mandrel via sdkman>`    |
+| `maven`             |`<via sdkman>`                       |
+| `gradle`            |`<via sdkman>`                       |
+| `jbang`             |`<via sdkman>`                       |
+|--------SCALA--------|-------------------------------------|
+| `cs`                |`<https://get-coursier.io/>`         |
+| `sbt`               |`<sbt launch script>`                |
+| `mill`              |`<mill launch script>`               |
+|--------C/CPP--------|-------------------------------------|
+| `gcc`               |`gcc`                                |
+| `g++`               |`gcc-c++`                            |
+| `clang`             |`clang`                              |
+| `gdb`               |`gdb`                                |
+|--------PHP----------|-------------------------------------|
+| `php`               |`php 8.3`                            |
+| `composer`          |`dnf`                                |
+| `xdebug`            |`php-pecl-xdebug`                    |
+|-------NODEJS--------|-------------------------------------|
+| `nodejs`            |`24.12.0 (default), 22.21.1`         |
+| `npm`               |`npm`                                |
+| `yarn`              |`v1.22.22`                           |
+|--------GO-----------|-------------------------------------|
+| `go`                |`go-toolset 1.25+`                   |
+| `gopls`             |`golang.org/x/tools/gopls v0.21.0`   |
+|--------.NET---------|-------------------------------------|
+| `dotnet`            |`dotnet-sdk-10.0`                    |
+|------PYTHON---------|-------------------------------------|
+| `python`            |`python3.13`                         |
+| `setuptools`        |`python3.13-setuptools`               |
+| `pip`               |`python3.13-pip`                     |
+| `pylint`            |`<via pip>`                          |
+| `yq`                |`<via pip>`                          |
+|--------RUST---------|-------------------------------------|
+| `rustup`            |`<sh.rustup.rs>`                     |
+| `rust-src`          |`<via rustup>`                       |
+| `rust-analysis`     |`<via rustup>`                       |
+| `rust-analyzer`     |`<via rustup>`                       |
+|--------Platform-----|-------------------------------------|
+| `camel-k`           |`v2.8.0`                             |
+|------CLOUD----------|-------------------------------------|
+| `oc`                |`v4.20`                              |
+| `tkn`               |`v1.20.0 (OpenShift)`                |
+| `kubectl`           |`v1.28`                              |
+| `krew`              |`v0.4.5`                             |
+| `helm`              |`v4.0.4`                             |
+| `kustomize`         |`v5.8.0`                             |
+| `tkn`               |`v0.43.0 (Tekton)`                   |
+| `kn`                |`v1.20.0`                            |
+| `terraform`         |`v1.14.2`                            |
+| `skaffold`          |`<latest>`                           |
+| `kamel`             |`v2.8.0`                             |
+| `shellcheck`        |`v0.11.0`                            |
+| **TOTAL SIZE**      | **TBD**                             |
+
+**Libraries:**
+
+- e2fsprogs v1.47.3
+
+**Environment Variables:**
+
+- JAVA_HOME_8, JAVA_HOME_11, JAVA_HOME_17, JAVA_HOME_21, JAVA_HOME_23, JAVA_HOME_25
 
 ## Configuration
 
@@ -193,25 +282,28 @@ The workflows support using custom container registries through the `REGISTRY` e
 **Default behavior:** Images are published to `quay.io/devfile`
 
 **To override in a fork:**
+
 1. Go to your repository **Settings** → **Secrets and Variables** → **Actions** → **Variables**
 2. Add a repository variable: `REGISTRY` = `your-registry.com/your-namespace`
 3. All workflows will automatically use your custom registry
 
 **Example registry formats:**
+
 - `quay.io/youruser`
-- `ghcr.io/youruser` 
+- `ghcr.io/youruser`
 - `docker.io/youruser`
 - `your-private-registry.com/namespace`
 
 # Builds
 
 This repo contains [actions](https://github.com/devfile/developer-images/actions), including:
-* [![release latest stable UBI 9](https://github.com/devfile/developer-images/actions/workflows/ubi9-build.yaml/badge.svg)](https://github.com/devfile/developer-images/actions/workflows/ubi9-build.yaml)
-* [![release latest stable UBI 10](https://github.com/devfile/developer-images/actions/workflows/ubi10-build.yaml/badge.svg)](https://github.com/devfile/developer-images/actions/workflows/ubi10-build.yaml)
 
-Downstream builds can be found at the link below, which is _internal to Red Hat_. Stable builds can be found by replacing the 3.x with a specific version like 3.2.  
+- [![release latest stable UBI 9](https://github.com/devfile/developer-images/actions/workflows/ubi9-build.yaml/badge.svg)](https://github.com/devfile/developer-images/actions/workflows/ubi9-build.yaml)
+- [![release latest stable UBI 10](https://github.com/devfile/developer-images/actions/workflows/ubi10-build.yaml/badge.svg)](https://github.com/devfile/developer-images/actions/workflows/ubi10-build.yaml)
+
+Downstream builds can be found at the link below, which is _internal to Red Hat_. Stable builds can be found by replacing the 3.x with a specific version like 3.2.
 
-* [udi_3.x](https://main-jenkins-csb-crwqe.apps.ocp-c1.prod.psi.redhat.com/job/DS_CI/job/udi_3.x)
+- [udi_3.x](https://main-jenkins-csb-crwqe.apps.ocp-c1.prod.psi.redhat.com/job/DS_CI/job/udi_3.x)
 
 # License
 
diff --git a/universal/ubi10/Dockerfile b/universal/ubi10/Dockerfile
new file mode 100644
index 00000000..49890237
--- /dev/null
+++ b/universal/ubi10/Dockerfile
@@ -0,0 +1,465 @@
+# syntax=docker/dockerfile:1.3-labs
+
+# updateBaseImages.sh can't operate on SHA-based tags as they're not date-based or semver-sequential, and therefore cannot be ordered
+FROM quay.io/devfile/base-developer-image:ubi10-latest
+
+ARG TARGETARCH
+LABEL maintainer="Red Hat, Inc."
+
+LABEL com.redhat.component="devfile-universal-container"
+LABEL name="devfile/universal-developer-image"
+LABEL version="ubi10"
+
+#label for EULA
+LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"
+
+#labels for container catalog
+LABEL summary="devfile universal developer image"
+LABEL description="Image with developers tools. Languages SDK and runtimes included."
+LABEL io.k8s.display-name="devfile-developer-universal"
+LABEL io.openshift.expose-services=""
+
+USER 0
+
+# $PROFILE_EXT contains all additions made to the bash environment
+ENV PROFILE_EXT=/etc/profile.d/udi_environment.sh
+RUN touch ${PROFILE_EXT} && chown 10001 ${PROFILE_EXT}
+
+USER 10001
+
+# We install everything to /home/tooling/ as /home/user/ may get overriden, see github.com/eclipse/che/issues/22412
+ENV HOME=/home/tooling
+
+# Java
+# Cleanup added
+RUN curl -fsSL "https://get.sdkman.io/?ci=true&rcupdate=false" | bash \
+    && bash -c ". /home/tooling/.sdkman/bin/sdkman-init.sh \
+        && sed -i "s/sdkman_auto_answer=false/sdkman_auto_answer=true/g" /home/tooling/.sdkman/etc/config \
+        && sed -i "s/sdkman_auto_env=false/sdkman_auto_env=true/g" /home/tooling/.sdkman/etc/config \
+        && sdk install java 8.0.472-tem \
+        && sdk install java 11.0.29-tem \
+        && sdk install java 17.0.17-tem \
+        && sdk install java 21.0.9-tem \
+        && sdk install java 23.0.2-tem \
+        && sdk install java 25.0.1.r25-mandrel \
+        && sdk default java 23.0.2-tem \
+        && sdk install gradle \
+        && sdk install maven \
+        && sdk install jbang \
+        && sdk flush archives \
+        && sdk flush temp" \
+    && find /home/tooling/.sdkman/candidates/java -name "src.zip" -delete \
+    && find /home/tooling/.sdkman/candidates/java -name "javafx-src.zip" -delete \
+    && find /home/tooling/.sdkman/candidates/java -type d -name "man" -exec rm -rf {} + 2>/dev/null || true \
+    && chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
+
+# sdk home java <version>
+ENV JAVA_HOME_8=/home/tooling/.sdkman/candidates/java/8.0.472-tem
+ENV JAVA_HOME_11=/home/tooling/.sdkman/candidates/java/11.0.29-tem
+ENV JAVA_HOME_17=/home/tooling/.sdkman/candidates/java/17.0.17-tem
+ENV JAVA_HOME_21=/home/tooling/.sdkman/candidates/java/21.0.9-tem
+ENV JAVA_HOME_23=/home/tooling/.sdkman/candidates/java/23.0.2-tem
+ENV JAVA_HOME_25=/home/tooling/.sdkman/candidates/java/25.0.1.r25-mandrel
+
+# Java-related environment variables are described and set by ${PROFILE_EXT}, which will be loaded by ~/.bashrc
+# To make Java working for dash and other shells, it needs to initialize them in the Dockerfile.
+ENV SDKMAN_CANDIDATES_API="https://api.sdkman.io/2"
+ENV SDKMAN_CANDIDATES_DIR="/home/tooling/.sdkman/candidates"
+ENV SDKMAN_DIR="/home/tooling/.sdkman"
+RUN if [ "$TARGETARCH" = "arm64" ]; then \
+    export SDKMAN_PLATFORM="linuxarm64"; \
+    else \
+    export SDKMAN_PLATFORM="linuxx64"; \
+    fi
+ENV SDKMAN_PLATFORM=${SDKMAN_PLATFORM}
+ENV SDKMAN_VERSION="5.20.0"
+
+ENV GRADLE_HOME="/home/tooling/.sdkman/candidates/gradle/current"
+ENV JAVA_HOME="/home/tooling/.sdkman/candidates/java/current"
+ENV MAVEN_HOME="/home/tooling/.sdkman/candidates/maven/current"
+
+ENV GRAALVM_HOME=/home/tooling/.sdkman/candidates/java/25.0.1.r25-mandrel
+
+ENV PATH="/home/tooling/.krew/bin:$PATH"
+ENV PATH="/home/tooling/.sdkman/candidates/maven/current/bin:$PATH"
+ENV PATH="/home/tooling/.sdkman/candidates/java/current/bin:$PATH"
+ENV PATH="/home/tooling/.sdkman/candidates/gradle/current/bin:$PATH"
+ENV PATH="/home/tooling/.local/share/coursier/bin:$PATH"
+
+# NodeJS
+RUN mkdir -p /home/tooling/.nvm/
+ENV NVM_DIR="/home/tooling/.nvm"
+ENV NODEJS_24_VERSION=24.12.0
+ENV NODEJS_22_VERSION=22.21.1
+ENV NODEJS_DEFAULT_VERSION=${NODEJS_24_VERSION}
+RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | PROFILE=/dev/null bash
+RUN echo 'export NVM_DIR="$HOME/.nvm"' >> ${PROFILE_EXT} \
+    && echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> ${PROFILE_EXT}
+RUN source /home/user/.bashrc && \
+    nvm install v${NODEJS_24_VERSION} && \
+    nvm install v${NODEJS_22_VERSION} && \
+    nvm alias default v${NODEJS_DEFAULT_VERSION} && nvm use v${NODEJS_DEFAULT_VERSION} && \
+    npm install --global yarn@v1.22.22 &&\
+    chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
+ENV PATH=$NVM_DIR/versions/node/v${NODEJS_DEFAULT_VERSION}/bin:$PATH
+ENV NODEJS_HOME_24=$NVM_DIR/versions/node/v${NODEJS_24_VERSION}
+ENV NODEJS_HOME_22=$NVM_DIR/versions/node/v${NODEJS_22_VERSION}
+
+# kube
+ENV KUBECONFIG=/home/user/.kube/config
+
+USER 0
+
+# Required packages for AWT
+RUN dnf install -y libXext libXrender libXtst libXi
+
+# Lombok
+ENV LOMBOK_VERSION=1.18.42
+RUN wget -O /usr/local/lib/lombok.jar https://projectlombok.org/downloads/lombok-${LOMBOK_VERSION}.jar
+
+# Scala
+RUN curl -fLo cs https://git.io/coursier-cli && \
+    chmod +x cs && \
+    mv cs /usr/local/bin/
+RUN curl -fLo sbt https://raw.githubusercontent.com/dwijnand/sbt-extras/master/sbt && \
+    chmod +x sbt && \
+    mv sbt /usr/local/bin/
+RUN curl -fLo mill https://raw.githubusercontent.com/lefou/millw/main/millw && \
+    chmod +x mill && \
+    mv mill /usr/local/bin/
+
+# C/CPP
+# Cleanup added
+RUN dnf -y install gcc gcc-c++ clang clang-libs clang-tools-extra gdb && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Go 1.25+    - installed to /usr/bin/go
+# gopls 0.21.0+ - installed to /home/tooling/go/bin/gopls and /home/tooling/go/pkg/mod/
+# Cleanup added
+RUN dnf install -y go-toolset && \
+    GO111MODULE=on go install -v golang.org/x/tools/gopls@v0.21.0 && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf && \
+    chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
+ENV GOBIN="/home/tooling/go/bin/"
+ENV PATH="$GOBIN:$PATH"
+
+# Python
+# Cleanup added
+RUN dnf -y install python3.13 python3.13-devel python3.13-setuptools python3.13-pip nss_wrapper && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+RUN cd /usr/bin \
+    && if [ ! -L python ]; then ln -s python3.13 python; fi \
+    && if [ ! -L pydoc ]; then ln -s pydoc3.13 pydoc; fi \
+    && if [ ! -L python-config ]; then ln -s python3.13-config python-config; fi \
+    && if [ ! -L pip ]; then ln -s pip-3.13 pip; fi
+
+RUN pip install pylint yq
+
+# PHP
+# Cleanup added
+RUN dnf install -y --setopt=tsflags=nodocs \
+    php php-mysqlnd php-pgsql php-bcmath \
+    php-gd php-intl php-json php-ldap php-mbstring php-pdo \
+    php-pear php-zlib php-mysqli php-curl php-xml php-devel \
+    php-process php-soap php-opcache php-fpm ca-certificates \
+    php-gmp php-pecl-xdebug php-pecl-zip mod_ssl hostname composer && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+ENV PHP_DEFAULT_INCLUDE_PATH=/usr/share/pear \
+    PHP_SYSCONF_PATH=/etc \
+    PHP_HTTPD_CONF_FILE=php.conf \
+    HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
+    HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
+    HTTPD_MODULES_CONF_D_PATH=/etc/httpd/conf.modules.d \
+    HTTPD_VAR_RUN=/var/run/httpd \
+    HTTPD_DATA_PATH=/var/www \
+    HTTPD_DATA_ORIG_PATH=/var/www \
+    HTTPD_VAR_PATH=/var
+
+# .NET
+# Cleanup added
+ENV DOTNET_RPM_VERSION=10.0
+RUN dnf install -y dotnet-hostfxr-${DOTNET_RPM_VERSION} dotnet-runtime-${DOTNET_RPM_VERSION} dotnet-sdk-${DOTNET_RPM_VERSION} && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# rust
+ENV CARGO_HOME=/home/tooling/.cargo \
+    RUSTUP_HOME=/home/tooling/.rustup \
+    PATH=/home/tooling/.cargo/bin:${PATH}
+RUN curl --proto '=https' --tlsv1.2 -sSfo rustup https://sh.rustup.rs && \
+    chmod +x rustup && \
+    mv rustup /usr/bin/ && \
+    rustup -y --no-modify-path --profile minimal -c rust-src -c rust-analysis -c rust-analyzer && \
+    chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
+
+# camel-k
+ENV KAMEL_VERSION 2.8.0
+RUN curl -L https://github.com/apache/camel-k/releases/download/v${KAMEL_VERSION}/camel-k-client-${KAMEL_VERSION}-linux-${TARGETARCH}.tar.gz | tar -C /usr/local/bin -xz --no-same-owner \
+    && chmod +x /usr/local/bin/kamel
+
+# Config directories
+RUN mkdir -p /home/tooling/.m2 && \
+    mkdir -p /home/tooling/.gradle && \
+    mkdir -p /home/tooling/.config/pip && \
+    mkdir -p /home/tooling/.sbt/1.0 && \
+    mkdir -p /home/tooling/.cargo && \
+    mkdir -p /home/tooling/certs && \
+    mkdir -p /home/tooling/.composer && \
+    mkdir -p /home/tooling/.nuget && \
+    chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
+
+# Cloud
+
+# oc client
+ENV OC_VERSION=4.20
+RUN if [ "$TARGETARCH" = "arm64" ]; then \
+    curl -L https://mirror.openshift.com/pub/openshift-v4/arm64/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz; \
+    else \
+    curl -L https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz; \
+    fi | tar -C /usr/local/bin -xz --no-same-owner && \
+    chmod +x /usr/local/bin/oc
+
+# OS Pipelines CLI (tkn)
+ENV TKN_VERSION=1.20.0
+RUN curl -L https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/${TKN_VERSION}/tkn-linux-${TARGETARCH}.tar.gz | tar -C /usr/local/bin -xz --no-same-owner \
+    && chmod +x /usr/local/bin/tkn /usr/local/bin/opc /usr/local/bin/tkn-pac
+
+RUN echo 'alias docker=podman' >> ${PROFILE_EXT}
+
+# Configure container engine
+COPY --chown=0:0 containers.conf /etc/containers/containers.conf
+
+ENV K8S_VERSION=1.28
+## kubectl
+RUN <<EOF
+set -euf -o pipefail
+
+cat <<EOF2 > /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v${K8S_VERSION}/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v${K8S_VERSION}/rpm/repodata/repomd.xml.key
+EOF2
+
+dnf install -y kubectl
+curl -sSL -o ~/.kubectl_aliases https://raw.githubusercontent.com/ahmetb/kubectl-alias/master/.kubectl_aliases
+echo '[ -f ~/.kubectl_aliases ] && source ~/.kubectl_aliases' >> ${PROFILE_EXT}
+EOF
+
+## shellcheck
+RUN <<EOF
+dnf install -y xz
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+SHELL_CHECK_VERSION="0.11.0"
+if [ "$TARGETARCH" = "arm64" ]; then
+    SHELL_CHECK_ARCH="aarch64"
+else
+    SHELL_CHECK_ARCH="x86_64"
+fi
+SHELL_CHECK_TGZ="shellcheck-v${SHELL_CHECK_VERSION}.linux.${SHELL_CHECK_ARCH}.tar.xz"
+SHELL_CHECK_TGZ_URL="https://github.com/koalaman/shellcheck/releases/download/v${SHELL_CHECK_VERSION}/${SHELL_CHECK_TGZ}"
+curl -sSLO "${SHELL_CHECK_TGZ_URL}"
+tar -xv --no-same-owner -f "${SHELL_CHECK_TGZ}"
+mv "${TEMP_DIR}"/shellcheck-v${SHELL_CHECK_VERSION}/shellcheck /bin/shellcheck
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+## krew
+RUN <<EOF
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+KREW_VERSION="0.4.5"
+KREW_ARCH="linux_${TARGETARCH}"
+KREW_TGZ="krew-${KREW_ARCH}.tar.gz"
+KREW_TGZ_URL="https://github.com/kubernetes-sigs/krew/releases/download/v${KREW_VERSION}/${KREW_TGZ}"
+curl -sSLO "${KREW_TGZ_URL}"
+curl -sSLO "${KREW_TGZ_URL}.sha256"
+
+# File ${KREW_TGZ_URL}.sha256 has invalid format to be checked with sha256sum.
+# It needs to create a valid one.
+echo "$(cat ${KREW_TGZ}.sha256)  ${KREW_TGZ}" > "${KREW_TGZ}.sha256"
+
+sha256sum -c "${KREW_TGZ}.sha256" 2>&1 | grep OK
+
+tar -zxv --no-same-owner -f "${KREW_TGZ}"
+./"krew-${KREW_ARCH}" install krew
+echo 'export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"' >> ${PROFILE_EXT}
+export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
+# kubens and kubectx
+kubectl krew install ns
+kubectl krew install ctx
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+## helm
+RUN <<EOF
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+HELM_VERSION="4.0.4"
+HELM_ARCH="linux-${TARGETARCH}"
+HELM_TGZ="helm-v${HELM_VERSION}-${HELM_ARCH}.tar.gz"
+HELM_TGZ_URL="https://get.helm.sh/${HELM_TGZ}"
+curl -sSLO "${HELM_TGZ_URL}"
+curl -sSLO "${HELM_TGZ_URL}.sha256sum"
+sha256sum -c "${HELM_TGZ}.sha256sum" 2>&1 | grep OK
+tar -zxv --no-same-owner -f "${HELM_TGZ}"
+mv "${HELM_ARCH}"/helm /usr/local/bin/helm
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+## kustomize
+RUN <<EOF
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+KUSTOMIZE_VERSION="5.8.0"
+KUSTOMIZE_ARCH="linux_${TARGETARCH}"
+KUSTOMIZE_TGZ="kustomize_v${KUSTOMIZE_VERSION}_${KUSTOMIZE_ARCH}.tar.gz"
+KUSTOMIZE_TGZ_URL="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/${KUSTOMIZE_TGZ}"
+KUSTOMIZE_CHEKSUMS_URL="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/checksums.txt"
+curl -sSLO "${KUSTOMIZE_TGZ_URL}"
+curl -sSLO "${KUSTOMIZE_CHEKSUMS_URL}"
+sha256sum --ignore-missing -c "checksums.txt" 2>&1 | grep OK
+tar -zxv --no-same-owner -f "${KUSTOMIZE_TGZ}"
+mv kustomize /usr/local/bin/
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+## tektoncd-cli
+RUN <<EOF
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+TKN_VERSION="0.43.0"
+if [ "$TARGETARCH" = "arm64" ]; then
+    TKN_ARCH="Linux_aarch64"
+else
+    TKN_ARCH="Linux_x86_64"
+fi
+TKN_TGZ="tkn_${TKN_VERSION}_${TKN_ARCH}.tar.gz"
+TKN_TGZ_URL="https://github.com/tektoncd/cli/releases/download/v${TKN_VERSION}/${TKN_TGZ}"
+TKN_CHEKSUMS_URL="https://github.com/tektoncd/cli/releases/download/v${TKN_VERSION}/checksums.txt"
+curl -sSLO "${TKN_TGZ_URL}"
+curl -sSLO "${TKN_CHEKSUMS_URL}"
+sha256sum --ignore-missing -c "checksums.txt" 2>&1 | grep OK
+tar -zxv --no-same-owner -f "${TKN_TGZ}"
+mv tkn /usr/local/bin/
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+## knative-cli
+RUN <<EOF
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+KN_VERSION="1.20.0"
+KN_ARCH="linux-${TARGETARCH}"
+KN_BIN="kn-${KN_ARCH}"
+KN_BIN_URL="https://github.com/knative/client/releases/download/knative-v${KN_VERSION}/${KN_BIN}"
+KN_CHEKSUMS_URL="https://github.com/knative/client/releases/download/knative-v${KN_VERSION}/checksums.txt"
+curl -sSLO "${KN_BIN_URL}"
+curl -sSLO "${KN_CHEKSUMS_URL}"
+sha256sum --ignore-missing -c "checksums.txt" 2>&1 | grep OK
+mv "${KN_BIN}" kn
+chmod +x kn
+mv kn /usr/local/bin
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+## terraform-cli
+RUN <<EOF
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+TF_VERSION="1.14.2"
+TF_ARCH="linux_${TARGETARCH}"
+TF_ZIP="terraform_${TF_VERSION}_${TF_ARCH}.zip"
+TF_ZIP_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ZIP}"
+TF_CHEKSUMS_URL="https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_SHA256SUMS"
+curl -sSLO "${TF_ZIP_URL}"
+curl -sSLO "${TF_CHEKSUMS_URL}"
+sha256sum --ignore-missing -c "terraform_${TF_VERSION}_SHA256SUMS" 2>&1 | grep OK
+unzip ${TF_ZIP}
+chmod +x terraform
+mv terraform /usr/local/bin
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+## skaffold
+RUN curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-${TARGETARCH} && \
+    install skaffold /usr/local/bin/
+
+# e2fsprogs setup
+# Since e2fsprogs-static package has removed RHEL 8 distribution, it is not possible to install from the repository
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index#removed-packages_changes-to-packages
+RUN <<EOF
+set -euf -o pipefail
+TEMP_DIR="$(mktemp -d)"
+cd "${TEMP_DIR}"
+E2FSPROGS_VERSION="1.47.3"
+E2FSPROGS_TGZ="e2fsprogs-${E2FSPROGS_VERSION}.tar.gz"
+E2FSPROGS_TGZ_URL="https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v${E2FSPROGS_VERSION}/${E2FSPROGS_TGZ}"
+E2FSPROGS_CHEKSUMS_URL="https://mirrors.edge.kernel.org/pub/linux/kernel/people/tytso/e2fsprogs/v${E2FSPROGS_VERSION}/sha256sums.asc"
+curl -sSLO "${E2FSPROGS_TGZ_URL}"
+curl -sSLO "${E2FSPROGS_CHEKSUMS_URL}"
+sha256sum --ignore-missing -c "sha256sums.asc" 2>&1 | grep OK
+tar -zxv --no-same-owner -f "${E2FSPROGS_TGZ}"
+cd "e2fsprogs-${E2FSPROGS_VERSION}"
+mkdir build
+cd build
+../configure --prefix=/usr --with-root-prefix="" --enable-elf-shlibs --disable-evms
+make
+make install
+make install-libs
+cd -
+rm -rf "${TEMP_DIR}"
+EOF
+
+# Bash completions
+RUN dnf -y install bash-completion \
+    && dnf clean all \
+    && rm -rf /var/cache/yum
+
+RUN <<EOF
+oc completion bash > /usr/share/bash-completion/completions/oc
+tkn completion bash > /usr/share/bash-completion/completions/tkn 
+kubectl completion bash > /usr/share/bash-completion/completions/kubectl
+cat ${NVM_DIR}/bash_completion > /usr/share/bash-completion/completions/nvm
+EOF
+
+## Add sdkman's init script launcher to the end of ${PROFILE_EXT} since we are not adding it on sdkman install
+## NOTE: all modifications to ${PROFILE_EXT} must happen BEFORE this step in order for sdkman to function correctly
+RUN echo 'export SDKMAN_DIR="/home/tooling/.sdkman"' >> ${PROFILE_EXT}
+RUN echo '[[ -s "$SDKMAN_DIR/bin/sdkman-init.sh" ]] && source "$SDKMAN_DIR/bin/sdkman-init.sh"' >> ${PROFILE_EXT}
+
+# Create symbolic links from /home/tooling/ -> /home/user/
+RUN stow . -t /home/user/ -d /home/tooling/ --no-folding
+
+# Set permissions on /etc/passwd, /etc/group, /etc/pki and /home to allow arbitrary users to write
+RUN chgrp -R 0 /home && chmod -R g=u /etc/passwd /etc/group /home /etc/pki
+
+# cleanup dnf cache
+RUN dnf -y clean all --enablerepo='*'
+
+USER 10001
+
+ENV HOME=/home/user
diff --git a/universal/ubi10/containers.conf b/universal/ubi10/containers.conf
new file mode 100644
index 00000000..f6ad1381
--- /dev/null
+++ b/universal/ubi10/containers.conf
@@ -0,0 +1,4 @@
+[containers]
+default_ulimits = [
+ "nofile=65535:65535",
+]
diff --git a/universal/ubi9/Dockerfile b/universal/ubi9/Dockerfile
index 78cb4b37..04d3db15 100644
--- a/universal/ubi9/Dockerfile
+++ b/universal/ubi9/Dockerfile
@@ -125,9 +125,9 @@ RUN curl -fLo mill https://raw.githubusercontent.com/lefou/millw/main/millw && \
 RUN dnf -y install llvm-toolset gcc gcc-c++ clang clang-libs clang-tools-extra gdb
 
 # Go 1.22+    - installed to /usr/bin/go
-# gopls 0.16.2+ - installed to /home/tooling/go/bin/gopls and /home/tooling/go/pkg/mod/
+# gopls 0.21.0+ - installed to /home/tooling/go/bin/gopls and /home/tooling/go/pkg/mod/
 RUN dnf install -y go-toolset && \
-    GO111MODULE=on go install -v golang.org/x/tools/gopls@v0.16.2 && \
+    GO111MODULE=on go install -v golang.org/x/tools/gopls@v0.21.0 && \
     chgrp -R 0 /home/tooling && chmod -R g=u /home/tooling
 ENV GOBIN="/home/tooling/go/bin/"
 ENV PATH="$GOBIN:$PATH"