diff --git a/.github/workflows/docker-build-image.yml b/.github/workflows/docker-build-image.yml
index fa557cd8199..722efa93d4b 100644
--- a/.github/workflows/docker-build-image.yml
+++ b/.github/workflows/docker-build-image.yml
@@ -50,7 +50,12 @@ jobs:
         id: name
         run: |
           echo "image_name=$(echo ${{ inputs.image-name }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
-          echo "repository=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+          # if pr then actor not repository owner otherwise we can not push to ghcr.io
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            echo "repository=$(echo ${{ github.actor }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+          else
+            echo "repository=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+          fi
 
       - name: set PARENT_IMAGE only if specified
         id: parent
@@ -125,7 +130,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.repository_owner }}
+          username: ${{ steps.name.outputs.repository }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       # build the docker images
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 63850e4a150..b0a89ae75cd 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -67,6 +67,41 @@ jobs:
       # If seeing weird results here, check that all steps above have an id set.
       R_VERSION: ${{ join(steps.*.outputs.R_VERSION, '') }}
 
+  push_test:
+    permissions:
+      packages: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: lowercase image name
+        id: name
+        run: |
+          echo "image_name=$(echo ${{ inputs.image-name }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+          # if pr then actor not repository owner otherwise we can not push to ghcr.io
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            echo "repository=$(echo ${{ github.actor }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+          else
+            echo "repository=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+          fi
+      # setup docker build
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ steps.name.outputs.repository }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Test GHCR push permissions
+        run: |
+          echo "FROM alpine" | docker build -t ghcr.io/${{ steps.name.outputs.repository }}/test:${{ github.sha }} -
+          docker push ghcr.io/${{ steps.name.outputs.repository }}/test:${{ github.sha }}   
+
   # ----------------------------------------------------------------------
   # depends image has all the dependencies installed
   # ----------------------------------------------------------------------
@@ -206,6 +241,7 @@ jobs:
       build-context: ${{ matrix.CONTEXT }}
       dockerfile: ${{ matrix.DOCKERFILE }}
       r-version: ${{ needs.rversion.outputs.R_VERSION }}
+      parent-image: "base"
       platforms: ${{ matrix.PLATFORM }}
     secrets: inherit