diff --git a/.github/actions/config/action.yml b/.github/actions/config/action.yml
index ed10df1..02e576f 100644
--- a/.github/actions/config/action.yml
+++ b/.github/actions/config/action.yml
@@ -1,5 +1,6 @@
 ---
 name: Set Environment Variables
+description: Set Environment Variables
 
 inputs:
   VARIANT:
@@ -52,12 +53,12 @@ runs:
           echo "LATEST_TAG=latest" >> $GITHUB_OUTPUT
         fi
 
-        REGISTRY=quay.io
-        REGISTRY_USER="almalinuxorg+airibarr_bot"
-        IMAGE_PATH="almalinuxorg"
-        IMAGE_NAME="atomic-desktop"
-        PLATFORMS="arm64,amd64,amd64/v2"
-        VARIANTS="gnome,kde"
+        REGISTRY=ghcr.io
+        REGISTRY_USER=${{ github.actor }}
+        IMAGE_PATH=${{ github.repository_owner }}
+        IMAGE_NAME=${{ github.event.repository.name }}
+        PLATFORMS="arm64"
+        VARIANTS="gnome,kde,cosmic"
 
         echo "REGISTRY=${REGISTRY}" >> $GITHUB_OUTPUT
         echo "REGISTRY_USER=${REGISTRY_USER}" >> $GITHUB_OUTPUT
@@ -73,4 +74,13 @@ runs:
           echo "MATRIX={\"variant\": [\"${{ inputs.VARIANT }}\"]}" >> $GITHUB_OUTPUT
         fi
 
-        echo "IS_SIGNED=true" >> $GITHUB_OUTPUT
+        # This is a workaround so that the expansion of SIGNING_SECRET doesn't break the if statement
+        SECRET=$(cat <<EOF
+        ${{ inputs.SIGNING_SECRET }}
+        EOF
+        )
+        if [ -z "${SECRET}" ]; then
+          echo "IS_SIGNED=false" >> $GITHUB_OUTPUT
+        else
+          echo "IS_SIGNED=true" >> $GITHUB_OUTPUT
+        fi
diff --git a/.github/workflows/build-iso.yml b/.github/workflows/build-iso.yml
index cf2b303..3d33d09 100644
--- a/.github/workflows/build-iso.yml
+++ b/.github/workflows/build-iso.yml
@@ -11,6 +11,7 @@ on:
         options:
           - 'gnome'
           - 'kde'
+          - 'cosmic'
           - 'ALL'
 
 concurrency:
diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
index dd17f87..4f8225c 100644
--- a/.github/workflows/reusable-build.yml
+++ b/.github/workflows/reusable-build.yml
@@ -107,7 +107,9 @@ jobs:
             - Systemd: <relver:systemd>
             - Glibc: <relver:glibc>
             - Bootc: <relver:bootc>
-            - ${{ inputs.variant == 'gnome' && 'GNOME: <version:gdm>' || 'KDE: <version:plasma-desktop>' }}
+            - ${{ inputs.variant == 'gnome' && 'GNOME: <version:gdm>'
+                || inputs.variant == 'kde' && 'KDE: <version:plasma-desktop>'
+                || inputs.variant == 'cosmic' && 'COSMIC: <version:cosmic-epoch>' }}
       KMS_KEY_ALIAS: ${{ inputs.KMS_KEY_ALIAS }}
       AWS_REGION: ${{ inputs.AWS_REGION }}
       generate-sbom: true
diff --git a/Dockerfile b/Dockerfile
index 676c87d..1aec535 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ COPY files/scripts /build_files/
 COPY *.pub /keys/
 
 # Base Image
-FROM quay.io/almalinuxorg/almalinux-bootc:10@sha256:33cdd2cd472e007b7e14c8d534dec6dd80ca95096921cd18a9405a1b45c9e9cb
+FROM ghcr.io/eseiker/almalinux-asahi-atomic:10@sha256:fad7d0177b595b03d9ec3dccdf170f50636d03e256f28945788cbd02c4a844a3
 
 ARG IMAGE_NAME
 ARG IMAGE_REGISTRY
diff --git a/README.md b/README.md
index 10a2102..02c9e57 100644
--- a/README.md
+++ b/README.md
@@ -13,10 +13,12 @@ to get you started. Create your own Atomic AlmaLinux respin in minutes!
 Download and install from the ISOs:
 * [atomic-desktop-gnome-amd64.iso](https://almalinux-atomic.s3-accelerate.dualstack.amazonaws.com/atomic-desktop/latest/atomic-desktop-gnome-amd64.iso)
 * [atomic-desktop-kde-amd64.iso](https://almalinux-atomic.s3-accelerate.dualstack.amazonaws.com/atomic-desktop/latest/atomic-desktop-kde-amd64.iso)
+* [atomic-desktop-cosmic-amd64.iso](https://almalinux-atomic.s3-accelerate.dualstack.amazonaws.com/atomic-desktop/latest/atomic-desktop-cosmic-amd64.iso)
 
 Bootc images:
 * `quay.io/almalinuxorg/atomic-desktop-gnome`
 * `quay.io/almalinuxorg/atomic-desktop-kde`
+* `quay.io/almalinuxorg/atomic-desktop-cosmic`
 * Cosign public key: [cosign.pub](/cosign.pub)
 
 # Contributing
diff --git a/almalinux-asahi-atomic.pub b/almalinux-asahi-atomic.pub
new file mode 100644
index 0000000..89aa8c3
--- /dev/null
+++ b/almalinux-asahi-atomic.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvgiGgHQz0dkEVssJvuNe70m5AUpt
+BJXF0StH9iTz7r644UQNv5O2OpV70RCdJ74Sjx2UANzWlWndRP62rQ1VXQ==
+-----END PUBLIC KEY-----
diff --git a/almalinux-bootc.pub b/almalinux-bootc.pub
deleted file mode 100644
index 45d3e6b..0000000
--- a/almalinux-bootc.pub
+++ /dev/null
@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEptCZlNhnJ/MqYNBlUQ3IpyM/YvEO
-qOtXYnkMZ36aNiIk9vvCYs3HjUvECgCr0arl0lRh5822cJRCL8EsWKXYEA==
------END PUBLIC KEY-----
diff --git a/cosign.pub b/cosign.pub
index bdda0f3..29bbcb2 100644
--- a/cosign.pub
+++ b/cosign.pub
@@ -1,4 +1,4 @@
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqdVEERP3rl6YPIIsYYZb26DmHt3L
-Mz6/eRZpb/KP8p4vsLjGELs7H81z4DpkKH0y7CLYpHihXXvzWjSWWRwQgA==
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh0NYhUdd75gfPoq3H/QZ3JOAPDbz
+dlrJ+wS9PxcNBp9csBWdmFFoBYMiA1hPgEd7h+qVgRo5koscLI/64FiFZQ==
 -----END PUBLIC KEY-----
diff --git a/files/scripts/20-desktop.sh b/files/scripts/20-desktop.sh
index 66f07c7..881b1c9 100755
--- a/files/scripts/20-desktop.sh
+++ b/files/scripts/20-desktop.sh
@@ -31,6 +31,20 @@ elif [[ "${VARIANT}" == "kde" ]]; then
 
     systemctl enable sddm
 
+elif [[ "${VARIANT}" == "cosmic" ]]; then
+    # workaround: cosmic-greeter requires fprintd-pam but for aarch64 it's only in devel repo
+    if [[ "${TARGETARCH}" == "arm64" && ! $(dnf repoinfo devel -q | grep enabled) ]]; then
+        dnf install -y almalinux-release-devel
+        dnf config-manager --set-disabled devel
+        dnf install -y fprintd-pam --enablerepo=devel
+    fi
+
+    dnf copr enable -y "ligenix/enterprise-cosmic" "rhel+epel-10-$(uname -m)"
+    dnf install -y \
+        cosmic-desktop
+
+    systemctl enable cosmic-greeter
+
 else
     true