diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
index 351c8454..a381d8ed 100644
--- a/.github/workflows/CD.yml
+++ b/.github/workflows/CD.yml
@@ -1,11 +1,14 @@
 name: CD
 
-on: [push, pull_request]
+on:
+  push:
+    tags:
+      - '*'
 
 jobs:
   conda:
     name: build and deploy to conda
-    if: github.repository == 'payu-org/payu' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    if: github.repository == 'payu-org/payu'
     runs-on: ubuntu-latest
 
     # Steps represent a sequence of tasks that will be executed as part of the job
@@ -34,7 +37,7 @@ jobs:
 
   pypi-build:
     name: Build package for PyPI
-    if: github.repository == 'payu-org/payu' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    if: github.repository == 'payu-org/payu'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -54,7 +57,7 @@ jobs:
     # Split build and publish to restrict trusted publishing to just this workflow
     needs: ['pypi-build']
     name: Publish to PyPI.org
-    if: github.repository == 'payu-org/payu' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    if: github.repository == 'payu-org/payu'
     runs-on: ubuntu-latest
     permissions:
       # IMPORTANT: this permission is mandatory for trusted publishing