diff --git a/tekton/README.md b/tekton/README.md
index 1a26f6a467d..8ac472a6b2b 100644
--- a/tekton/README.md
+++ b/tekton/README.md
@@ -111,9 +111,8 @@ kubectl apply -f tekton/resources.yaml
 - [`publish.yaml`](publish.yaml) - This `Task` uses
   [`kaniko`](https://github.com/GoogleContainerTools/kaniko) to build and
   publish base images, and uses
-  [`ko`](https://github.com/google/go-containerregistry/tree/master/cmd/ko) to
-  build all of the container images we release and generate the
-  `release.yaml`
+  [`ko`](https://github.com/google/ko) to build all of the container images we
+release and generate the `release.yaml`
 - [`release-pipeline.yaml`](./release-pipeline.yaml) - This `Pipeline`
   uses the
   [`golang`](https://github.com/tektoncd/catalog/tree/master/golang)
diff --git a/tekton/publish.yaml b/tekton/publish.yaml
index 0bdbeb30da8..dd0de16daf0 100644
--- a/tekton/publish.yaml
+++ b/tekton/publish.yaml
@@ -106,9 +106,6 @@ spec:
       # Setup docker-auth
       gcloud auth configure-docker
 
-      # ko requires this variable to be set in order to set image creation timestamps correctly https://github.com/google/go-containerregistry/pull/146
-      export SOURCE_DATE_EPOCH=`date +%s`
-
       # Change to directory with our .ko.yaml
       cd /workspace/go/src/github.com/tektoncd/pipeline
 
@@ -157,7 +154,7 @@ spec:
       fi
 
   - name: tag-images
-    image: gcr.io/google.com/cloudsdktool/cloud-sdk
+    image: gcr.io/go-containerregistry/crane:debug
     script: |
       #!/usr/bin/env bash
       set -ex
@@ -177,8 +174,14 @@ spec:
       # Parse the built images from the release.yaml generated by ko
       BUILT_IMAGES=( $(/workspace/go/src/github.com/tektoncd/pipeline/tekton/koparse/koparse.py --path /workspace/output/bucket/previous/$(params.versionTag)/release.yaml --base $(params.imageRegistry)/$(params.pathToProject) --images ${IMAGES[@]}) )
 
-      # Auth with account credentials
-      gcloud auth activate-service-account --key-file=/secret/release.json
+      # Auth with account credentials for all regions.
+      HOSTNAME=gcr.io
+      cat /secret/release.json | crane auth login -u _json_key --password-stdin https://${HOSTNAME}
+      for REGION in "${REGIONS[@]}"
+      do
+        HOSTNAME=${REGION}.gcr.io
+        cat /secret/release.json | crane auth login -u _json_key --password-stdin https://${HOSTNAME}
+      done
 
       # Tag the images and put them in all the regions
       for IMAGE in "${BUILT_IMAGES[@]}"
@@ -189,7 +192,7 @@ spec:
 
         if [[ "$(params.releaseAsLatest)" == "true" ]]
         then
-          gcloud -q container images add-tag ${IMAGE_WITH_SHA} ${IMAGE_WITHOUT_SHA_AND_TAG}:latest
+          crane cp ${IMAGE_WITH_SHA} ${IMAGE_WITHOUT_SHA_AND_TAG}:latest
         fi
 
         for REGION in "${REGIONS[@]}"
@@ -198,11 +201,11 @@ spec:
           then
             for TAG in "latest" $(params.versionTag)
             do
-              gcloud -q container images add-tag ${IMAGE_WITH_SHA} ${REGION}.${IMAGE_WITHOUT_SHA_AND_TAG}:$TAG
+              crane cp ${IMAGE_WITH_SHA} ${REGION}.${IMAGE_WITHOUT_SHA_AND_TAG}:$TAG
             done
           else
             TAG="$(params.versionTag)"
-            gcloud -q container images add-tag ${IMAGE_WITH_SHA} ${REGION}.${IMAGE_WITHOUT_SHA_AND_TAG}:$TAG
+            crane cp ${IMAGE_WITH_SHA} ${REGION}.${IMAGE_WITHOUT_SHA_AND_TAG}:$TAG
           fi
         done
       done