diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 747e0c749a5dadf46d2256d59d6a9163213f9fee..f3e55f6ac2c72391502ae5d9b8bee364475ce930 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,12 +21,14 @@ stages:
   - push
 
 # Hidden key meant to be included in other jobs, for factorization
+# Login to registry and pull built image
 .pull-modified-image: &pull-modified-image
   image: $REGISTRY_PROD/pica-ci-base
   tags: [build]
   before_script:
-    - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
+    - sh image_modified_last_commit.sh
     - source variables
+    - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
     - docker pull $MODIFIED_IMAGE_FULL_TEST
 
 # Build the base image used for all further steps : this is done only when pica-ci's Dockerfile is modified
@@ -48,33 +50,16 @@ pica-ci-base:
       allow_failure: true
     - when: never
 
-# Create a file a few environment variables added (which Dockerfile has been modified, the complete name of the image...)
-# The file will be an artifact shared with further steps
-set-variables:
-  stage: ci-base
-  tags: [build]
-  image: $REGISTRY_PROD/pica-ci-base
-  script:
-    - chmod +x ./get-modified-image.sh
-    - ./get-modified-image.sh
-  # If there are changes in any of the files and folders of 'pica-*' or
-  # 'meta-*', then propose a manual build
-  rules:
-    - changes:
-      - "pica-*/**"
-      when: always
-      allow_failure: true
-    - when: never
-
 # Build the image that was modified
 build:
   stage: build
   tags: [build]
   image: $REGISTRY_PROD/pica-ci-base
   before_script:
+    - sh image_modified_last_commit.sh
+    - source variables
     # First login on the production registry, in case the image is based on another registry image
     - echo $REGISTRY_PROD_PASSWORD | docker login $REGISTRY_PROD -u $REGISTRY_PROD_USERNAME --password-stdin
-    - source variables
   script:
     # Build the image
     - docker build -f $MODIFIED_IMAGE/Dockerfile $MODIFIED_IMAGE -t $MODIFIED_IMAGE_FULL_TEST
@@ -159,7 +144,9 @@ docker-bench-security:
       - "meta-*/**"
       when: manual
       allow_failure: true
+    - when: never
 
+    
 # Push the generated image on the production registry,
 # once it passed all security tests and has been successfully built
 # and run on the test virtual machine
@@ -178,3 +165,4 @@ push-prod:
       changes:
       - "pica-*/**"
       when: manual
+    - when: never
diff --git a/get-modified-image.sh b/image_modified_last_commit.sh
similarity index 100%
rename from get-modified-image.sh
rename to image_modified_last_commit.sh