diff --git a/.buildkite/pipelines/renovate_helper.yml b/.buildkite/pipelines/renovate_helper.yml
index 68f11f7d99a72..1c51c7197254d 100644
--- a/.buildkite/pipelines/renovate_helper.yml
+++ b/.buildkite/pipelines/renovate_helper.yml
@@ -5,13 +5,11 @@ agents:
   machineType: n2-standard-2
 steps:
   - group: 'Renovate PR opened or comment'
-    if: >-
-      "(build.env('GITHUB_PR_USER') == 'elastic-renovate-prod[bot]' && build.env('GITHUB_PR_EVENT_TYPE') == 'pull_request' && build.env('GITHUB_PR_EVENT_ACTION') == 'opened')
-       || (build.env('GITHUB_PR_EVENT_TYPE') == 'issue_comment' && build.env('GITHUB_PR_EVENT_ACTION') == 'created')"
+    if: build.env('GITHUB_PR_USER') == 'elastic-renovate-prod[bot]' && ((build.env('GITHUB_PR_EVENT_TYPE') == 'pull_request' && build.env('GITHUB_PR_EVENT_ACTION') == 'opened') || (build.env('GITHUB_PR_EVENT_TYPE') == 'issue_comment' && build.env('GITHUB_PR_EVENT_ACTION') == 'created'))
 
     steps:
       - command: .buildkite/scripts/steps/renovate/renovate_helper.sh
-        label: 'Run Renovate helper on PR opened or comment'
+        label: 'Run Renovate helper'
         key: renovate_helper
         timeout_in_minutes: 20
         retry:
@@ -22,7 +20,7 @@ steps:
       - wait: ~
 
       - command: .buildkite/scripts/steps/renovate/trigger_pr.sh
-        label: 'Trigger Kibana PR pipeline on PR opened or comment'
+        label: 'Trigger Kibana PR pipeline'
         key: trigger_pr_opened
         timeout_in_minutes: 10
         retry:
@@ -32,15 +30,10 @@ steps:
 
   - group: 'Renovate PR updated'
     # GITHUB_PR_USER is the PR author and GITHUB_PR_TRIGGER_USER is the commit author
-    if: >-
-      "build.env('GITHUB_PR_USER') == 'elastic-renovate-prod[bot]'
-       && build.env('GITHUB_PR_TRIGGER_USER') != 'elastic-renovate-prod[bot]'
-       && build.env('GITHUB_PR_EVENT_TYPE') == 'pull_request'
-       && build.env('GITHUB_PR_EVENT_ACTION') == 'synchronize'"
-
+    if: build.env('GITHUB_PR_USER') == 'elastic-renovate-prod[bot]' && build.env('GITHUB_PR_TRIGGER_USER') != 'elastic-renovate-prod[bot]' && build.env('GITHUB_PR_EVENT_TYPE') == 'pull_request' && build.env('GITHUB_PR_EVENT_ACTION') == 'synchronize'
     steps:
       - command: .buildkite/scripts/steps/renovate/trigger_pr.sh
-        label: 'Trigger Kibana PR pipeline on PR updated'
+        label: 'Trigger Kibana PR pipeline'
         key: trigger_pr_updated
         timeout_in_minutes: 10
         retry:
diff --git a/.buildkite/pull_requests.json b/.buildkite/pull_requests.json
index a8d5075486580..565706057488c 100644
--- a/.buildkite/pull_requests.json
+++ b/.buildkite/pull_requests.json
@@ -117,7 +117,7 @@
       "allow_org_users": true,
       "allowed_repo_permissions": ["admin", "write"],
       "allowed_list": ["elastic-vault-github-plugin-prod[bot]"],
-      "build_on_commit": false,
+      "build_on_commit": true,
       "build_on_comment": true,
       "build_drafts": false,
       "trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:run)\\W+(?:renovate)\\W+(?:helper))$",
diff --git a/.buildkite/scripts/steps/renovate/renovate_helper.sh b/.buildkite/scripts/steps/renovate/renovate_helper.sh
index 8da61ce5f1e2f..93314271876a0 100755
--- a/.buildkite/scripts/steps/renovate/renovate_helper.sh
+++ b/.buildkite/scripts/steps/renovate/renovate_helper.sh
@@ -2,12 +2,17 @@
 
 set -euo pipefail
 
-echo --- Called Renovate Helper
-exit 0
-
 source .buildkite/scripts/common/util.sh
+.buildkite/scripts/bootstrap.sh
 
 echo --- Deduplicate yarn.lock
 cmd="node scripts/yarn_deduplicate.js && yarn kbn bootstrap && node scripts/yarn_deduplicate.js"
 eval "$cmd"
 check_for_changed_files "$cmd" true
+
+echo --- Additional helpers
+# We only want the deploy label on the main branch instead of all branches in the Renovate group
+if [ "$GITHUB_PR_BRANCH" = "renovate/main-chainguard" ] && ! is_pr_with_label "ci:cloud-deploy"; then
+  echo "Adding deploy label to main chainguard PR"
+  gh api "repos/elastic/kibana/issues/${GITHUB_PR_NUMBER}/labels" --method POST -f "labels[]=ci:cloud-deploy" >/dev/null
+fi
diff --git a/.buildkite/scripts/steps/renovate/trigger_pr.sh b/.buildkite/scripts/steps/renovate/trigger_pr.sh
index b485e10e3544e..63f2d4dfbdcf0 100755
--- a/.buildkite/scripts/steps/renovate/trigger_pr.sh
+++ b/.buildkite/scripts/steps/renovate/trigger_pr.sh
@@ -3,6 +3,12 @@
 set -euo pipefail
 
 echo --- Triggering Kibana Pull Request Pipeline
-exit 0
 
-ts-node .buildkite/scripts/steps/trigger_pipeline.ts kibana-pull-request "$BUILDKITE_BRANCH"
+# The Github env vars need to be passed along manually
+# GITHUB_PR_* is used to avoid any sensitive vars being passed along
+GITHUB_ENV_VARS=()
+for var in $(env | grep ^GITHUB_PR_ | cut -d= -f1); do
+  GITHUB_ENV_VARS+=("$var=${!var}")
+done
+
+ts-node .buildkite/scripts/steps/trigger_pipeline.ts kibana-pull-request "$BUILDKITE_BRANCH" "$BUILDKITE_COMMIT" "" "${GITHUB_ENV_VARS[*]}"
diff --git a/.buildkite/scripts/steps/trigger_pipeline.ts b/.buildkite/scripts/steps/trigger_pipeline.ts
index a9c478b3a02b9..629611ce7d1a9 100644
--- a/.buildkite/scripts/steps/trigger_pipeline.ts
+++ b/.buildkite/scripts/steps/trigger_pipeline.ts
@@ -13,6 +13,8 @@ const pipelineSlug = process.argv[2];
 const branch = process.argv[3] || 'main';
 const commit = process.argv[4] || 'HEAD';
 const kibanaBuildId = process.argv[5] || '';
+// key=value pairs in space separated string
+const extraEnvVariables = process.argv[6] || '';
 
 (async () => {
   try {
@@ -22,6 +24,11 @@ const kibanaBuildId = process.argv[5] || '';
       branch,
       env: {
         ...(kibanaBuildId && { KIBANA_BUILD_ID: kibanaBuildId }),
+        ...extraEnvVariables.split(' ').reduce<Record<string, string>>((acc, varString) => {
+          const [key, value] = varString.split('=');
+          acc[key] = value;
+          return acc;
+        }, {}),
       },
       ignore_pipeline_branch_filters: true, // Required because of a Buildkite bug
     });