diff --git a/apps/prod/tekton/configs/pipelines/push-build-package.yaml b/apps/prod/tekton/configs/pipelines/push-build-package.yaml
index a9594e5b5..57ec33db6 100644
--- a/apps/prod/tekton/configs/pipelines/push-build-package.yaml
+++ b/apps/prod/tekton/configs/pipelines/push-build-package.yaml
@@ -34,6 +34,9 @@ spec:
     - name: git-credentials
       description: secret contains ssh private key in `id_rsa` key.
       optional: true
+    - name: mac-ssh-credentials
+      description: secret contains ssh private key in `id_rsa` key for login mac
+      optional: true      
   tasks:
     - name: checkout
       taskRef:
@@ -88,7 +91,7 @@ spec:
       #       value: [release, debug]
       params:
         - name: os
-          value: linux
+          value: darwin
         - name: arch
           value: amd64
         - name: profile
@@ -113,6 +116,8 @@ spec:
           workspace: source
         - name: dockerconfig
           workspace: dockerconfig
+        - name: ssh-directory
+          workspace: mac-ssh-credentials
     - name: build-images
       taskRef:
         # TODO: can we skaffold to make it simpler?
@@ -122,7 +127,7 @@ spec:
       # TODO: currently matrix feature is not support in v0.32.x, we need upgrade the K8S cluster and then upgrade Tekton.
       params:
         - name: os
-          value: linux
+          value: darwin
         - name: arch
           value: amd64
         - name: profile
diff --git a/apps/prod/tekton/configs/tasks/pingcap-build-binaries.yaml b/apps/prod/tekton/configs/tasks/pingcap-build-binaries.yaml
index 72a729524..f6db42eb8 100644
--- a/apps/prod/tekton/configs/tasks/pingcap-build-binaries.yaml
+++ b/apps/prod/tekton/configs/tasks/pingcap-build-binaries.yaml
@@ -15,6 +15,9 @@ spec:
       description: Includes a docker `config.json`
       mountPath: /root/.docker
       optional: true
+    - name: ssh-directory
+      optional: true
+      description: ssh credential for remote building on mac.
   results:
     - description: The package artifacts
       name: package-artifacts
@@ -62,9 +65,58 @@ spec:
         cat /workspace/build-package-artifacts.sh
     - name: build
       image: "$(params.builder-image)"
+      env:
+        - name: WORKSPACE_SSH_DIRECTORY_BOUND
+          value: $(workspaces.ssh-directory.bound)
       workingDir: $(workspaces.source.path)
+      # TODO: get the user and host by better way. 
       script: |
-        /workspace/build-package-artifacts.sh -b -a -w "$(params.release-dir)"
+        if ["$(params.os)" == "darwin"]; then
+          ##### Build mac targets in tekton task (k8s pod) ####
+          
+          # 0. got the go version(x.y) from the current container with `go version`.
+          go_bin_path="/usr/local/$(go version | cut -d ' ' -f 3 | cut -d '.' -f -2)/bin
+          
+          # 1. select a mac idle mac machine, if all busy, random one with correct arch.
+          username=$(cat ~/.ssh/username)
+          host=$(cat ~/.ssh/host)
+          workspace_base_dir="/Users/pingcap/workspace"
+
+          # 1.1 Set ssh credentials
+          if [ "${WORKSPACE_SSH_DIRECTORY_BOUND}" = "true" ] ; then
+            cp -R "${WORKSPACE_SSH_DIRECTORY_PATH}" ~/.ssh
+            chmod 700 ~/.ssh
+            chmod -R 400 ~/.ssh/*
+          fi
+
+          # 2. login to the mac with ssh and then execute the shell.
+          # 2.1 create a randon workspace dir in the remote host:
+          remote_workspace_dir="${workspace_base_dir}/$(uuid)"
+          ssh ${username}@${host} "mkdir -p '$remote_workspace_dir'"
+          
+          # 2.2 copy the build shell to the mac host by ssh.
+          scp /workspace/build-package-artifacts.sh ${username}@${host}:"$remote_workspace_dir/"
+          
+          # 2.3 copy source codes from workspace `source` to the mac host by ssh.
+          scp -r $(workspaces.source.path) ${username}@${host}:"$remote_workspace_dir/"
+          remote_workspace_source_path="$remote_workspace_dir/$(basename $(workspaces.source.path))"
+
+          # 2.4 run the shell on the mac host by ssh.
+          ssh <root>@<host> -t  "bash -lc '
+            PATH=${go_bin_path}:\$PATH;
+            cd remote_workspace_source_path;
+            ${remote_workspace_dir}/build-package-artifacts.sh -b -a -w $(params.release-dir)
+          '"
+
+          # 2.5 copy the artifacts from the mac hosts to the workspace `source`.
+          scp -r ${username}@${host}:"$remote_workspace_dir/$(params.release-dir)" ./
+
+          # 3. clean the workspace dir(it will be a random name) on the ssh mac host.
+          ssh ${username}@${host} "rm -rf '$remote_workspace_dir'"
+        else
+          # Linux
+          /workspace/build-package-artifacts.sh -b -a -w "$(params.release-dir)"
+        fi
     - name: publish
       image: ghcr.io/pingcap-qe/ci/release-utils:v20231107-4086b32
       workingDir: $(workspaces.source.path)
diff --git a/apps/prod/tekton/configs/tasks/pingcap-build-images.yaml b/apps/prod/tekton/configs/tasks/pingcap-build-images.yaml
index eece04723..11c132b1b 100644
--- a/apps/prod/tekton/configs/tasks/pingcap-build-images.yaml
+++ b/apps/prod/tekton/configs/tasks/pingcap-build-images.yaml
@@ -45,6 +45,11 @@ spec:
     - name: generate
       image: ghcr.io/pingcap-qe/ci/release-utils:v20231107-4086b32
       script: |
+        if [ "$(params.os)" != "linux" ]; then
+          echo "target os is not linux, skip it."
+          exit 0
+        fi
+
         git clone --depth=1 --branch=main https://github.com/PingCAP-QE/artifacts.git /workspace/artifacts
 
         /workspace/artifacts/packages/scripts/gen-package-images-with-config.sh \
@@ -66,4 +71,9 @@ spec:
         - name: KANIKO_EXECUTOR
           value: /kaniko/executor
       script: |
+        if [ "$(params.os)" != "linux" ]; then
+          echo "target os is not linux, skip it."
+          exit 0
+        fi
+
         /workspace/build-package-images.sh "$(params.release-dir)" "$(params.tag)" ${KANIKO_EXECUTOR} "$(params.build)"
diff --git a/apps/prod/tekton/configs/triggers/templates/kustomization.yaml b/apps/prod/tekton/configs/triggers/templates/kustomization.yaml
index 3b59d3310..9152d76bc 100644
--- a/apps/prod/tekton/configs/triggers/templates/kustomization.yaml
+++ b/apps/prod/tekton/configs/triggers/templates/kustomization.yaml
@@ -6,10 +6,10 @@ resources:
   - pingcap-qe/artifacts/push-pingcap-qe-artifacts.yaml
   - pingcap-qe/artifacts/tag-create-pingcap-qe-artifacts.yaml
   - pingcap/branch-create-product-components-hotfix.yaml
-  - pingcap/tidb/push.yaml
-  - pingcap/tiflash/push.yaml
-  - pingcap/tiflow/push.yaml
+  # - pingcap/tidb/push.yaml
+  # - pingcap/tiflash/push.yaml
+  # - pingcap/tiflow/push.yaml
   - tikv/pd/push.yaml
-  - tikv/pd/tag-build.yaml
-  - tikv/tikv/push.yaml
+  # - tikv/pd/tag-build.yaml
+  # - tikv/tikv/push.yaml
 
diff --git a/apps/prod/tekton/configs/triggers/templates/tikv/pd/push.yaml b/apps/prod/tekton/configs/triggers/templates/tikv/pd/push.yaml
index 1e51e6425..3b84266a4 100644
--- a/apps/prod/tekton/configs/triggers/templates/tikv/pd/push.yaml
+++ b/apps/prod/tekton/configs/triggers/templates/tikv/pd/push.yaml
@@ -47,6 +47,9 @@ spec:
           - name: dockerconfig
             secret:
               secretName: hub-pingcap-net-ee
+          - name: mac-ssh-credentials
+            secret:
+              secretName: mac-ssh-credentials
           - name: source
             volumeClaimTemplate:
               spec: