diff --git a/.github/workflows/docker-main.yaml b/.github/workflows/docker-main.yaml
index 9188779d..e4e66b0f 100644
--- a/.github/workflows/docker-main.yaml
+++ b/.github/workflows/docker-main.yaml
@@ -37,13 +37,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build
-        run: |
-          TARGET=linux-amd64 scripts/get-envoy.bash
-          TARGET=linux-arm64 scripts/get-envoy.bash
-          make pomerium-ui generate fmt vet
-          mkdir -p bin-amd64 bin-arm64
-          GOARCH=amd64 go build -tags embed_pomerium -o bin-amd64/manager main.go
-          GOARCH=arm64 go build -tags embed_pomerium -o bin-arm64/manager main.go
+        run: make build-ci
 
       - name: Docker Publish - Main
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
diff --git a/.github/workflows/docker-version-branches.yaml b/.github/workflows/docker-version-branches.yaml
index fbd0f2ee..9b3c127b 100644
--- a/.github/workflows/docker-version-branches.yaml
+++ b/.github/workflows/docker-version-branches.yaml
@@ -40,13 +40,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build
-        run: |
-          TARGET=linux-amd64 scripts/get-envoy.bash
-          TARGET=linux-arm64 scripts/get-envoy.bash
-          make pomerium-ui generate fmt vet
-          mkdir -p bin-amd64 bin-arm64
-          GOARCH=amd64 go build -tags embed_pomerium -o bin-amd64/manager main.go
-          GOARCH=arm64 go build -tags embed_pomerium -o bin-arm64/manager main.go
+        run: make build-ci
 
       - name: Docker Publish - Version Branches
         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
diff --git a/Dockerfile.ci b/Dockerfile.ci
index 49531c17..f0b3b928 100644
--- a/Dockerfile.ci
+++ b/Dockerfile.ci
@@ -2,7 +2,7 @@
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/base-debian12:debug-nonroot@sha256:8548e3041a2cc583998c6a6beabf13ae93e6b006a5f6a6194966b4327ea741f5
 ARG TARGETARCH
-COPY bin-$TARGETARCH/manager /manager
+COPY bin/manager-linux-$TARGETARCH /manager
 USER 65532:65532
 
 ENTRYPOINT ["/manager"]
diff --git a/Makefile b/Makefile
index d104b917..0c4369fa 100644
--- a/Makefile
+++ b/Makefile
@@ -23,6 +23,11 @@ endif
 # the embedded resources would be supplied externally
 GOTAGS = -tags embed_pomerium
 
+GOLDFLAGS = -X github.com/pomerium/pomerium/internal/version.Version=$(shell go list -f {{.Module.Version}} github.com/pomerium/pomerium) \
+	-X github.com/pomerium/pomerium/internal/version.BuildMeta=$(shell date -u +"%Y-%m-%dT%H:%M:%SZ") \
+	-X github.com/pomerium/pomerium/internal/version.ProjectName=pomerium-ingress-controller \
+	-X github.com/pomerium/pomerium/internal/version.ProjectURL=https://www.pomerium.io
+
 # Setting SHELL to bash allows bash commands to be executed by recipes.
 # This is a requirement for 'setup-envtest.sh' in the test target.
 # Options are set to exit when a recipe line exits non-zero or a piped command fails.
@@ -90,11 +95,24 @@ lint: envoy pomerium-ui
 build: pomerium-ui build-go ## Build manager binary.
 	@echo "==> $@"
 
+
+# called from github actions to build multi-arch images outside of docker
+.PHONY: build-ci
+build-ci: envoy-ci pomerium-ui generate fmt vet
+	@GOOS=linux GOARCH=amd64 go build $(GOTAGS) --ldflags="$(GOLDFLAGS)" -o bin/manager-linux-amd64 main.go
+	@GOOS=linux GOARCH=arm64 go build $(GOTAGS) --ldflags="$(GOLDFLAGS)" -o bin/manager-linux-arm64 main.go
+
 ##@ Build
 .PHONY: build-go
 build-go: envoy generate fmt vet
 	@echo "==> $@"
-	@go build $(GOTAGS) -o bin/manager main.go
+	go build $(GOTAGS) --ldflags="$(GOVERSIONFLAGS)" -o bin/manager main.go
+
+.PHONY: envoy-ci
+envoy-ci:
+	@echo "==> $@"
+	@TARGET=linux-amd64 scripts/get-envoy.bash
+	@TARGET=linux-arm64 scripts/get-envoy.bash
 
 .PHONY: envoy
 envoy: