diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 89970feb..029dc5ad 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,15 +1,5 @@
 name: CI
 on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
   workflow_dispatch:
 env:
   GO_VERSION: '1.23.0'
diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml
index 2b97d22e..b7862b49 100644
--- a/.github/workflows/release-automation.yaml
+++ b/.github/workflows/release-automation.yaml
@@ -22,7 +22,9 @@ jobs:
         uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0
   generate-artifacts:
     needs: get-latest-tag
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
+    container:
+      image: public.ecr.aws/ubuntu/ubuntu:20.04
     env:
       # Set during setup.
       RELEASE_TAG: ${{ needs.get-latest-tag.outputs.tag }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
new file mode 100644
index 00000000..863a2623
--- /dev/null
+++ b/.github/workflows/test.yaml
@@ -0,0 +1,124 @@
+name: Release Finch Daemon
+on:
+    push:
+      branches:
+        - main
+      paths-ignore:
+        - '**.md'
+    pull_request:
+      branches:
+        - main
+      paths-ignore:
+        - '**.md'
+    workflow_dispatch:
+env:
+  GO_VERSION: '1.22.7'
+permissions:
+  contents: write
+  deployments: write
+jobs:
+  get-latest-tag:
+    name: Get the latest release tag
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.latest-tag.outputs.tag }}
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-depth: 0
+      - name: 'Get the latest tag'
+        id: latest-tag
+        uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0
+  generate-artifacts:
+    needs: get-latest-tag
+    runs-on: ubuntu-22.04
+    container:
+      image: public.ecr.aws/ubuntu/ubuntu:20.04
+    env:
+      # Set during setup.
+      RELEASE_TAG: ${{ needs.get-latest-tag.outputs.tag }}
+      DYNAMIC_BINARY_NAME: ''
+      STATIC_BINARY_NAME: ''
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          fetch-tags: true
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+      - name: Install Dependencies
+        run: ./install-build-deps.sh
+      - name: 'Echo RELEASE_TAG ENV'
+        run: echo ${{ env.RELEASE_TAG }}
+      - name: Setup variables and release directories
+        run: |
+          export release_tag=${{ env.RELEASE_TAG }}
+          export release_version=${release_tag/v/} # Remove v from tag name
+          echo "DYNAMIC_BINARY_NAME=finch-daemon-${release_version}-linux-amd64.tar.gz" >> $GITHUB_ENV
+          echo "STATIC_BINARY_NAME=finch-daemon-${release_version}-linux-amd64-static.tar.gz" >> $GITHUB_ENV
+
+          mkdir release
+      - name: Install Go licenses
+        run: go install github.com/google/go-licenses@latest
+      - name: Create Third Party Licences File
+        run: make licenses
+      - name: setup static dependecies
+        run: |
+          apt-get -y update
+          apt-get -y install libc6-dev -f
+      - name: Create release binaries
+        run: make RELEASE_TAG=${{ env.RELEASE_TAG }} release
+      - name: Verify Release version
+        run: |
+          mkdir -p output/static output/dynamic
+          tar -xzf release/${{ env.DYNAMIC_BINARY_NAME }} -C ./output/dynamic
+          tar -xzf release/${{ env.STATIC_BINARY_NAME }} -C ./output/static
+          DYNAMIC_BINARY_VERSION=$(./output/dynamic/finch-daemon --version | grep -oP '\d+\.\d+\.\d+')
+          STATIC_BINARY_VERSION=$(./output/static/finch-daemon --version | grep -oP '\d+\.\d+\.\d+')
+          export release_tag=${{ env.RELEASE_TAG }}
+          export release_version=${release_tag/v/}
+          if ["$STATIC_BINARY_VERSION" != "$release_version"] || ["$DYNAMIC_BINARY_VERSION" != "$release_version"]; then
+            echo "Version mismatch"
+            exit 1
+          fi
+        shell: bash
+      - uses: actions/upload-artifact@v4
+        with:
+          name: artifacts
+          path: release/
+          if-no-files-found: error
+    outputs:
+      release_tag: ${{ env.RELEASE_TAG }}
+      dynamic_binary_name: ${{ env.DYNAMIC_BINARY_NAME }}
+      static_binary_name: ${{ env.STATIC_BINARY_NAME }}
+  validate-artifacts:
+    needs: generate-artifacts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: artifacts
+          path: release/
+      - run: bash scripts/verify-release-artifacts.sh ${{ needs.generate-artifacts.outputs.release_tag }}
+#   create-release:
+#     needs: [generate-artifacts, validate-artifacts]
+#     runs-on: ubuntu-latest
+#     steps:
+#       - uses: actions/checkout@v4
+#       - uses: actions/download-artifact@v4
+#         with:
+#           name: artifacts
+#       - uses: softprops/action-gh-release@v2
+#         with:
+#           tag_name: ${{ needs.generate-artifacts.outputs.release_tag }}
+#           prerelease: false
+#           generate_release_notes: false
+#           files: |
+#             ${{ needs.generate-artifacts.outputs.dynamic_binary_name }}
+#             ${{ needs.generate-artifacts.outputs.dynamic_binary_name }}.sha256sum
+#             ${{ needs.generate-artifacts.outputs.static_binary_name }}
+#             ${{ needs.generate-artifacts.outputs.static_binary_name }}.sha256sum
+
+
diff --git a/install-build-deps.sh b/install-build-deps.sh
new file mode 100755
index 00000000..e489c320
--- /dev/null
+++ b/install-build-deps.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+#   Copyright The Soci Snapshotter Authors.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+# A script to install the build dependencies needed to build SOCI in a
+# Ubuntu 20.04 container.
+#
+# Usage: bash install-build-dependencies.sh
+
+apt -y update && apt install -y make \
+    gcc \
+    linux-libc-dev \
+    libseccomp-dev \
+    pkg-config \
+    git
\ No newline at end of file
diff --git a/release-please-config.json b/release-please-config.json
index 433bfdbc..1155a64c 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -2,7 +2,6 @@
     "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
     "release-type": "go",
     "bump-minor-pre-major": true,
-    "bump-patch-for-minor-pre-major": true,
     "changelog-sections": [
         {
             "type": "build",