diff --git a/.github/workflows/build-docker-images.yml b/.github/workflows/build-docker-images.yml
index 8811d445..362ba538 100644
--- a/.github/workflows/build-docker-images.yml
+++ b/.github/workflows/build-docker-images.yml
@@ -77,14 +77,19 @@ jobs:
         run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} || true
         if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
       - name: Build image
-        run: docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} ${{ matrix.IMAGE.DOCKERFILE_PATH }} ${{ matrix.IMAGE.BUILD_ARGS }} --build-arg "NODE_ARCH_RELEASE=${NODE_ARCH_RELEASE}"
+        run: |
+          docker build --pull --cache-from ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} \
+              -t ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} \
+              --metadata-file metadata.json
+              ${{ matrix.IMAGE.DOCKERFILE_PATH }} \
+              ${{ matrix.IMAGE.BUILD_ARGS }} --build-arg "NODE_ARCH_RELEASE=${NODE_ARCH_RELEASE}"
       - name: Get image digest
         id: image-digest
         run: |
-            DIGEST=$(docker inspect --format="{{ .Id }}" "ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}")
-            echo "DIGEST=${DIGEST}" | tee -a "$GITHUB_OUTPUT"
-            IMAGE_NAME=$(echo "${{ matrix.IMAGE.TAG_NAME }}" | cut -d ':' -f 1)
-            echo "IMAGE_NAME=${IMAGE_NAME}" | tee -a "$GITHUB_OUTPUT"
+          DIGEST=$(jq -r '.["containerimage.digest"]' metadata.json)
+          echo "DIGEST=${DIGEST}" | tee -a "$GITHUB_OUTPUT"
+          IMAGE_NAME=$(echo "${{ matrix.IMAGE.TAG_NAME }}" | cut -d ':' -f 1)
+          echo "IMAGE_NAME=${IMAGE_NAME}" | tee -a "$GITHUB_OUTPUT"
       - name: Login to docker
         run: 'docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" ghcr.io'
         env: