diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 54e431f..db937ad 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - run: |
+          docker build notary-builder --tag notary:builder
+          tag="$(docker run --rm notary:builder sh -c 'echo $TAG' | awk '{gsub(/^v/, ""); print}')"
+          docker tag notary:builder "notary:${tag}-builder"
       - run: docker build notary-server --tag notary:server
       - run: docker build notary-signer --tag notary:signer
       - uses: actions/checkout@v3 # clone Notary upstream repo (used for generating necessary certificates to test against)
diff --git a/notary-builder/Dockerfile b/notary-builder/Dockerfile
new file mode 100644
index 0000000..aa202c3
--- /dev/null
+++ b/notary-builder/Dockerfile
@@ -0,0 +1,23 @@
+FROM golang:1.19-alpine3.16
+
+RUN apk add --no-cache git make
+
+ENV NOTARYPKG github.com/theupdateframework/notary
+ENV TAG v0.7.0
+
+ENV GOFLAGS -mod=vendor
+
+WORKDIR /go/src/$NOTARYPKG
+RUN set -eux; \
+	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
+# https://github.com/notaryproject/notary/pull/1635
+	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
+	git -c user.name=foo -c user.email=foo@example.com cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
+# https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
+	go get github.com/dvsekhvalnov/jose2go@v0.0.0-20200901110807-248326c1351b; \
+	go mod vendor; \
+# TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
+	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
+	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
+	/notary-server --version; \
+	/notary-signer --version
\ No newline at end of file
diff --git a/notary-server/Dockerfile b/notary-server/Dockerfile
index 832912f..5c43640 100644
--- a/notary-server/Dockerfile
+++ b/notary-server/Dockerfile
@@ -1,27 +1,3 @@
-FROM golang:1.19-alpine3.16 AS build
-
-RUN apk add --no-cache git make
-
-ENV NOTARYPKG github.com/theupdateframework/notary
-ENV TAG v0.7.0
-
-ENV GOFLAGS -mod=vendor
-
-WORKDIR /go/src/$NOTARYPKG
-RUN set -eux; \
-	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
-# https://github.com/notaryproject/notary/pull/1635
-	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
-	git -c user.name=foo -c user.email=foo@example.com cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
-# https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
-	go get github.com/dvsekhvalnov/jose2go@v0.0.0-20200901110807-248326c1351b; \
-	go mod vendor; \
-# TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
-	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
-	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
-	/notary-server --version; \
-	/notary-signer --version
-
 FROM alpine:3.16
 
 RUN adduser -D -H -g "" notary
@@ -31,7 +7,7 @@ ENV INSTALLDIR /notary/server
 ENV PATH=$PATH:${INSTALLDIR}
 WORKDIR ${INSTALLDIR}
 
-COPY --from=build /notary-server ./
+COPY --from=notary:0.7.0-builder /notary-server ./
 RUN ./notary-server --version
 
 COPY ./server-config.json .
diff --git a/notary-signer/Dockerfile b/notary-signer/Dockerfile
index 15bab3f..a652028 100644
--- a/notary-signer/Dockerfile
+++ b/notary-signer/Dockerfile
@@ -1,27 +1,3 @@
-FROM golang:1.19-alpine3.16 AS build
-
-RUN apk add --no-cache git make
-
-ENV NOTARYPKG github.com/theupdateframework/notary
-ENV TAG v0.7.0
-
-ENV GOFLAGS -mod=vendor
-
-WORKDIR /go/src/$NOTARYPKG
-RUN set -eux; \
-	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
-# https://github.com/notaryproject/notary/pull/1635
-	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
-	git -c user.name=foo -c user.email=foo@example.com cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
-# https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
-	go get github.com/dvsekhvalnov/jose2go@v0.0.0-20200901110807-248326c1351b; \
-	go mod vendor; \
-# TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
-	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
-	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
-	/notary-server --version; \
-	/notary-signer --version
-
 FROM alpine:3.16
 
 RUN adduser -D -H -g "" notary
@@ -32,7 +8,7 @@ ENV INSTALLDIR /notary/signer
 ENV PATH=$PATH:${INSTALLDIR}
 WORKDIR ${INSTALLDIR}
 
-COPY --from=build /notary-signer ./
+COPY --from=notary:0.7.0-builder /notary-signer ./
 RUN ./notary-signer --version
 
 COPY ./signer-config.json .