diff --git a/.gitea/workflows/publish.yaml b/.gitea/workflows/publish.yaml
index b57fde3..71bf753 100644
--- a/.gitea/workflows/publish.yaml
+++ b/.gitea/workflows/publish.yaml
@@ -52,6 +52,9 @@ jobs:
           tar xzf /tmp/apko.tar.gz --strip-components=1 -C /usr/local/bin
           rm /tmp/apko.tar.gz
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -110,20 +113,29 @@ jobs:
           echo "version_tag=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
           echo "Next version tag: ${VERSION_TAG}"
 
-      - name: Build apko image tarball
+      - name: Build per-arch apko tarballs
         run: |
-          apko build ${{ matrix.config }} \
+          mkdir -p /tmp/build-amd64 /tmp/build-arm64
+          apko build --arch x86_64 ${{ matrix.config }} \
             ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-${{ steps.tag.outputs.suffix }} \
-            /tmp/image.tar
-          echo 'FROM scratch' > /tmp/Dockerfile
-          echo 'ADD image.tar /' >> /tmp/Dockerfile
-          echo 'USER 65532' >> /tmp/Dockerfile
+            /tmp/build-amd64/image.tar
+          apko build --arch aarch64 ${{ matrix.config }} \
+            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-${{ steps.tag.outputs.suffix }} \
+            /tmp/build-arm64/image.tar
+          cat > /tmp/Dockerfile <<'EOF'
+          FROM scratch
+          ARG TARGETARCH
+          ADD build-${TARGETARCH}/image.tar /
+          USER 65532
+          EOF
+          sed -i 's/^          //' /tmp/Dockerfile
 
       - name: Build and push with buildx (SBOM + provenance)
         uses: docker/build-push-action@v5
         with:
           context: /tmp
           file: /tmp/Dockerfile
+          platforms: linux/amd64,linux/arm64
           push: true
           sbom: true
           provenance: mode=max
diff --git a/.gitea/workflows/rebuild.yaml b/.gitea/workflows/rebuild.yaml
index ec4ae67..06ad821 100644
--- a/.gitea/workflows/rebuild.yaml
+++ b/.gitea/workflows/rebuild.yaml
@@ -44,6 +44,9 @@ jobs:
           tar xzf /tmp/apko.tar.gz --strip-components=1 -C /usr/local/bin
           rm /tmp/apko.tar.gz
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -102,20 +105,29 @@ jobs:
           echo "version_tag=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
           echo "Next version tag: ${VERSION_TAG}"
 
-      - name: Build apko image tarball
+      - name: Build per-arch apko tarballs
         run: |
-          apko build ${{ matrix.config }} \
+          mkdir -p /tmp/build-amd64 /tmp/build-arm64
+          apko build --arch x86_64 ${{ matrix.config }} \
             ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
-            /tmp/image.tar
-          echo 'FROM scratch' > /tmp/Dockerfile
-          echo 'ADD image.tar /' >> /tmp/Dockerfile
-          echo 'USER 65532' >> /tmp/Dockerfile
+            /tmp/build-amd64/image.tar
+          apko build --arch aarch64 ${{ matrix.config }} \
+            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
+            /tmp/build-arm64/image.tar
+          cat > /tmp/Dockerfile <<'EOF'
+          FROM scratch
+          ARG TARGETARCH
+          ADD build-${TARGETARCH}/image.tar /
+          USER 65532
+          EOF
+          sed -i 's/^          //' /tmp/Dockerfile
 
       - name: Build and push with buildx (SBOM + provenance)
         uses: docker/build-push-action@v5
         with:
           context: /tmp
           file: /tmp/Dockerfile
+          platforms: linux/amd64,linux/arm64
           push: true
           sbom: true
           provenance: mode=max
diff --git a/.gitea/workflows/update-check.yaml b/.gitea/workflows/update-check.yaml
index aa319c2..8f6adb7 100644
--- a/.gitea/workflows/update-check.yaml
+++ b/.gitea/workflows/update-check.yaml
@@ -133,6 +133,9 @@ jobs:
           tar xzf /tmp/apko.tar.gz --strip-components=1 -C /usr/local/bin
           rm /tmp/apko.tar.gz
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -191,20 +194,29 @@ jobs:
           echo "version_tag=${VERSION_TAG}" >> "$GITHUB_OUTPUT"
           echo "Next version tag: ${VERSION_TAG}"
 
-      - name: Build apko image tarball
+      - name: Build per-arch apko tarballs
         run: |
-          apko build ${{ matrix.config }} \
+          mkdir -p /tmp/build-amd64 /tmp/build-arm64
+          apko build --arch x86_64 ${{ matrix.config }} \
             ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
-            /tmp/image.tar
-          echo 'FROM scratch' > /tmp/Dockerfile
-          echo 'ADD image.tar /' >> /tmp/Dockerfile
-          echo 'USER 65532' >> /tmp/Dockerfile
+            /tmp/build-amd64/image.tar
+          apko build --arch aarch64 ${{ matrix.config }} \
+            ${{ secrets.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ matrix.variant }}-latest \
+            /tmp/build-arm64/image.tar
+          cat > /tmp/Dockerfile <<'EOF'
+          FROM scratch
+          ARG TARGETARCH
+          ADD build-${TARGETARCH}/image.tar /
+          USER 65532
+          EOF
+          sed -i 's/^          //' /tmp/Dockerfile
 
       - name: Build and push with buildx (SBOM + provenance)
         uses: docker/build-push-action@v5
         with:
           context: /tmp
           file: /tmp/Dockerfile
+          platforms: linux/amd64,linux/arm64
           push: true
           sbom: true
           provenance: mode=max