diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 61540c3..8847eae 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -25,7 +25,19 @@ permissions:
 
 jobs:
   release:
-    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        os: ["ubuntu-22.04", "depot-ubuntu-22.04-arm"]
+        include:
+          - os: ubuntu-22.04
+            arch: linux/amd64
+            sha: cfce811006a27305071b1634ca8fe690392f5dcc205612e7b4e5bde411b7701e
+            arch-suffix: amd64
+          - os: depot-ubuntu-22.04-arm
+            arch: linux/arm64
+            sha: 4b475e7e7eed79708b2707a67d556a5d3c0bdaef0a1f341311d095d1b4b3e271
+            arch-suffix: arm64
+    runs-on: ${{ matrix.os }}
     steps:
       - name: Docker Login
         uses: docker/login-action@v2
@@ -64,15 +76,52 @@ jobs:
           git config --global user.name "Coder CI"
 
       - name: Build Image
-        run: make -j build/image/envbox
+        run: make -j ARCH=${{ matrix.arch }} SYSBOX_SHA=${{ matrix.sha }} build/image/envbox
 
       - name: Tag Image
-        run: docker tag envbox ghcr.io/coder/envbox:${{ github.event.inputs.version }}
+        run: docker tag envbox ghcr.io/coder/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }}
 
+      - name: Push Image
+        run: docker push ghcr.io/coder/envbox:${{ github.event.inputs.version }}-${{ matrix.arch-suffix }}
+  manifest:
+    runs-on: ubuntu-22.04
+    needs: release 
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.commit }}
+      - name: Docker Login
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create Manifest
+        run: |
+          docker manifest create ghcr.io/coder/envbox:${{ github.event.inputs.version }} \
+            --amend ghcr.io/coder/envbox:${{ github.event.inputs.version }}-amd64 \
+            --amend ghcr.io/coder/envbox:${{ github.event.inputs.version }}-arm64
+      - name: Push Manifest
+        run: docker manifest push ghcr.io/coder/envbox:${{ github.event.inputs.version }}
+
+  tag:
+    runs-on: ubuntu-22.04
+    needs: manifest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.commit }}
+      - name: Setup Git
+        run: |
+          git config --global user.email "ci@coder.com"
+          git config --global user.name "Coder CI"
       - name: Tag and Push Commit
         run: |
           git tag -a ${{ github.event.inputs.version }} -m ${{ github.event.inputs.version }}
           git push --tags
 
-      - name: Push Image
-        run: docker push ghcr.io/coder/envbox:${{ github.event.inputs.version }}
+
diff --git a/Makefile b/Makefile
index 67b1f4c..ef18dfb 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,8 @@
 PROJECT_ROOT := $(shell git rev-parse --show-toplevel)
 GO_FILES := $(shell git ls-files '*.go' '*.sum')
 IMAGE_FILES := $(shell find deploy)
+ARCH ?= linux/amd64
+SYSBOX_SHA ?= cfce811006a27305071b1634ca8fe690392f5dcc205612e7b4e5bde411b7701e
 
 .PHONY: clean
 clean:
@@ -15,7 +17,7 @@ build/image/envbox: build/image/envbox/.ctx
 build/image/envbox/.ctx: build/envbox $(IMAGE_FILES)
 	mkdir -p $(@D)
 	cp -r build/envbox deploy/. $(@D)
-	docker build -t envbox $(@D)
+	docker buildx build --build-arg SYSBOX_SHA=$(SYSBOX_SHA) -t envbox --platform $(ARCH) $(@D)
 	touch $@
 
 .PHONY: fmt
diff --git a/deploy/Dockerfile b/deploy/Dockerfile
index 9c14f38..7c13bbb 100644
--- a/deploy/Dockerfile
+++ b/deploy/Dockerfile
@@ -1,5 +1,10 @@
-# Ubuntu 20.04 LTS (Focal Fossa)
-FROM ubuntu:focal
+# Ubuntu 22.04 LTS (Jammy Jellyfish)
+FROM ubuntu:jammy
+
+ARG TARGETARCH
+ARG SYSBOX_SHA="cfce811006a27305071b1634ca8fe690392f5dcc205612e7b4e5bde411b7701e"
+ARG SYSBOX_VERSION="0.6.3"
+ARG SYSBOX_DEB="sysbox-ce_$SYSBOX_VERSION-0.linux_$TARGETARCH.deb"
 
 # Copy configuration files to appropriate locations
 COPY files /
@@ -14,7 +19,7 @@ LABEL \
 ARG DEBIAN_FRONTEND=noninteractive
 # Pin docker to avoid any breaking API changes between the Go client and 
 # the server.
-ARG DOCKER_VERSION="5:24.0.3-1~ubuntu.20.04~focal"
+ARG DOCKER_VERSION="5:24.0.3-1~ubuntu.22.04~jammy"
 #   Ignore other repositories, as some require HTTPS
 RUN apt-get update --quiet --option Dir::Etc::SourceParts="" && \
     apt-get upgrade -y && \
@@ -46,10 +51,10 @@ RUN apt-get update --quiet --option Dir::Etc::SourceParts="" && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-RUN wget https://downloads.nestybox.com/sysbox/releases/v0.6.3/sysbox-ce_0.6.3-0.linux_amd64.deb && \
-  echo "cfce811006a27305071b1634ca8fe690392f5dcc205612e7b4e5bde411b7701e sysbox-ce_0.6.3-0.linux_amd64.deb" | sha256sum --check --status && \
-  apt install -y ./sysbox-ce_0.6.3-0.linux_amd64.deb && \
-  rm ./sysbox-ce_0.6.3-0.linux_amd64.deb && \
+RUN wget https://downloads.nestybox.com/sysbox/releases/v$SYSBOX_VERSION/$SYSBOX_DEB && \
+  echo "$SYSBOX_SHA $SYSBOX_DEB" | sha256sum --check --status && \
+  apt install -y "./$SYSBOX_DEB" && \
+  rm "./$SYSBOX_DEB" && \
   userdel -r sysbox
 
 # This is jank but sysbox adds their own /etc/docker/daemon.json that overwrites ours when it gets installed,
diff --git a/deploy/files/etc/apt/sources.list.d/docker.list b/deploy/files/etc/apt/sources.list.d/docker.list
index 256f965..f00cada 100644
--- a/deploy/files/etc/apt/sources.list.d/docker.list
+++ b/deploy/files/etc/apt/sources.list.d/docker.list
@@ -1 +1 @@
-deb [signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu focal stable
+deb [signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu jammy stable