diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
index 74b57cc5..c27a5985 100644
--- a/.github/workflows/actions.yml
+++ b/.github/workflows/actions.yml
@@ -1,11 +1,7 @@
 name: Actions
 
-on:
-  pull_request:
-    paths:
-      - .devcontainer/devcontainer.json
-      - .github/workflows/**
-      - justfile
+on: workflow_dispatch
+
 
 permissions:
   contents: read
diff --git a/.github/workflows/cni-plugin-integration.yml b/.github/workflows/cni-plugin-integration.yml
index 0256c591..b38eecb0 100644
--- a/.github/workflows/cni-plugin-integration.yml
+++ b/.github/workflows/cni-plugin-integration.yml
@@ -1,15 +1,7 @@
 name: cni-plugin-integration
 
-on:
-  workflow_dispatch:
-  pull_request:
-    paths:
-      - Dockerfile-cni-plugin
-      - cni-plugin/integration/flannel/Dockerfile-tester
-      - cni-plugin/integration/run.sh
-      - cni-plugin/**
-      - cni-repair-controller/**
-      - justfile*
+on: workflow_dispatch
+
 
 jobs:
   cni-flannel-test:
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 86029a59..6c7cc043 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -1,12 +1,7 @@
 name: Go
 
-on:
-  pull_request:
-    paths:
-      - .github/workflows/go.yml
-      - '**/*.go'
-      - go.sum
-      - justfile
+on: workflow_dispatch
+
 
 permissions:
   contents: read
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index d67b7d6a..7d0f184f 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -1,14 +1,7 @@
 name: Integration tests
 
-on:
-  pull_request:
-    paths:
-      - .github/workflows/integration.yml
-      - Dockerfile
-      - go.mod
-      - go.sum
-      - justfile
-      - proxy-init/**
+on: workflow_dispatch
+
 
 jobs:
   proxy-init-integration:
diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml
index 4b86851a..2df64371 100644
--- a/.github/workflows/markdown.yml
+++ b/.github/workflows/markdown.yml
@@ -3,11 +3,8 @@ name: Markdown
 permissions:
   contents: read
 
-on:
-  pull_request:
-    paths:
-      - '**/*.md'
-      - .github/workflows/markdown.yml
+on: workflow_dispatch
+
 
 jobs:
   md-lint:
diff --git a/.github/workflows/release-cni-plugin.yml b/.github/workflows/release-cni-plugin.yml
index eee5aaf5..43a4c470 100644
--- a/.github/workflows/release-cni-plugin.yml
+++ b/.github/workflows/release-cni-plugin.yml
@@ -1,11 +1,7 @@
 name: cni-plugin release
 
-on:
-  pull_request:
-    paths:
-      - .github/workflows/release-cni-plugin.yml
-  push:
-    tags: ["cni-plugin/v*"]
+on: workflow_dispatch
+
 
 permissions:
   contents: read
diff --git a/.github/workflows/release-cni-win.yml b/.github/workflows/release-cni-win.yml
new file mode 100644
index 00000000..384da8f0
--- /dev/null
+++ b/.github/workflows/release-cni-win.yml
@@ -0,0 +1,36 @@
+name: cni-win release
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/release-cni-win.yml
+
+permissions:
+  contents: read
+
+jobs:
+  meta:
+    timeout-minutes: 3
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - id: meta
+        uses: ./.github/actions/version-mode
+        with:
+          package: cni-win
+    outputs:
+      repo: ${{ steps.meta.outputs.repo }}
+      mode: ${{ steps.meta.outputs.mode }}
+      version: ${{ steps.meta.outputs.version }}
+
+  docker-publish:
+    needs: meta
+    runs-on: windows-latest
+    timeout-minutes: 25
+    permissions:
+      id-token: write # needed for signing the images with GitHub OIDC token
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - run: |
+          docker build -f Dockerfile-cni-plugin-win . --platform windows/amd64
+
diff --git a/.github/workflows/release-proxy-init.yml b/.github/workflows/release-proxy-init.yml
index 89ac5170..76bdda4e 100644
--- a/.github/workflows/release-proxy-init.yml
+++ b/.github/workflows/release-proxy-init.yml
@@ -1,11 +1,7 @@
 name: Proxy-init release
 
-on:
-  pull_request:
-    paths:
-      - .github/workflows/release-proxy-init.yml
-  push:
-    tags: ["proxy-init/v*"]
+on: workflow_dispatch
+
 
 permissions:
   contents: read
diff --git a/.github/workflows/release-validator.yml b/.github/workflows/release-validator.yml
index 1b363915..16677e60 100644
--- a/.github/workflows/release-validator.yml
+++ b/.github/workflows/release-validator.yml
@@ -1,11 +1,7 @@
 name: Validator release
 
-on:
-  pull_request:
-    paths:
-      - .github/workflows/release-validator.yml
-  push:
-    tags: ["validator/v*"]
+on: workflow_dispatch
+
 
 permissions:
   contents: read
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index e150cd59..1e8acae2 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -1,14 +1,7 @@
 name: Rust
 
-on:
-  pull_request:
-    paths:
-      - .github/workflows/rust.yml
-      - '**/*.rs'
-      - '**/Cargo.toml'
-      - Cargo.lock
-      - deny.toml
-      - justfile
+on: workflow_dispatch
+
 
 jobs:
   check:
diff --git a/.github/workflows/shell.yml b/.github/workflows/shell.yml
index bf8f64d6..9fc7a30e 100644
--- a/.github/workflows/shell.yml
+++ b/.github/workflows/shell.yml
@@ -3,12 +3,7 @@ name: Shell
 permissions:
   contents: read
 
-on:
-  pull_request:
-    paths:
-      - '**/*.sh'
-      - .github/workflows/shellcheck.yml
-      - justfile
+on: workflow_dispatch
 
 jobs:
   sh-lint:
diff --git a/Dockerfile-cni-plugin-win b/Dockerfile-cni-plugin-win
new file mode 100644
index 00000000..6e02db56
--- /dev/null
+++ b/Dockerfile-cni-plugin-win
@@ -0,0 +1,14 @@
+# syntax=docker/dockerfile:1.4
+ARG ARCH
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS go
+WORKDIR /build
+COPY --link go.mod go.sum ./
+COPY --link ./cni-win ./cni-win
+RUN go mod download
+ARG TARGETARCH
+RUN CGO_ENABLED=0 GOOS=windows GOARCH=$TARGETARCH GO111MODULE=on \
+    go build -o /go/bin/cni-win -mod=readonly -ldflags "-s -w" -v ./cni-win/
+
+FROM mcr.microsoft.com/windows/nanoserver:ltsc2022
+COPY --from=go /go/bin/cni-win /go/bin/cni-win
+ENTRYPOINT [ "/go/bin/win-cni" ]
diff --git a/cni-win/main.go b/cni-win/main.go
new file mode 100644
index 00000000..faf124d5
--- /dev/null
+++ b/cni-win/main.go
@@ -0,0 +1,52 @@
+// Copyright 2017 CNI authors
+// Modifications copyright (c) Linkerd authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// This file was inspired by:
+// 1) https://github.com/istio/cni/blob/c63a509539b5ed165a6617548c31b686f13c2133/cmd/istio-cni/main.go
+
+package main
+
+import (
+	"os"
+
+	"github.com/containernetworking/cni/pkg/skel"
+	"github.com/containernetworking/cni/pkg/version"
+
+	"github.com/sirupsen/logrus"
+)
+
+func main() {
+	// Must log to Stderr because the CNI runtime uses Stdout as its state
+	logrus.SetOutput(os.Stderr)
+	skel.PluginMain(cmdAdd, cmdCheck, cmdDel, version.All, "")
+}
+
+// cmdAdd is called by the CNI runtime for ADD requests
+func cmdAdd(args *skel.CmdArgs) error {
+	logrus.Infof("Got an add for container: %s", args.ContainerID)
+
+	return nil
+}
+
+func cmdCheck(_ *skel.CmdArgs) error {
+	logrus.Info("linkerd-cni: check called but not implemented")
+	return nil
+}
+
+// cmdDel is called for DELETE requests
+func cmdDel(_ *skel.CmdArgs) error {
+	logrus.Info("linkerd-cni: delete called but not implemented")
+	return nil
+}