diff --git a/.github/workflows/libcxx-build-containers.yml b/.github/workflows/libcxx-build-containers.yml
index 4bce86145fc0c..530e94df976c1 100644
--- a/.github/workflows/libcxx-build-containers.yml
+++ b/.github/workflows/libcxx-build-containers.yml
@@ -15,11 +15,11 @@ on:
     branches:
       - main
     paths:
-      - 'libcxx/utils/ci/**'
+      - 'libcxx/utils/ci/docker/**'
       - '.github/workflows/libcxx-build-containers.yml'
   pull_request:
     paths:
-      - 'libcxx/utils/ci/**'
+      - 'libcxx/utils/ci/docker/**'
       - '.github/workflows/libcxx-build-containers.yml'
 
 jobs:
@@ -40,17 +40,18 @@ jobs:
         echo '{ "data-root": "/mnt/docker" }' | sudo tee /etc/docker/daemon.json
         sudo systemctl restart docker
 
-    - name: Build the Linux builder image
-      working-directory: libcxx/utils/ci
-      run: |
-        docker compose build builder-base
-        docker compose build actions-builder
+    - name: Build the base image
+      run: docker compose --file libcxx/utils/ci/docker/docker-compose.yml build libcxx-linux-builder-base
+      env:
+        TAG: ${{ github.sha }}
+
+    - name: Build the Linux Github Actions image
+      run: docker compose --file libcxx/utils/ci/docker/docker-compose.yml build libcxx-linux-builder
       env:
         TAG: ${{ github.sha }}
 
     - name: Build the Android builder image
-      working-directory: libcxx/utils/ci
-      run: docker compose build android-buildkite-builder
+      run: docker compose --file libcxx/utils/ci/docker/docker-compose.yml build libcxx-android-builder
       env:
         TAG: ${{ github.sha }}
 
@@ -61,19 +62,21 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Push the Linux builder image
+    - name: Push the images
       if: github.event_name == 'push'
-      working-directory: libcxx/utils/ci
-      run: |
-        docker compose push builder-base
-        docker compose push actions-builder
-      env:
-        TAG: ${{ github.sha }}
+      run: docker compose push libcxx-linux-builder-base libcxx-linux-builder libcxx-android-builder
 
-    - name: Push the Android builder image
-      if: github.event_name == 'push'
-      working-directory: libcxx/utils/ci
+    # We create tarballs with the images and upload them as artifacts, since that's useful for testing
+    # the images when making changes.
+    - name: Create image tarballs
       run: |
-        docker compose push android-buildkite-builder
-      env:
-        TAG: ${{ github.sha }}
+        docker image save ghcr.io/llvm/libcxx-linux-builder-base:${{ github.sha }} | gzip > libcxx-linux-builder-base.tar.gz
+        docker image save ghcr.io/llvm/libcxx-linux-builder:${{ github.sha }} | gzip > libcxx-linux-builder.tar.gz
+        docker image save ghcr.io/llvm/libcxx-android-builder:${{ github.sha }} | gzip > libcxx-android-builder.tar.gz
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      with:
+          name: libcxx-docker-images
+          path: |
+            libcxx-linux-builder-base.tar.gz
+            libcxx-linux-builder.tar.gz
+            libcxx-android-builder.tar.gz
diff --git a/libcxx/docs/Contributing.rst b/libcxx/docs/Contributing.rst
index 4e9d1ba52b47e..b814ccfd0ac9a 100644
--- a/libcxx/docs/Contributing.rst
+++ b/libcxx/docs/Contributing.rst
@@ -269,12 +269,12 @@ Updating the CI testing container images
 ----------------------------------------
 
 The libcxx linux premerge testing can run on one of three sets of runner
-groups. The three runner group names are "llvm-premerge-libcxx-runners",
-"llvm-premerge-libcxx-release-runners" and "llvm-premerge-libcxx-next-runners".
-Which runner set to use is controlled by the contents of
+groups. The three runner group names are ``llvm-premerge-libcxx-runners``,
+``llvm-premerge-libcxx-release-runners`` and ``llvm-premerge-libcxx-next-runners``.
+The runner set to use is controlled by the contents of
 https://github.com/llvm/llvm-project/blob/main/.github/workflows/libcxx-build-and-test.yaml.
-By default, it uses "llvm-premerge-libcxx-runners". To switch to one of the
-other runner sets, just replace all uses of "llvm-premerge-libcxx-runners" in
+By default, it uses ``llvm-premerge-libcxx-runners``. To switch to one of the
+other runner sets, just replace all uses of ``llvm-premerge-libcxx-runners`` in
 the yaml file with the desired runner set.
 
 Which container image is used by these three runner sets is controlled
@@ -282,7 +282,7 @@ and set by the variable values in
 https://github.com/llvm/llvm-zorg/blob/main/premerge/premerge_resources/variables.tf.
 The table below shows the variable names and
 the runner sets to which they correspond. To see their values, follow the
-link above (to variables.tf in llvm-zorg).
+link above (to ``variables.tf`` in llvm-zorg).
 
 +------------------------------------+---------------------------+
 |Runner Set                          |Variable                   |
@@ -295,39 +295,21 @@ link above (to variables.tf in llvm-zorg).
 +------------------------------------+---------------------------+
 
 
-When updating the container image you can either update just the
-runner binary (the part the connects to Github), or you can update
-everything (tools, etc.). Whether to update just the runner or to update
-everything is controlled by the value of ``ACTIONS_BASE_IMAGE``, under
-``actions-builder`` in ``libcxx/utils/ci/docker-compose.yml``.
-
-To update just the runner binary, change the value of ``ACTIONS_BASE_IMAGE``
-to be a modified version of one of the libcxx runner variable images from
-https://github.com/llvm/llvm-zorg/blob/main/premerge/premerge_resources/variables.tf,
-as follows: Find the libcxx runner image name you want to use from the
-variables.tf file. The name will be something like
-``ghcr.io/llvm/libcxx-linux-builder:<some-commit-SHA>``. Replace
-``libcxx-linux-builder`` with ``libcxx-linux-builder-base``. Use this new image
-name as the value you assign to ``ACTIONS_BASE_IMAGE``.
-
-To update the entire container image, set the value of ``ACTIONS_BASE_IMAGE``
-to ``builder-base``. If the value is already ``builder-base`` (there
-have been no just-the-runner updates since the last complete update), then you
-need to find the line containing ``RUN echo "Last forced update executed on``
-in ``libcxx/utils/ci/Dockerfile`` and update the date to be the current date.
-
-Once you have created and merged a PR with those changes, a new image
-will be created, and a link to it can be found at
-https://github.com/llvm/llvm-project/pkgs/container/libcxx-linux-builder,
-where the actual image name should be
-``ghcr.io/llvm/libcxx-linux-builder:<SHA-of-committed-change-from-PR>``.
-
-Lastly you need to create a PR in the llvm-zorg repository,
-updating the the value of the appropriate libcxx runner variable in
-the variables.tf file mentioned above to the name of your newly created
-image (see above paragraph about finding the image name). Once that change
-has been merged, an LLVM premerge maintainer (a Google employee) must use
-terraform to apply the change to the running GKE cluster.
+When updating the container image you can either update just the runner binary (the part
+that connects to Github), or you can update everything (tools, etc.). To update the runner
+binary, bump the value of ``GITHUB_RUNNER_VERSION`` in ``libcxx/utils/ci/docker/docker-compose.yml``.
+To update all of the tools, bump ``BASE_IMAGE_VERSION`` to a newer version of the ``libcxx-linux-builder-base``
+image. You can see all versions of that image at https://github.com/llvm/llvm-project/pkgs/container/libcxx-linux-builder-base.
+
+On push to ``main``, a new version of both the ``libcxx-linux-builder`` and the ``libcxx-android-builder``
+images will be built and pushed to https://github.com/llvm/llvm-project/packages.
+
+You can then update the image used by the actual runners by changing the sha associated
+to ``libcxx_runner_image``, ``libcxx_release_runner_image`` or ``libcxx_next_runner_image``
+in `the Terraform configuration file <https://github.com/llvm/llvm-zorg/blob/main/premerge/premerge_resources/variables.tf>`_.
+To do so, you will need to create a PR in the llvm-zorg repository and wait for it to be
+merged. Once that change has been merged, an LLVM premerge maintainer (a Google employee)
+must use terraform to apply the change to the running GKE cluster.
 
 
 Monitoring premerge testing performance
diff --git a/libcxx/utils/ci/Dockerfile b/libcxx/utils/ci/Dockerfile
deleted file mode 100644
index d22deec4dadab..0000000000000
--- a/libcxx/utils/ci/Dockerfile
+++ /dev/null
@@ -1,329 +0,0 @@
-# ===----------------------------------------------------------------------===##
-#
-# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
-# See https://llvm.org/LICENSE.txt for license information.
-# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
-#
-# ===----------------------------------------------------------------------===##
-#
-# This file defines the buildkite and github actions builder images.
-# This images are tagged with <tag>. You can build both images using:
-#
-#   TAG=<tag> docker compose build
-#
-# Or you can select a single image to build
-#
-#  TAG=test docker compose build actions-builder
-#
-# The final images can be found at
-#
-#  ghcr.io/libcxx/libcxx-linux-builder
-#  ghcr.io/libcxx/android-buildkite-builder
-#
-# Members of the github.com/libcxx/ organizations can push new images to the CI.
-# This is done by GitHub actions in the https://github.com/libcxx/builders repo.
-#
-# ===----------------------------------------------------------------------===##
-#                     Running the buildkite image
-# ===----------------------------------------------------------------------===##
-#
-# To start a Buildkite Agent, run it as:
-#   $ docker run --env-file <secrets> -it $(docker build -q libcxx/utils/ci)
-#
-# The environment variables in `<secrets>` should be the ones necessary
-# to run a BuildKite agent:
-#
-#   BUILDKITE_AGENT_TOKEN=<token>
-#
-# If you're only looking to run the Docker image locally for debugging a
-# build bot, see the `run-buildbot-container` script located in this directory.
-
-ARG ACTIONS_BASE_IMAGE
-
-# HACK: We set the base image in the docker-compose file depending on the final target (buildkite vs github actions).
-# This means we have a much slower container build, but we can use the same Dockerfile for both targets.
-ARG BASE_IMAGE
-FROM $BASE_IMAGE AS builder-base
-
-# Changing this file causes a rebuild of the image in a GitHub action.
-# However, it does not cause the CI runners to switch to that image
-# automatically, that must be done by updating the SHA in the Github workflow
-# file. The date uses the ISO format YYYY-MM-DD.
-RUN echo "Last forced update executed on 2025-04-28."
-
-# Make sure apt-get doesn't try to prompt for stuff like our time zone, etc.
-ENV DEBIAN_FRONTEND=noninteractive
-
-# populated in the docker-compose file
-ARG GCC_HEAD_VERSION
-ENV GCC_HEAD_VERSION=${GCC_HEAD_VERSION}
-
-# populated in the docker-compose file
-ARG LLVM_HEAD_VERSION
-ENV LLVM_HEAD_VERSION=${LLVM_HEAD_VERSION}
-
-# HACK: The github actions runner image already has sudo and requires its use. The buildkite base image does not.
-# Reconcile this.
-RUN <<EOF
-  apt-get update || true
-  apt-get install -y sudo || true
-  echo "ALL ALL = (ALL) NOPASSWD: ALL" | tee /etc/sudoers || true
-EOF
-
-# Installing tzdata before other packages avoids the time zone prompts.
-# These prompts seem to ignore DEBIAN_FRONTEND=noninteractive.
-RUN sudo apt-get update \
-    && sudo apt-get install -y \
-        tzdata
-
-# Install various tools used by the build or the test suite
-# TODO add ninja-build once 1.11 is available in Ubuntu, also remove the manual
-# installation below.
-RUN sudo apt-get update \
-    && sudo apt-get install -y \
-        bash \
-        ccache \
-        curl \
-        gdb \
-        git \
-        gpg \
-        language-pack-en \
-        language-pack-fr \
-        language-pack-ja \
-        language-pack-ru \
-        language-pack-zh-hans \
-        libedit-dev \
-        libncurses5-dev \
-        libpython3-dev \
-        libxml2-dev \
-        lsb-release \
-        make \
-        python3 \
-        python3-dev \
-        python3-packaging \
-        python3-setuptools \
-        python3-psutil \
-        software-properties-common \
-        swig \
-        unzip \
-        uuid-dev \
-        wget \
-        xz-utils \
-    && sudo rm -rf /var/lib/apt/lists/*
-
-RUN <<EOF
-  set -e
-  wget -qO /tmp/ninja.gz https://github.com/ninja-build/ninja/releases/latest/download/ninja-linux.zip
-  gunzip /tmp/ninja.gz
-  chmod a+x /tmp/ninja
-  sudo mv /tmp/ninja /usr/local/bin/ninja
-EOF
-
-
-# These two locales are not enabled by default so generate them
-RUN <<EOF
-  set -e
-  printf "fr_CA ISO-8859-1\ncs_CZ ISO-8859-2" | sudo tee -a /etc/locale.gen
-  sudo mkdir /usr/local/share/i1en/
-  printf "fr_CA ISO-8859-1\ncs_CZ ISO-8859-2" | sudo tee -a /usr/local/share/i1en/SUPPORTED
-  sudo locale-gen
-EOF
-
-# Install Clang <latest>, <latest-1> and ToT, which are the ones we support.
-# We also install <latest-2> because we need to support the "latest-1" of the
-# current LLVM release branch, which is effectively the <latest-2> of the
-# tip-of-trunk LLVM. For example, after branching LLVM 14 but before branching
-# LLVM 15, we still need to have Clang 12 in this Docker image because the LLVM
-# 14 release branch CI uses it. The tip-of-trunk CI will never use Clang 12,
-# though.
-RUN <<EOF
-  set -e
-  sudo apt-get update
-  wget https://apt.llvm.org/llvm.sh -O /tmp/llvm.sh
-  chmod +x /tmp/llvm.sh
-  sudo /tmp/llvm.sh $(($LLVM_HEAD_VERSION - 3)) all  # for CI transitions
-  sudo /tmp/llvm.sh $(($LLVM_HEAD_VERSION - 2)) all  # previous release
-  sudo /tmp/llvm.sh $(($LLVM_HEAD_VERSION - 1)) all  # latest release
-  sudo /tmp/llvm.sh $LLVM_HEAD_VERSION          all  # current ToT
-  sudo apt-get install -y libomp5-$LLVM_HEAD_VERSION
-  sudo rm -rf /var/lib/apt/lists/*
-EOF
-
-# Install the most recent GCC, like clang install the previous version as a transition.
-RUN <<EOF
-  set -e
-  sudo git clone https://github.com/compiler-explorer/infra.git /tmp/ce-infra
-  (cd /tmp/ce-infra && sudo make ce)
-  # Current ToT, we do not guarantee any support in our support matrix.
-  sudo /tmp/ce-infra/bin/ce_install --enable nightly install compilers/c++/nightly/gcc trunk
-  sudo ln -s /opt/compiler-explorer/gcc-snapshot/bin/gcc /usr/bin/gcc-$GCC_HEAD_VERSION
-  sudo ln -s /opt/compiler-explorer/gcc-snapshot/bin/g++ /usr/bin/g++-$GCC_HEAD_VERSION
-  # The latest release.
-  sudo /tmp/ce-infra/bin/ce_install install compilers/c++/x86/gcc $((GCC_HEAD_VERSION - 1)).1.0
-  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 1)).1.0/bin/gcc /usr/bin/gcc-$((GCC_HEAD_VERSION - 1))
-  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 1)).1.0/bin/g++ /usr/bin/g++-$((GCC_HEAD_VERSION - 1))
-  # For CI transitions.
-  sudo /tmp/ce-infra/bin/ce_install install compilers/c++/x86/gcc $((GCC_HEAD_VERSION - 2)).1.0
-  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 2)).1.0/bin/gcc /usr/bin/gcc-$((GCC_HEAD_VERSION - 2))
-  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 2)).1.0/bin/g++ /usr/bin/g++-$((GCC_HEAD_VERSION - 2))
-  sudo rm -rf /tmp/ce-infra
-EOF
-
-RUN <<EOF
-    # Install a recent CMake
-    set -e
-    wget https://github.com/Kitware/CMake/releases/download/v3.24.4/cmake-3.24.4-linux-x86_64.sh -O /tmp/install-cmake.sh
-    sudo bash /tmp/install-cmake.sh --prefix=/usr --exclude-subdir --skip-license
-    rm /tmp/install-cmake.sh
-EOF
-
-# ===----------------------------------------------------------------------===##
-#                       Android Builder Base Image
-# ===----------------------------------------------------------------------===##
-
-FROM docker.io/library/ubuntu:jammy AS android-builder-base
-
-ARG ANDROID_CLANG_VERSION
-ARG ANDROID_CLANG_PREBUILTS_COMMIT
-ARG ANDROID_SYSROOT_COMMIT
-
-RUN apt-get update && apt-get install -y curl bzip2 git unzip
-
-# Install the Android platform tools (e.g. adb) into /opt/android/sdk.
-RUN <<EOF
-  set -e
-  mkdir -p /opt/android/sdk
-  cd /opt/android/sdk
-  curl -LO https://dl.google.com/android/repository/platform-tools-latest-linux.zip
-  unzip platform-tools-latest-linux.zip
-  rm platform-tools-latest-linux.zip
-EOF
-
-# Install the current Android compiler. Specify the prebuilts commit to retrieve
-# this compiler version even after it's removed from HEAD.
-
-ENV ANDROID_CLANG_VERSION=$ANDROID_CLANG_VERSION
-ENV ANDROID_CLANG_PREBUILTS_COMMIT=$ANDROID_CLANG_PREBUILTS_COMMIT
-RUN <<EOF
-    set -e
-    git clone --filter=blob:none --sparse \
-        https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86 \
-        /opt/android/clang
-    git -C /opt/android/clang checkout ${ANDROID_CLANG_PREBUILTS_COMMIT}
-    git -C /opt/android/clang sparse-checkout add clang-${ANDROID_CLANG_VERSION}
-    rm -fr /opt/android/clang/.git
-    ln -sf /opt/android/clang/clang-${ANDROID_CLANG_VERSION} /opt/android/clang/clang-current
-    # The "git sparse-checkout" and "ln" commands succeed even if nothing was
-    # checked out, so use this "ls" command to fix that.
-    ls /opt/android/clang/clang-current/bin/clang
-EOF
-
-# Install an Android sysroot. New Android sysroots are available at
-# https://android.googlesource.com/platform/prebuilts/ndk/+/refs/heads/mirror-goog-main-ndk/platform/sysroot.
-
-ENV ANDROID_SYSROOT_COMMIT=$ANDROID_SYSROOT_COMMIT
-RUN <<EOF
-  set -e
-  mkdir -p /opt/android/ndk
-  cd /opt/android/ndk
-  git clone --filter=blob:none https://android.googlesource.com/platform/prebuilts/ndk tmp
-  git -C tmp checkout ${ANDROID_SYSROOT_COMMIT}
-  mv tmp/platform/sysroot .
-  rm -rf tmp
-EOF
-
-# ===----------------------------------------------------------------------===##
-#                    Buildkite Builder Image
-# ===----------------------------------------------------------------------===##
-#
-# IMAGE: ghcr.io/libcxx/buildkite-builder.
-#
-FROM builder-base AS buildkite-builder
-
-# Create the libcxx-builder user, regardless of if we use it or not
-RUN sudo useradd --create-home libcxx-builder
-
-USER libcxx-builder
-WORKDIR /home/libcxx-builder
-
-# Install the Buildkite agent and dependencies. This must be done as non-root
-# for the Buildkite agent to be installed in a path where we can find it.
-RUN <<EOF
-  set -e
-  cd /home/libcxx-builder
-  curl -sL https://raw.githubusercontent.com/buildkite/agent/main/install.sh -o /tmp/install-agent.sh
-  bash /tmp/install-agent.sh
-  rm /tmp/install-agent.sh
-  echo "tags=\"queue=libcxx-builders,arch=$(uname -m),os=linux\"" \
-    >> /home/libcxx-builder/.buildkite-agent/buildkite-agent.cfg
-EOF
-
-USER libcxx-builder
-WORKDIR /home/libcxx-builder
-
-ENV PATH="${PATH}:/home/libcxx-builder/.buildkite-agent/bin"
-
-CMD ["buildkite-agent", "start"]
-
-# ===----------------------------------------------------------------------===##
-#                    Android Buildkite Builder Image
-# ===----------------------------------------------------------------------===##
-#
-# IMAGE: ghcr.io/libcxx/android-buildkite-builder.
-#
-FROM buildkite-builder AS android-buildkite-builder
-
-COPY --from=android-builder-base /opt/android /opt/android
-COPY ./vendor/android/container-setup.sh /opt/android/container-setup.sh
-
-ENV PATH="/opt/android/sdk/platform-tools:${PATH}"
-
-USER root
-
-# Install Docker
-RUN <<EOF
-  set -e
-  curl -fsSL https://get.docker.com -o /tmp/get-docker.sh
-  sh /tmp/get-docker.sh
-  rm /tmp/get-docker.sh
-
-  # Install Docker. Mark the binary setuid so it can be run without prefixing it
-  # with sudo. Adding the container user to the docker group doesn't work because
-  # /var/run/docker.sock is owned by the host's docker GID, not the container's
-  # docker GID.
-  chmod u+s /usr/bin/docker
-EOF
-
-USER libcxx-builder
-WORKDIR /home/libcxx-builder
-
-# Reset the configuration, we pass the configuration via the environment.
-RUN cp /home/libcxx-builder/.buildkite-agent/buildkite-agent.dist.cfg \
-       /home/libcxx-builder/.buildkite-agent/buildkite-agent.cfg
-
-# Modify the Buildkite agent cmdline to do Android setup stuff first.
-CMD /opt/android/container-setup.sh && buildkite-agent start
-
-# ===----------------------------------------------------------------------===##
-#                    Github Actions Builder Image
-# ===----------------------------------------------------------------------===##
-#
-# IMAGE: ghcr.io/libcxx/actions-builder.
-#
-FROM $ACTIONS_BASE_IMAGE AS actions-builder
-
-ARG GITHUB_RUNNER_VERSION
-
-RUN useradd gha -u 1001 -m -s /bin/bash
-RUN adduser gha sudo
-RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
-WORKDIR /home/gha
-USER gha
-
-ENV RUNNER_MANUALLY_TRAP_SIG=1
-ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
-RUN mkdir actions-runner && \
-    cd actions-runner && \
-    curl -O -L https://github.com/actions/runner/releases/download/v$GITHUB_RUNNER_VERSION/actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz && \
-    tar xzf ./actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz && \
-    rm ./actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz
diff --git a/libcxx/utils/ci/docker-compose.yml b/libcxx/utils/ci/docker-compose.yml
deleted file mode 100644
index 9367a8f1de6b8..0000000000000
--- a/libcxx/utils/ci/docker-compose.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-x-versions: &compiler_versions
-  GCC_HEAD_VERSION: 16
-  LLVM_HEAD_VERSION: 22
-
-x-image-versions: &image_versions
-  BASE_IMAGE: docker.io/library/ubuntu:jammy
-  ACTIONS_BASE_IMAGE: ghcr.io/llvm/libcxx-linux-builder-base:77cb0980bcc2675b27d08141526939423fa0be76
-
-services:
-  builder-base:
-    image: ghcr.io/llvm/libcxx-linux-builder-base:${TAG}
-    build:
-      context: .
-      dockerfile: Dockerfile
-      target: builder-base
-      args:
-        <<: [*image_versions, *compiler_versions]
-
-  actions-builder:
-    image: ghcr.io/llvm/libcxx-linux-builder:${TAG}
-    build:
-      context: .
-      dockerfile: Dockerfile
-      target: actions-builder
-      args:
-        GITHUB_RUNNER_VERSION: "2.329.0"
-        <<: [*image_versions, *compiler_versions]
-
-  android-buildkite-builder:
-    image: ghcr.io/llvm/libcxx-android-builder:${TAG}
-    build:
-      context: .
-      dockerfile: Dockerfile
-      target: android-buildkite-builder
-      args:
-        BASE_IMAGE: docker.io/library/ubuntu:noble
-        ANDROID_CLANG_VERSION: r563880
-        ANDROID_CLANG_PREBUILTS_COMMIT: 6ae4184bb8706f9731569b9a0a82be3fcdcb951c
-        ANDROID_SYSROOT_COMMIT: f8b85cc5262c6e5cbc9a92c1bab2b18b32a4c63f
-        <<: [*image_versions, *compiler_versions]
diff --git a/libcxx/utils/ci/docker/android-builder.dockerfile b/libcxx/utils/ci/docker/android-builder.dockerfile
new file mode 100644
index 0000000000000..9c5d5047dbb86
--- /dev/null
+++ b/libcxx/utils/ci/docker/android-builder.dockerfile
@@ -0,0 +1,114 @@
+# ===----------------------------------------------------------------------===##
+#
+# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+# See https://llvm.org/LICENSE.txt for license information.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+#
+# ===----------------------------------------------------------------------===##
+#
+# This file defines the image we use to run Android testing on Buildkite.
+# From the root of the monorepo, this image can be built with:
+#
+#   $ docker build --file libcxx/utils/ci/docker/android-builder.dockerfile \
+#                --build-arg BASE_IMAGE_VERSION=<sha>                       \
+#                --build-arg ANDROID_CLANG_VERSION=<version>                \
+#                --build-arg ANDROID_CLANG_PREBUILTS_COMMIT=<sha>           \
+#                --build-arg ANDROID_SYSROOT_COMMIT=<sha> .
+#
+# This image also gets built on every push to `main` that modifies these Docker
+# files, and can be found at ghcr.io/llvm/libcxx-android-builder.
+#
+# To run the image and start a Buildkite Agent, run it as:
+#
+#   $ docker run --env-file <secrets> -it ghcr.io/llvm/libcxx-android-builder:latest
+#
+# The environment variables in `<secrets>` should be the ones necessary
+# to run a BuildKite agent:
+#
+#   BUILDKITE_AGENT_TOKEN=<token>
+
+ARG BASE_IMAGE_VERSION
+FROM ghcr.io/llvm/libcxx-linux-builder-base:${BASE_IMAGE_VERSION}
+
+ARG ANDROID_CLANG_VERSION
+ARG ANDROID_CLANG_PREBUILTS_COMMIT
+ARG ANDROID_SYSROOT_COMMIT
+
+# Install the Android platform tools (e.g. adb) into /opt/android/sdk.
+RUN <<EOF
+  set -e
+  mkdir -p /opt/android/sdk
+  cd /opt/android/sdk
+  curl -LO https://dl.google.com/android/repository/platform-tools-latest-linux.zip
+  unzip platform-tools-latest-linux.zip
+  rm platform-tools-latest-linux.zip
+EOF
+
+# Install the current Android compiler. Specify the prebuilts commit to retrieve
+# this compiler version even after it's removed from HEAD.
+ENV ANDROID_CLANG_VERSION=$ANDROID_CLANG_VERSION
+ENV ANDROID_CLANG_PREBUILTS_COMMIT=$ANDROID_CLANG_PREBUILTS_COMMIT
+RUN <<EOF
+    set -e
+    git clone --filter=blob:none --sparse \
+        https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86 \
+        /opt/android/clang
+    git -C /opt/android/clang checkout ${ANDROID_CLANG_PREBUILTS_COMMIT}
+    git -C /opt/android/clang sparse-checkout add clang-${ANDROID_CLANG_VERSION}
+    rm -fr /opt/android/clang/.git
+    ln -sf /opt/android/clang/clang-${ANDROID_CLANG_VERSION} /opt/android/clang/clang-current
+    # The "git sparse-checkout" and "ln" commands succeed even if nothing was
+    # checked out, so use this "ls" command to fix that.
+    ls /opt/android/clang/clang-current/bin/clang
+EOF
+
+# Install an Android sysroot. New Android sysroots are available at
+# https://android.googlesource.com/platform/prebuilts/ndk/+/refs/heads/mirror-goog-main-ndk/platform/sysroot.
+ENV ANDROID_SYSROOT_COMMIT=$ANDROID_SYSROOT_COMMIT
+RUN <<EOF
+  set -e
+  mkdir -p /opt/android/ndk
+  cd /opt/android/ndk
+  git clone --filter=blob:none https://android.googlesource.com/platform/prebuilts/ndk tmp
+  git -C tmp checkout ${ANDROID_SYSROOT_COMMIT}
+  mv tmp/platform/sysroot .
+  rm -rf tmp
+EOF
+
+# Create the libcxx-builder user
+RUN sudo useradd --create-home libcxx-builder
+WORKDIR /home/libcxx-builder
+
+# Install the Buildkite agent and dependencies. This must be done as non-root
+# for the Buildkite agent to be installed in a path where we can find it.
+#
+# Note that we don't set up the configuration file here, since the configuration
+# is passed via the environment.
+RUN <<EOF
+  set -e
+  cd /home/libcxx-builder
+  curl -sL https://raw.githubusercontent.com/buildkite/agent/main/install.sh -o /tmp/install-agent.sh
+  bash /tmp/install-agent.sh
+  rm /tmp/install-agent.sh
+EOF
+ENV PATH="${PATH}:/home/libcxx-builder/.buildkite-agent/bin"
+
+# Install Docker
+RUN <<EOF
+  set -e
+  curl -fsSL https://get.docker.com -o /tmp/get-docker.sh
+  sh /tmp/get-docker.sh
+  rm /tmp/get-docker.sh
+
+  # Install Docker. Mark the binary setuid so it can be run without prefixing it
+  # with sudo. Adding the container user to the docker group doesn't work because
+  # /var/run/docker.sock is owned by the host's docker GID, not the container's
+  # docker GID.
+  chmod u+s /usr/bin/docker
+EOF
+
+# Setup the Buildkite agent command line to do Android setup stuff first.
+USER libcxx-builder
+COPY libcxx/utils/ci/vendor/android/container-setup.sh /opt/android/container-setup.sh
+ENV PATH="/opt/android/sdk/platform-tools:${PATH}"
+CMD /opt/android/container-setup.sh && buildkite-agent start
diff --git a/libcxx/utils/ci/docker/docker-compose.yml b/libcxx/utils/ci/docker/docker-compose.yml
new file mode 100644
index 0000000000000..74df3e4949b2f
--- /dev/null
+++ b/libcxx/utils/ci/docker/docker-compose.yml
@@ -0,0 +1,38 @@
+#
+# This docker compose file allows building the various Docker images we use for
+# libc++'s CI. It encodes the versions of various tools included in these images.
+#
+# Images can be built with:
+#
+#   $ docker compose --file libcxx/utils/ci/docker/docker-compose.yml build <image-name>
+#
+
+services:
+  libcxx-linux-builder-base:
+    image: ghcr.io/llvm/libcxx-linux-builder-base:${TAG:-latest}
+    build:
+      context: ../../../.. # monorepo root
+      dockerfile: libcxx/utils/ci/docker/linux-builder-base.dockerfile
+      args:
+        GCC_HEAD_VERSION: 16
+        LLVM_HEAD_VERSION: 22
+
+  libcxx-linux-builder:
+    image: ghcr.io/llvm/libcxx-linux-builder:${TAG:-latest}
+    build:
+      context: ../../../.. # monorepo root
+      dockerfile: libcxx/utils/ci/docker/linux-builder.dockerfile
+      args:
+        BASE_IMAGE_VERSION: 825943e06f840710177e5514c4f61c9e73660c44
+        GITHUB_RUNNER_VERSION: 2.329.0
+
+  libcxx-android-builder:
+    image: ghcr.io/llvm/libcxx-android-builder:${TAG:-latest}
+    build:
+      context: ../../../.. # monorepo root
+      dockerfile: libcxx/utils/ci/docker/android-builder.dockerfile
+      args:
+        BASE_IMAGE_VERSION: 825943e06f840710177e5514c4f61c9e73660c44
+        ANDROID_CLANG_VERSION: r563880
+        ANDROID_CLANG_PREBUILTS_COMMIT: 6ae4184bb8706f9731569b9a0a82be3fcdcb951c
+        ANDROID_SYSROOT_COMMIT: f8b85cc5262c6e5cbc9a92c1bab2b18b32a4c63f
diff --git a/libcxx/utils/ci/docker/linux-builder-base.dockerfile b/libcxx/utils/ci/docker/linux-builder-base.dockerfile
new file mode 100644
index 0000000000000..af09f15a72747
--- /dev/null
+++ b/libcxx/utils/ci/docker/linux-builder-base.dockerfile
@@ -0,0 +1,148 @@
+# ===----------------------------------------------------------------------===##
+#
+# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+# See https://llvm.org/LICENSE.txt for license information.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+#
+# ===----------------------------------------------------------------------===##
+#
+# This file defines the base image we use for Linux testing using Github Actions.
+# From the root of the monorepo, this image can be built with:
+#
+#   $ docker build --file libcxx/utils/ci/docker/linux-builder-base.dockerfile \
+#                  --build-arg GCC_HEAD_VERSION=<version> \
+#                  --build-arg LLVM_HEAD_VERSION=<version> .
+#
+# This image also gets built on every push to `main` that modifies these Docker
+# files, and can be found at ghcr.io/libcxx/libcxx-linux-builder-base .
+
+FROM docker.io/library/ubuntu:noble
+
+# Changing this file causes a rebuild of the image in a GitHub action. However, it does not cause
+# the CI runners to switch to that image automatically, that must be done by updating the image used
+# by the libc++ self-hosted runners in llvm-zorg. The date uses the ISO format YYYY-MM-DD.
+RUN echo "Last forced update executed on 2025-11-11."
+
+# Make sure apt-get doesn't try to prompt for stuff like our time zone, etc.
+ENV DEBIAN_FRONTEND=noninteractive
+
+# populated in the docker-compose file
+ARG GCC_HEAD_VERSION
+ENV GCC_HEAD_VERSION=${GCC_HEAD_VERSION}
+
+# populated in the docker-compose file
+ARG LLVM_HEAD_VERSION
+ENV LLVM_HEAD_VERSION=${LLVM_HEAD_VERSION}
+
+# Install sudo and setup passwordless sudo.
+RUN <<EOF
+  apt-get update || true
+  apt-get install -y sudo || true
+  echo "ALL ALL = (ALL) NOPASSWD: ALL" | tee /etc/sudoers || true
+EOF
+
+# Installing tzdata before other packages avoids the time zone prompts.
+# These prompts seem to ignore DEBIAN_FRONTEND=noninteractive.
+RUN sudo apt-get update \
+    && sudo apt-get install -y \
+        tzdata
+
+# Install various tools used by the build or the test suite
+# TODO add ninja-build once 1.11 is available in Ubuntu, also remove the manual
+# installation below.
+RUN sudo apt-get update \
+    && sudo apt-get install -y \
+        bash \
+        bzip2 \
+        ccache \
+        curl \
+        gdb \
+        git \
+        gpg \
+        language-pack-en \
+        language-pack-fr \
+        language-pack-ja \
+        language-pack-ru \
+        language-pack-zh-hans \
+        libedit-dev \
+        libncurses5-dev \
+        libpython3-dev \
+        libxml2-dev \
+        lsb-release \
+        make \
+        python3 \
+        python3-dev \
+        python3-packaging \
+        python3-setuptools \
+        python3-psutil \
+        software-properties-common \
+        swig \
+        unzip \
+        uuid-dev \
+        wget \
+        xz-utils \
+    && sudo rm -rf /var/lib/apt/lists/*
+
+RUN <<EOF
+  set -e
+  wget -qO /tmp/ninja.gz https://github.com/ninja-build/ninja/releases/latest/download/ninja-linux.zip
+  gunzip /tmp/ninja.gz
+  chmod a+x /tmp/ninja
+  sudo mv /tmp/ninja /usr/local/bin/ninja
+EOF
+
+# These two locales are not enabled by default so generate them
+RUN <<EOF
+  set -e
+  printf "fr_CA ISO-8859-1\ncs_CZ ISO-8859-2" | sudo tee -a /etc/locale.gen
+  sudo mkdir /usr/local/share/i1en/
+  printf "fr_CA ISO-8859-1\ncs_CZ ISO-8859-2" | sudo tee -a /usr/local/share/i1en/SUPPORTED
+  sudo locale-gen
+EOF
+
+# Install Clang <latest>, <latest-1> and ToT, which are the ones we support.
+# We also install <latest-2> because we need to support the "latest-1" of the
+# current LLVM release branch, which is effectively the <latest-2> of the
+# tip-of-trunk LLVM. For example, after branching LLVM 14 but before branching
+# LLVM 15, we still need to have Clang 12 in this Docker image because the LLVM
+# 14 release branch CI uses it. The tip-of-trunk CI will never use Clang 12,
+# though.
+RUN <<EOF
+  set -e
+  sudo apt-get update
+  wget https://apt.llvm.org/llvm.sh -O /tmp/llvm.sh
+  chmod +x /tmp/llvm.sh
+  sudo /tmp/llvm.sh $(($LLVM_HEAD_VERSION - 3)) all  # for CI transitions
+  sudo /tmp/llvm.sh $(($LLVM_HEAD_VERSION - 2)) all  # previous release
+  sudo /tmp/llvm.sh $(($LLVM_HEAD_VERSION - 1)) all  # latest release
+  sudo /tmp/llvm.sh $LLVM_HEAD_VERSION          all  # current ToT
+  sudo rm -rf /var/lib/apt/lists/*
+EOF
+
+# Install the most recent GCC, like clang install the previous version as a transition.
+RUN <<EOF
+  set -e
+  sudo git clone https://github.com/compiler-explorer/infra.git /tmp/ce-infra
+  (cd /tmp/ce-infra && sudo make ce)
+  # Current ToT, we do not guarantee any support in our support matrix.
+  sudo /tmp/ce-infra/bin/ce_install --enable nightly install compilers/c++/nightly/gcc trunk
+  sudo ln -s /opt/compiler-explorer/gcc-snapshot/bin/gcc /usr/bin/gcc-$GCC_HEAD_VERSION
+  sudo ln -s /opt/compiler-explorer/gcc-snapshot/bin/g++ /usr/bin/g++-$GCC_HEAD_VERSION
+  # The latest release.
+  sudo /tmp/ce-infra/bin/ce_install install compilers/c++/x86/gcc $((GCC_HEAD_VERSION - 1)).1.0
+  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 1)).1.0/bin/gcc /usr/bin/gcc-$((GCC_HEAD_VERSION - 1))
+  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 1)).1.0/bin/g++ /usr/bin/g++-$((GCC_HEAD_VERSION - 1))
+  # For CI transitions.
+  sudo /tmp/ce-infra/bin/ce_install install compilers/c++/x86/gcc $((GCC_HEAD_VERSION - 2)).1.0
+  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 2)).1.0/bin/gcc /usr/bin/gcc-$((GCC_HEAD_VERSION - 2))
+  sudo ln -s /opt/compiler-explorer/gcc-$((GCC_HEAD_VERSION - 2)).1.0/bin/g++ /usr/bin/g++-$((GCC_HEAD_VERSION - 2))
+  sudo rm -rf /tmp/ce-infra
+EOF
+
+RUN <<EOF
+    # Install a recent CMake
+    set -e
+    wget https://github.com/Kitware/CMake/releases/download/v3.24.4/cmake-3.24.4-linux-x86_64.sh -O /tmp/install-cmake.sh
+    sudo bash /tmp/install-cmake.sh --prefix=/usr --exclude-subdir --skip-license
+    rm /tmp/install-cmake.sh
+EOF
diff --git a/libcxx/utils/ci/docker/linux-builder.dockerfile b/libcxx/utils/ci/docker/linux-builder.dockerfile
new file mode 100644
index 0000000000000..d6a878b604d43
--- /dev/null
+++ b/libcxx/utils/ci/docker/linux-builder.dockerfile
@@ -0,0 +1,38 @@
+# ===----------------------------------------------------------------------===##
+#
+# Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+# See https://llvm.org/LICENSE.txt for license information.
+# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+#
+# ===----------------------------------------------------------------------===##
+#
+# This file defines the image we use for Linux testing using Github Actions.
+# From the root of the monorepo, this image can be built with:
+#
+#   $ docker build --file libcxx/utils/ci/docker/linux-builder.dockerfile \
+#                  --build-arg BASE_IMAGE_VERSION=<sha>                   \
+#                  --build-arg GITHUB_RUNNER_VERSION=<version> .
+#
+# This image also gets built on every push to `main` that modifies these Docker
+# files, and can be found at ghcr.io/llvm/libcxx-linux-builder.
+
+ARG BASE_IMAGE_VERSION
+FROM ghcr.io/llvm/libcxx-linux-builder-base:${BASE_IMAGE_VERSION}
+
+ARG GITHUB_RUNNER_VERSION
+
+# Setup the user
+RUN useradd gha -u 1001 -m -s /bin/bash
+RUN adduser gha sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+WORKDIR /home/gha
+USER gha
+
+# Install the Github Actions runner
+ENV RUNNER_MANUALLY_TRAP_SIG=1
+ENV ACTIONS_RUNNER_PRINT_LOG_TO_STDOUT=1
+RUN mkdir actions-runner && \
+    cd actions-runner && \
+    curl -O -L https://github.com/actions/runner/releases/download/v$GITHUB_RUNNER_VERSION/actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz && \
+    tar xzf ./actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz && \
+    rm ./actions-runner-linux-x64-$GITHUB_RUNNER_VERSION.tar.gz