diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ada894e..85aac43 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -53,6 +53,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
       - name: Install cosign
         uses: sigstore/cosign-installer@main
diff --git a/.goreleaser.yml b/.goreleaser.yml
index dccb7ca..8b713fd 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -15,6 +15,7 @@ builds:
       - amd64
     flags:
       - -buildmode=pie
+      - -buildvcs=true
       - -trimpath
     mod_timestamp: '{{ .CommitTimestamp }}'
     ldflags:
diff --git a/Dockerfile b/Dockerfile
index feafc52..9de2e42 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,7 @@ RUN apk add --no-cache git=2.36.3-r0
 # build as PIE to take advantage of exploit mitigations
 ARG CGO_ENABLED=0
 ARG VERSION
-RUN go build -buildmode pie -ldflags "-s -w -X main.version=${VERSION}" -trimpath -o go-project-template
+RUN go build -buildmode=pie -buildvcs=true -ldflags "-s -w -X main.version=${VERSION}" -trimpath -o go-project-template
 
 # pie-loader is built and scanned daily, we want the most recent version
 # hadolint ignore=DL3006