diff --git a/.drone.yml b/.drone.yml
index 5f65008ffdca3..a065f6092996c 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1319,11 +1319,6 @@ image_pull_secrets:
 kind: pipeline
 type: kubernetes
 name: push-build-linux-arm64
-environment:
-  BUILDBOX_VERSION: teleport11
-  GID: "1000"
-  RUNTIME: go1.20.3
-  UID: "1000"
 trigger:
   event:
     include:
@@ -1366,9 +1361,10 @@ steps:
   pull: if-not-exists
   commands:
   - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
-  - go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -workflow
-    release-linux-arm64.yml -workflow-ref=${DRONE_BRANCH} -input oss-teleport-ref=${DRONE_COMMIT}
-    -input upload-artifacts=false -input oss-teleport-repo="${DRONE_REPO}"
+  - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
+    -tag-workflow -timeout 1h0m0s -workflow release-linux-arm64.yml -workflow-ref=${DRONE_BRANCH}
+    -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT}
+    -input "upload-artifacts=false" '
   environment:
     GHA_APP_KEY:
       from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
@@ -5284,11 +5280,6 @@ image_pull_secrets:
 kind: pipeline
 type: kubernetes
 name: build-linux-arm64
-environment:
-  BUILDBOX_VERSION: teleport11
-  GID: "1000"
-  RUNTIME: go1.20.3
-  UID: "1000"
 trigger:
   event:
     include:
@@ -5303,6 +5294,8 @@ workspace:
   path: /go
 clone:
   disable: true
+depends_on:
+- clean-up-previous-build
 steps:
 - name: Check out code
   image: docker:git
@@ -5328,9 +5321,10 @@ steps:
   pull: if-not-exists
   commands:
   - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
-  - go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -workflow
-    release-linux-arm64.yml -workflow-ref=${DRONE_TAG} -input oss-teleport-ref=${DRONE_TAG}
-    -input upload-artifacts=true -input oss-teleport-repo="${DRONE_REPO}"
+  - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
+    -tag-workflow -timeout 1h0m0s -workflow release-linux-arm64.yml -workflow-ref=${DRONE_TAG}
+    -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} -input
+    "upload-artifacts=true" '
   environment:
     GHA_APP_KEY:
       from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
@@ -20291,6 +20285,6 @@ image_pull_secrets:
 - DOCKERHUB_CREDENTIALS
 ---
 kind: signature
-hmac: 5f920d6511d5e89e2bfa788d11b42a8db5b3f6f5c98500b137b6fba4d1ab03ee
+hmac: b797d960837073d77869974db84306e894dc81b4a8cde6e24fdb7056eb15a65e
 
 ...
diff --git a/dronegen/gha.go b/dronegen/gha.go
index 8ffdfc07886df..9ab3dcbb6b58c 100644
--- a/dronegen/gha.go
+++ b/dronegen/gha.go
@@ -14,27 +14,48 @@
 
 package main
 
-import "fmt"
+import (
+	"fmt"
+	"strings"
+	"time"
+)
 
 type ghaBuildType struct {
 	buildType
 	trigger
-	namePrefix      string
-	uploadArtifacts bool
-	srcRefVar       string
-	workflowRefVar  string
-	slackOnError    bool
+	pipelineName string
+	ghaWorkflow  string
+	srcRefVar    string
+	workflowRef  string
+	timeout      time.Duration
+	slackOnError bool
+	dependsOn    []string
+	inputs       map[string]string
 }
 
 func ghaBuildPipeline(b ghaBuildType) pipeline {
-	p := newKubePipeline(fmt.Sprintf("%sbuild-%s-%s", b.namePrefix, b.os, b.arch))
+	p := newKubePipeline(b.pipelineName)
 	p.Trigger = b.trigger
 	p.Workspace = workspace{Path: "/go"}
-	p.Environment = map[string]value{
-		"BUILDBOX_VERSION": buildboxVersion,
-		"RUNTIME":          goRuntime,
-		"UID":              {raw: "1000"},
-		"GID":              {raw: "1000"},
+	p.DependsOn = append(p.DependsOn, b.dependsOn...)
+
+	var cmd strings.Builder
+	cmd.WriteString(`go run ./cmd/gh-trigger-workflow `)
+	cmd.WriteString(`-owner ${DRONE_REPO_OWNER} `)
+	cmd.WriteString(`-repo teleport.e `)
+	cmd.WriteString(`-tag-workflow `)
+	fmt.Fprintf(&cmd, `-timeout %s `, b.timeout.String())
+	fmt.Fprintf(&cmd, `-workflow %s `, b.ghaWorkflow)
+	fmt.Fprintf(&cmd, `-workflow-ref=%s `, b.workflowRef)
+
+	// If we don't need to build teleport...
+	if b.srcRefVar != "" {
+		cmd.WriteString(`-input oss-teleport-repo=${DRONE_REPO} `)
+		fmt.Fprintf(&cmd, `-input oss-teleport-ref=${%s} `, b.srcRefVar)
+	}
+
+	for k, v := range b.inputs {
+		fmt.Fprintf(&cmd, `-input "%s=%s" `, k, v)
 	}
 
 	p.Steps = []step{
@@ -56,11 +77,7 @@ func ghaBuildPipeline(b ghaBuildType) pipeline {
 			},
 			Commands: []string{
 				`cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"`,
-				`go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -workflow release-linux-arm64.yml ` +
-					fmt.Sprintf(`-workflow-ref=${%s} `, b.workflowRefVar) +
-					fmt.Sprintf(`-input oss-teleport-ref=${%s} `, b.srcRefVar) +
-					fmt.Sprintf(`-input upload-artifacts=%t `, b.uploadArtifacts) +
-					`-input oss-teleport-repo="${DRONE_REPO}"`,
+				cmd.String(),
 			},
 		},
 	}
diff --git a/dronegen/push.go b/dronegen/push.go
index 80802c2e15961..1cea3b2ec4182 100644
--- a/dronegen/push.go
+++ b/dronegen/push.go
@@ -14,7 +14,10 @@
 
 package main
 
-import "fmt"
+import (
+	"fmt"
+	"time"
+)
 
 // pushCheckoutCommands builds a list of commands for Drone to check out a git commit on a push build
 func pushCheckoutCommands(b buildType) []string {
@@ -72,13 +75,15 @@ func pushPipelines() []pipeline {
 	}
 
 	ps = append(ps, ghaBuildPipeline(ghaBuildType{
-		buildType:       buildType{os: "linux", arch: "arm64"},
-		trigger:         triggerPush,
-		namePrefix:      "push-",
-		uploadArtifacts: false,
-		slackOnError:    true,
-		srcRefVar:       "DRONE_COMMIT",
-		workflowRefVar:  "DRONE_BRANCH",
+		buildType:    buildType{os: "linux", arch: "arm64"},
+		trigger:      triggerPush,
+		pipelineName: "push-build-linux-arm64",
+		ghaWorkflow:  "release-linux-arm64.yml",
+		timeout:      60 * time.Minute,
+		slackOnError: true,
+		srcRefVar:    "DRONE_COMMIT",
+		workflowRef:  "${DRONE_BRANCH}",
+		inputs:       map[string]string{"upload-artifacts": "false"},
 	}))
 
 	// Only amd64 Windows is supported for now.
diff --git a/dronegen/tag.go b/dronegen/tag.go
index 3b3698507ca7f..e470fe171cb65 100644
--- a/dronegen/tag.go
+++ b/dronegen/tag.go
@@ -17,6 +17,7 @@ package main
 import (
 	"fmt"
 	"strings"
+	"time"
 )
 
 const (
@@ -189,11 +190,15 @@ func tagPipelines() []pipeline {
 	}
 
 	ps = append(ps, ghaBuildPipeline(ghaBuildType{
-		buildType:       buildType{os: "linux", arch: "arm64", fips: false},
-		trigger:         triggerTag,
-		uploadArtifacts: true,
-		srcRefVar:       "DRONE_TAG",
-		workflowRefVar:  "DRONE_TAG",
+		buildType:    buildType{os: "linux", arch: "arm64", fips: false},
+		trigger:      triggerTag,
+		pipelineName: "build-linux-arm64",
+		ghaWorkflow:  "release-linux-arm64.yml",
+		srcRefVar:    "DRONE_TAG",
+		workflowRef:  "${DRONE_TAG}",
+		timeout:      60 * time.Minute,
+		dependsOn:    []string{tagCleanupPipelineName},
+		inputs:       map[string]string{"upload-artifacts": "true"},
 	}))
 
 	// Only amd64 Windows is supported for now.