diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000..b6b129a2
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,36 @@
+name: Build model-cli
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch"
+        required: true
+        default: "main"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+      - name: Build model-cli
+        run: |
+          make release VERSION=${{ github.sha }}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: |
+            dist/
+          retention-days: 2
+          if-no-files-found: error
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index 85521103..00000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,134 +0,0 @@
-name: Release docker-model
-run-name: Release ${{ inputs.tag }}
-on:
-  workflow_dispatch:
-    inputs:
-      branch:
-        description: "Branch"
-        required: true
-        default: "main"
-      tag:
-        description: "Release Tag"
-        required: true
-        type: string
-      changelog:
-        description: ""
-        required: false
-        type: string
-
-jobs:
-
-  build:
-    runs-on: macos-13
-    permissions:
-      id-token: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-          cache: true
-      - name: Build Darwin
-        run: |
-          make release VERSION=${{ inputs.tag }}
-      - name: Sign and notarize mac binaries # this requires adding the GH repo to https://github.com/docker/infra-terraform/blob/main/infra/aws/default/iam/ci_desktop_signing.tf
-        uses: docker/desktop-action-private/sign@v1.0.1
-        with:
-          mac_binaries_filter: dist/darwin-*/docker-model
-      - uses: actions/upload-artifact@v4
-        with:
-          name: dist
-          path: |
-            dist/
-          if-no-files-found: error
-
-  sign-windows:
-    runs-on: windows-latest
-    permissions:
-      id-token: write
-      contents: read
-    needs: [build]
-    steps:
-      - name: Retrieve built artifact
-        uses: actions/download-artifact@v4
-        with:
-          path: dist
-          pattern: dist
-      - name: Sign windows binaries
-        uses: docker/desktop-action-private/sign@v1.0.1
-        with:
-          win_binaries_filter: dist/windows-*/docker-model
-      - uses: actions/upload-artifact@v4
-        with:
-          name: dist
-          path: |
-            dist/
-          if-no-files-found: error
-          overwrite: true
-
-  release:
-    needs:
-      - sign-windows
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    env:
-      GH_TOKEN: ${{ github.token }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Retrieve built artifact
-        uses: actions/download-artifact@v4
-        with:
-          path: dist
-          pattern: dist
-      - name: Fix binary permissions after upload/download
-        run: |
-          ls -lahR dist/
-          chmod +x dist/dist/*/*
-          ls -lahR dist/
-          (cd dist; find . -type f | xargs sha256sum > ../sha256sum.txt)
-          mv sha256sum.txt dist/
-          cat dist/sha256sum.txt
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERBUILDBOT_USERNAME }}
-          password: ${{ secrets.DOCKERBUILDBOT_WRITE_PAT }}
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          version: "lab:latest"
-          driver: cloud
-          endpoint: "docker/make-product-smarter"
-          install: true
-      - name: Build and push DD module image
-        uses: docker/build-push-action@v5
-        with:
-          build-contexts: |
-            dist=dist
-            desktop-module=desktop-module
-          file: desktop-module/Dockerfile
-          platforms: darwin/arm64,windows/amd64
-          push: ${{ github.event_name != 'pull_request' }}
-          sbom: true
-          provenance: mode=max
-          tags: |
-            docker/docker-model-cli-desktop-module:${{ inputs.tag }}
-      - name: Create or update Release
-        run: |
-          echo "Looking for existing release for ${{ inputs.tag }}"
-          OLD_TAG=$(gh release ls --json name,tagName | jq -r ".[] | select(.name == \"${{ inputs.tag }}\") | .tagName")
-          if [ -n "$OLD_TAG" ]; then
-            echo "Updating release ${{ inputs.tag }} to point to new tag ${GITHUB_REF_NAME}"
-            gh release edit ${OLD_TAG} --tag ${GITHUB_REF_NAME}
-          else
-            echo "Creating new release ${{ inputs.tag }} pointing to tag ${GITHUB_REF_NAME}"
-            gh release create ${GITHUB_REF_NAME} \
-              --title ${{ inputs.tag }} \
-              --draft \
-              --generate-notes \
-              --prerelease
-          fi
-          echo "Uploading artifacts for tag ${GITHUB_REF_NAME}"
-          gh release upload ${GITHUB_REF_NAME} dist/*/*/* --clobber