diff --git a/.github/docker/Dockerfile.glibc b/.github/docker/Dockerfile.glibc
new file mode 100644
index 0000000..c114db0
--- /dev/null
+++ b/.github/docker/Dockerfile.glibc
@@ -0,0 +1,11 @@
+ARG NODE_BUILD_IMAGE=node:16.20.1-bullseye
+FROM $NODE_BUILD_IMAGE AS build
+
+WORKDIR /mongodb-client-encryption
+COPY . .
+
+RUN node /mongodb-client-encryption/.github/scripts/libmongocrypt.mjs
+
+FROM scratch
+
+COPY --from=build /mongodb-client-encryption/prebuilds/ /
diff --git a/.github/scripts/libmongocrypt.mjs b/.github/scripts/libmongocrypt.mjs
index d30d071..47f647a 100644
--- a/.github/scripts/libmongocrypt.mjs
+++ b/.github/scripts/libmongocrypt.mjs
@@ -59,6 +59,7 @@ async function run(command, args = [], options = {}) {
   const commandDetails = `+ ${command} ${args.join(' ')}${options.cwd ? ` (in: ${options.cwd})` : ''}`;
   console.error(commandDetails);
   const proc = child_process.spawn(command, args, {
+    shell: process.platform === 'win32',
     stdio: 'inherit',
     cwd: resolveRoot('.'),
     ...options
@@ -171,9 +172,12 @@ export async function downloadLibMongoCrypt(nodeDepsRoot, { ref }) {
 
   console.error(`Platform: ${detectedPlatform} Prebuild: ${prebuild}`);
 
-  const unzipArgs = ['-xzv', '-C', destination, `${prebuild}/nocrypto`];
+  const unzipArgs = ['-xzv', '-C', `_libmongocrypt-${ref}`, `${prebuild}/nocrypto`];
   console.error(`+ tar ${unzipArgs.join(' ')}`);
-  const unzip = child_process.spawn('tar', unzipArgs, { stdio: ['pipe', 'inherit'] });
+  const unzip = child_process.spawn('tar', unzipArgs, {
+    stdio: ['pipe', 'inherit'],
+    cwd: resolveRoot('.')
+  });
 
   const [response] = await events.once(https.get(downloadURL), 'response');
 
@@ -228,7 +232,7 @@ async function main() {
   // install with "ignore-scripts" so that we don't attempt to download a prebuild
   await run('npm', ['install', '--ignore-scripts']);
   // The prebuild command will make both a .node file in `./build` (local and CI testing will run on current code)
-  // it will also produce `./prebuild/xx.tgz`. prebuild has GH upload functionality.
+  // it will also produce `./prebuilds/mongodb-client-encryption-vVERSION-napi-vNAPI_VERSION-OS-ARCH.tar.gz`.
   await run('npm', ['run', 'prebuild']);
 }
 
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ce15838..1270be7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,23 +8,74 @@ on:
 name: build
 
 jobs:
-  build:
+  host_builds:
+    strategy:
+      matrix:
+        os: [macos-11, macos-latest, windows-2019]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build ${{ matrix.os }} Prebuild
+        run: node .github/scripts/libmongocrypt.mjs ${{ runner.os == 'Windows' && '--build' || '' }}
+        shell: bash
+
+      - id: upload
+        name: Upload prebuild
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-${{ matrix.os }}
+          path: prebuilds/
+          if-no-files-found: 'error'
+          retention-days: 1
+          compression-level: 0
+
+  container_builds:
+    outputs:
+      artifact_id: ${{ steps.upload.outputs.artifact-id }}
     runs-on: ubuntu-latest
     strategy:
-        matrix:
-          node: ['20.x'] # '16.x', '18.x',
-    name: Node.js ${{ matrix.node }} build
+      matrix:
+        linux_arch: [s390x, arm64, amd64]
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Run Buildx
+        run: |
+          docker buildx create --name builder --bootstrap --use
+          docker buildx build --platform linux/${{ matrix.linux_arch }} --output type=local,dest=./prebuilds,platform-split=false -f ./.github/docker/Dockerfile.glibc .
+
+      - id: upload
+        name: Upload prebuild
+        uses: actions/upload-artifact@v4
         with:
-          node-version: ${{ matrix.node }}
-          cache: 'npm'
-          registry-url: 'https://registry.npmjs.org'
+          name: build-linux-${{ matrix.linux_arch }}
+          path: prebuilds/
+          if-no-files-found: 'error'
+          retention-days: 1
+          compression-level: 0
 
-      - run: npm install -g npm@latest
-        shell: bash
+  collect:
+    needs: [host_builds, container_builds]
+    runs-on: ubunutu-latest
+    steps:
+      - uses: actions/download-artifact@v4
 
-      - run: node .github/scripts/libmongocrypt.mjs
-        shell: bash
+      - name: Display structure of downloaded files
+        run: ls -R
+
+      - id: upload
+        name: Upload all prebuilds
+        uses: actions/upload-artifact@v4
+        with:
+          name: all-build
+          path: '*.tar.gz'
+          if-no-files-found: 'error'
+          retention-days: 1
+          compression-level: 0