diff --git a/.github/workflows/call-build-images.yaml b/.github/workflows/call-build-images.yaml
index 3d4d8e9c677..2a2e98b1fd9 100644
--- a/.github/workflows/call-build-images.yaml
+++ b/.github/workflows/call-build-images.yaml
@@ -284,3 +284,45 @@ jobs:
         env:
           COSIGN_PRIVATE_KEY: ${{ secrets.cosign_private_key }}
           COSIGN_PASSWORD: ${{ secrets.cosign_private_key_password }} # optional
+
+  # This takes a long time...
+  call-build-windows-container:
+    name: Windows container image
+    runs-on: windows-2019
+    environment: ${{ inputs.environment }}
+    needs:
+      - call-build-legacy-check
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ inputs.username }}
+          password: ${{ secrets.token }}
+
+      - name: Build the production images
+        run: |
+          docker build -t ${{ inputs.registry }}/${{ inputs.image }}:windows-2019-${{ inputs.version }} --build-arg FLB_NIGHTLY_BUILD=${{ inputs.unstable }} --build-arg WINDOWS_VERSION=ltsc2019 -f ./dockerfiles/Dockerfile.windows .
+          docker push ${{ inputs.registry }}/${{ inputs.image }}:windows-2019-${{ inputs.version }}
+        # We cannot use this action as it requires privileged mode
+        # uses: docker/build-push-action@v2
+        # with:
+        #   file: ./dockerfiles/Dockerfile.windows
+        #   context: .
+        #   tags: ${{ steps.meta.outputs.tags }}
+        #   labels: ${{ steps.meta.outputs.labels }}
+        #   platforms: windows/amd64
+        #   target: runtime
+        #   push: true
+        #   load: false
+        #   build-args: |
+        #     FLB_NIGHTLY_BUILD=${{ inputs.unstable }}
+        #     WINDOWS_VERSION=ltsc2019
diff --git a/.github/workflows/call-build-macos.yaml b/.github/workflows/call-build-macos.yaml
index e9ea3eded81..b16fae8ebf2 100644
--- a/.github/workflows/call-build-macos.yaml
+++ b/.github/workflows/call-build-macos.yaml
@@ -78,6 +78,7 @@ jobs:
 
       - name: Build Fluent Bit packages
         run: |
+          export LIBRARY_PATH=/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib:$LIBRARY_PATH
           cmake -DCPACK_GENERATOR=productbuild -DFLB_NIGHTLY_BUILD=${{ inputs.unstable }} ../
           cmake --build .
           cpack -G productbuild
diff --git a/.github/workflows/call-build-windows.yaml b/.github/workflows/call-build-windows.yaml
index af9c8de3b81..2a9b0a96f77 100644
--- a/.github/workflows/call-build-windows.yaml
+++ b/.github/workflows/call-build-windows.yaml
@@ -79,13 +79,39 @@ jobs:
             build/*-bit-*.zip
           if-no-files-found: error
 
-      - name: Push packages to S3
+  call-build-windows-s3-upload:
+    name: Handle upload to S3
+    runs-on: ubuntu-latest
+    needs:
+      - call-build-windows-package
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Download all artefacts
+        continue-on-error: true
+        uses: actions/download-artifact@v2
+        with:
+          path: artifacts/
+
+      - name: Set up Windows checksums
+        run: |
+          packaging/windows-checksums.sh
+          ls -lR artifacts/
+        shell: bash
+        env:
+          SOURCE_DIR: artifacts
+
+      - name: Push Windows packages to S3
         # Only upload for staging
         if: inputs.environment == 'staging'
         run: |
-          aws s3 sync "build/*-bit-*.exe" "s3://${{ secrets.bucket }}/${{ inputs.version }}/windows/" --follow-symlinks --no-progress --delete
-          aws s3 sync "build/*-bit-*.zip" "s3://${{ secrets.bucket }}/${{ inputs.version }}/windows/" --follow-symlinks --no-progress
+          aws s3 sync "$SOURCE_DIR" "s3://$DEST_DIR" --follow-symlinks --no-progress
         env:
+          SOURCE_DIR: "artifacts"
+          DEST_DIR: "${{ secrets.bucket }}/${{ inputs.version }}/windows/"
           AWS_REGION: "us-east-1"
           AWS_ACCESS_KEY_ID: ${{ secrets.access_key_id }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.secret_access_key }}
diff --git a/.github/workflows/staging-build.yaml b/.github/workflows/staging-build.yaml
index db0dede528a..dc51f486d3b 100644
--- a/.github/workflows/staging-build.yaml
+++ b/.github/workflows/staging-build.yaml
@@ -92,16 +92,18 @@ jobs:
         uses: actions/download-artifact@v2
         with:
           name: fluent-bit-schema-${{ needs.staging-build-get-meta.outputs.version }}
+          path: artifacts/
 
       - name: Display structure of downloaded files
-        run: ls -R
+        run: |
+          ls -R
         shell: bash
 
       - name: Push schema to S3 bucket
         # We may have no schema so ignore that failure
         continue-on-error: true
         run: |
-          aws --region "$AWS_REGION" s3 sync *.json "s3://${AWS_S3_BUCKET}/${DEST_DIR}" --no-progress ${ENDPOINT}
+          aws s3 sync "artifacts/" "s3://${AWS_S3_BUCKET}/${DEST_DIR}" --no-progress
         env:
           DEST_DIR: "${{ needs.staging-build-get-meta.outputs.version }}/"
           AWS_REGION: "us-east-1"
diff --git a/packaging/server/publish-all.sh b/packaging/server/publish-all.sh
old mode 100644
new mode 100755
index c8ec561f46d..96d136b1ea5
--- a/packaging/server/publish-all.sh
+++ b/packaging/server/publish-all.sh
@@ -13,6 +13,7 @@ if [ -z "$1" ]; then
     exit 1
 fi
 VERSION="$1"
+MAJOR_VERSION=${MAJOR_VERSION:-VERSION##\.*}
 
 if [[ ! -d "$SOURCE_DIR" ]]; then
     echo "Missing source directory: $SOURCE_DIR"
@@ -114,4 +115,7 @@ if ! aptly -config="$APTLY_CONFIG" publish switch -gpg-key="releases@fluentbit.i
 fi
 
 # Sign YUM repo meta-data
-find "/var/www/apt.fluentbit.io" -name repomd.xml -exec gpg --detach-sign --armor --yes -u "releases@fluentbit.io" {} \;
\ No newline at end of file
+find "/var/www/apt.fluentbit.io" -name repomd.xml -exec gpg --detach-sign --armor --yes -u "releases@fluentbit.io" {} \;
+
+# Windows
+cp -v "$SOURCE_DIR/windows/*$VERSION*" /var/www/releases.fluentbit.io/releases/"$MAJOR_VERSION"/
diff --git a/packaging/test-release-packages.sh b/packaging/test-release-packages.sh
new file mode 100755
index 00000000000..19f1b8e9125
--- /dev/null
+++ b/packaging/test-release-packages.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -eux
+# Verify package install for a latest release version
+docker run --rm -it ubuntu:20.04 sh -c "apt-get update && apt-get install -y sudo gpg curl;curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh"
+docker run --rm -it ubuntu:18.04 sh -c "apt-get update && apt-get install -y sudo gpg curl;curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh"
+docker run --rm -it debian:10 sh -c "apt-get update && apt-get install -y sudo gpg curl;curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh"
+docker run --rm -it debian:11 sh -c "apt-get update && apt-get install -y sudo gpg curl;curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh"
+docker run --rm -it centos:7 sh -c "yum install -y curl sudo;curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh"
+docker run --rm -it rockylinux:8 sh -c "yum install -y curl sudo;curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh"
+docker run --rm -it amazonlinux:2 sh -c "yum install -y curl sudo;curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh"
diff --git a/packaging/windows-checksums.sh b/packaging/windows-checksums.sh
new file mode 100755
index 00000000000..2b243ddc01c
--- /dev/null
+++ b/packaging/windows-checksums.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -eu
+
+SOURCE_DIR=${SOURCE_DIR:?}
+
+pushd "$SOURCE_DIR"
+for i in *.exe
+do
+    echo "$i"
+    sha256sum "$i" > "$i".sha256
+done
+
+for i in *.zip
+do
+    echo "$i"
+    sha256sum "$i" > "$i".sha256
+done
+popd