diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 56b9cea6b..fcd4c9e30 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -31,7 +31,31 @@ env:
     type=semver,pattern={{version}},value=${{ inputs.tag }},enable=${{ inputs.tag != '' }}
 
 jobs:
+  determine-versions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Determine dependency versions"
+        id: "versions"
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const helmRelease = await github.rest.repos.getLatestRelease({
+              'owner': 'helm',
+              'repo': 'helm',
+            });
+            core.setOutput('helm', helmRelease.tag_name);
+            const kustomizeReleases = await github.rest.repos.listReleases({
+              'owner': 'helm',
+              'repo': 'helm',
+            });
+            console.log(kustomizeReleases);
+            const kustomizeRelease = kustomizeReleases
+              .filter(release => release.tag_name.startsWith('kustomize'))[0];
+            core.setOutput('kustomize', kustomizeRelease.tag_name);
+
   build:
+    needs:
+      - determine-versions
     strategy:
       fail-fast: false
       matrix:
@@ -66,6 +90,9 @@ jobs:
           context: .
           labels: ${{ steps.meta.outputs.labels }}
           outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=${{ github.event_name == 'push' }}
+          build-args: |
+            HELM_VERSION=${{ needs.determine-versions.outputs.helm }}
+            KUSTOMIZE_VERSION=${{ needs.determine-versions.outputs.kubectl }}
 
       - name: Export digest
         id: digest
diff --git a/Dockerfile b/Dockerfile
index c10adfb5d..177eb4f73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,24 +19,22 @@ RUN apk add --no-cache git make bash &&\
 
 FROM golang:1.23.3-alpine AS helm
 WORKDIR /tmp/helm
+ARG HELM_VERSION
 RUN apk add --no-cache jq curl
-RUN export TAG=$(curl --silent "https://api.github.com/repos/helm/helm/releases/latest" | jq -r .tag_name) &&\
-    export OS=$(go env GOOS) &&\
-    export ARCH=$(go env GOARCH) &&\
-    curl -SL "https://get.helm.sh/helm-${TAG}-${OS}-${ARCH}.tar.gz" > helm.tgz && \
+RUN curl -SL "https://get.helm.sh/helm-${HELM_VERSION}-${OS}-${ARCH}.tar.gz" > helm.tgz && \
     tar -xvf helm.tgz --strip-components=1
 
 FROM golang:1.23.3-alpine AS kustomize
 WORKDIR /tmp/kustomize
+ARG KUSTOMIZE_VERSION
 RUN apk add --no-cache jq curl
 # Get the latest version of kustomize
 # Releases are filtered by their name since the kustomize repository exposes multiple products in the releases
-RUN export TAG=$(curl --silent "https://api.github.com/repos/kubernetes-sigs/kustomize/releases" | jq -r '[ .[] | select(.name | startswith("kustomize")) ] | .[0].tag_name') &&\
-    export VERSION_TAG=${TAG#*/} &&\
+RUN export VERSION_TAG=${KUSTOMIZE_VERSION#*/} &&\
     export OS=$(go env GOOS) &&\
     export ARCH=$(go env GOARCH) &&\
-    echo "https://github.com/kubernetes-sigs/kustomize/releases/download/${TAG}/kustomize_${VERSION_TAG}_${OS}_${ARCH}.tar.gz" && \
-    curl -SL "https://github.com/kubernetes-sigs/kustomize/releases/download/${TAG}/kustomize_${VERSION_TAG}_${OS}_${ARCH}.tar.gz" > kustomize.tgz && \
+    echo "https://github.com/kubernetes-sigs/kustomize/releases/download/${KUSTOMIZE_VERSION}/kustomize_${VERSION_TAG}_${OS}_${ARCH}.tar.gz" && \
+    curl -SL "https://github.com/kubernetes-sigs/kustomize/releases/download/${KUSTOMIZE_VERSION}/kustomize_${VERSION_TAG}_${OS}_${ARCH}.tar.gz" > kustomize.tgz && \
     tar -xvf kustomize.tgz
 
 FROM golang:1.23.3 AS build