diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 0e046cc31a..3acd44b646 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,8 +1,5 @@
 name: "Run build"
 on:
-  pull_request:
-    # Run when the PR is opened, reopened, or updated (synchronize)
-    types: [opened, ready_for_review, reopened, synchronize]
   workflow_dispatch:
     inputs:
       image_formats:
@@ -31,17 +28,11 @@ on:
         description: |
           Custom SDK container version to use for this build.
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} 
-  cancel-in-progress: true
-
 permissions:
   pull-requests: write
 
 jobs:
   packages:
-    # Do not run when still in draft mode but a review was requested anyway
-    if: github.event.pull_request.draft == false
     name: "Build Flatcar packages"
     runs-on:
       - self-hosted
@@ -126,7 +117,7 @@ jobs:
 
           version="alpha-$FLATCAR_VERSION_ID"
           check_version_string "$version"
-          sdk_version="${CUSTOM_SDK_VERSION:-FLATCAR_SDK_VERSION}"
+          sdk_version="${CUSTOM_SDK_VERSION:-$FLATCAR_SDK_VERSION}"
 
           sdk_name="flatcar-sdk-${arch}"
           docker_sdk_vernum="$(vernum_to_docker_image_version "${sdk_version}")"
diff --git a/.github/workflows/pr-comment-build-dispatcher.yaml b/.github/workflows/pr-comment-build-dispatcher.yaml
index e6ca1dac1d..536397c50e 100644
--- a/.github/workflows/pr-comment-build-dispatcher.yaml
+++ b/.github/workflows/pr-comment-build-dispatcher.yaml
@@ -1,23 +1,22 @@
-name: "Dispatch SDK container rebuilds, OS image builds, and OS image tests from PR comments"
+name: "PR command build dispatcher"
 on:
   issue_comment:
     types: [created]
-  pull_request:
-    # This is temporary for testing the workflow.
-    #  Comment events are only processed for workflows in the main branch
-    types: [opened, reopened, synchronize]
 
 permissions:
   pull-requests: write
 
-jobs:
+concurrency:
+  group: ${{ github.workflow }}-pr-command-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
 
+jobs:
   check_maintainer_membership:
     # Only run if this is a PR comment that contains a valid command
-#    if: |
-#      ${{ github.event.issue.pull_request }} &&
-#        (    contains(github.event.comment.body, '/build-sdk')
-#          || contains(github.event.comment.body, '/build-image') )
+    if: |
+      ${{ github.event.issue.pull_request }} &&
+        (    contains(github.event.comment.body, '/build-sdk')
+          || contains(github.event.comment.body, '/build-image') )
     name: Check if commenter is in the Flatcar maintainers team
     outputs:
       maintainers: steps.step1.output.maintainers
@@ -26,8 +25,7 @@ jobs:
     steps:
       - name: Fetch members of the maintainers team
         env:
-#          - requester: ${{ github.event.comment.user.login }}
-          requester: "t-lo"
+          requester: ${{ github.event.comment.user.login }}
         shell: bash
         run: |
           curl -L --silent \
@@ -51,7 +49,22 @@ jobs:
 
           $res
 
-#    name: "Build the OS image"
-#    uses: ./.github/workflows/ci.yaml
-#    with:
-#      custom_sdk_version: ${{ github.event.inputs.custom_sdk_version }}
+  build_sdk:
+    needs: check_maintainer_membership
+    if: ( always() && needs.check_maintainer_membership.result == 'success'
+                   && contains(github.event.comment.body, '/build-sdk') )
+    name: "Build the SDK container"
+    # SDK build needs access to bincache ssh secret
+    secrets: inherit
+    uses: ./.github/workflows/update-sdk.yaml
+
+  build_image:
+    needs: [ check_maintainer_membership, build_sdk ]
+    if: ( always() && needs.check_maintainer_membership.result == 'success'
+                   && (    contains(github.event.comment.body, '/build-image')
+                        || needs.build_sdk.result == 'success' ) )
+    name: "Build the OS image"
+    uses: ./.github/workflows/ci.yaml
+    with:
+      custom_sdk_version: ${{ needs.update_sdk.outputs.sdk_version }}
+      image_formats: qemu_uefi
diff --git a/.github/workflows/update-sdk.yaml b/.github/workflows/update-sdk.yaml
index f84a57f6ee..57489e1877 100644
--- a/.github/workflows/update-sdk.yaml
+++ b/.github/workflows/update-sdk.yaml
@@ -1,4 +1,4 @@
-name: "Build an updated SDK container and store it on bincache"
+name: "Build updated SDK container"
 on:
   workflow_dispatch:
     inputs:
@@ -11,7 +11,7 @@ on:
         type: string
         required: false
         description: |
-          Custom SDK container version to build. Defaults to source SDK version w/ patch version bumped +1.
+          Custom SDK container version to build. Defaults to source SDK w/ "-github-[DATE]" appended.
 
   workflow_call:
     inputs:
@@ -24,11 +24,8 @@ on:
         type: string
         required: false
         description: |
-          Custom SDK container version to build. Defaults to source SDK w/ "-github-[DATE]" appended.
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} 
-  cancel-in-progress: true
+          Custom SDK container version to build. Defaults to source SDK w/ "-github-[DATE]" appended, or
+          '-github-pr-[PRNUM]-[DATE]' if the build was triggered from a PR.
 
 permissions:
   pull-requests: write
@@ -43,6 +40,8 @@ jobs:
       - x64
     strategy:
       fail-fast: false
+    outputs:
+      sdk_version: ${{ steps.step4.outputs.sdk_version }}
     defaults:
       run:
         working-directory: scripts
@@ -54,7 +53,7 @@ jobs:
         run: |
           sudo rm /bin/sh
           sudo ln -s /bin/bash /bin/sh
-          sudo apt-get install -y ca-certificates curl gnupg lsb-release qemu-user-static git
+          sudo apt-get install -y ca-certificates curl gnupg lsb-release qemu-user-static git jq openssh-client rsync
           sudo mkdir -p /etc/apt/keyrings
           curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
           echo \
@@ -88,15 +87,15 @@ jobs:
           source ci-automation/ci_automation_common.sh
           source sdk_container/.repo/manifests/version.txt
 
-          check_version_string "$version"
-          sdk_version="${SOURCE_SDK_VERSION:-FLATCAR_SDK_VERSION}"
+          version="alpha-$FLATCAR_VERSION_ID"
+          sdk_version="${SOURCE_SDK_VERSION:-$FLATCAR_SDK_VERSION}"
 
-          sdk_name="flatcar-sdk-amd64"
+          sdk_name="flatcar-sdk-all"
           docker_sdk_vernum="$(vernum_to_docker_image_version "${sdk_version}")"
-          docker_image_from_registry_or_buildcache "${sdk_name}" "${docker_sdk_vernum}"
-          sdk_image="$(docker_image_fullname "${sdk_name}" "${docker_sdk_vernum}")"
 
-          echo "container_name=${container_name}" >> "$GITHUB_ENV"
+          docker_image_from_registry_or_buildcache "${sdk_name}" "${docker_sdk_vernum}"
+
+          sdk_image="$(docker_image_fullname "${sdk_name}" "${docker_sdk_vernum}")"
 
           # Create version file
           (
@@ -104,42 +103,43 @@ jobs:
             create_versionfile "$sdk_version" "$version"
           )
 
-          target_version="github-$(date '+%Y_%m_%d__%H_%M_%S')"
-          target_version="${CUSTOM_SDK_VERSION:-target_version}"
+          if [ -z "${CUSTOM_SDK_VERSION:-}" ] ; then
+              if [ -n "${{ github.event.issue.pull_request }}" ] ; then
+                target_version="${sdk_version}-github-PR-${{ github.event.issue.number }}-$(date '+%Y_%m_%d__%H_%M_%S')"
+              else
+                target_version="${sdk_version}-github-$(date '+%Y_%m_%d__%H_%M_%S')"
+              fi
+          else
+              target_version="${CUSTOM_SDK_VERSION}"
+          fi
 
-          # This updates sdk_container/.repo/manifests/version.txt with the new SDK version.
+          echo "sdk_version=${target_version}" >> "$GITHUB_OUTPUT"
+
+          # This also updates sdk_container/.repo/manifests/version.txt with the new SDK version.
           ./update_sdk_container_image "${target_version}"
 
       - name: Upload the SDK container and binary packages to bincache
-        with:
-          bincache_ssh: ${{ secrets.bincacheSSH }}
         shell: bash
         run: |
           set -euo pipefail
 
+          source ci-automation/ci_automation_common.sh
+
           mkdir -p ~/.ssh
           trap 'rm -f ~/.ssh/bincache' EXIT
-          echo "${{ github.event.inputs.bincacheSSH }}" > ~/.ssh/bincache
+          echo "${{ secrets.BINCACHESSH }}" > ~/.ssh/bincache
           chmod 600 ~/.ssh/bincache
+
           echo "Host ${BUILDCACHE_SERVER}" >> ~/.ssh/config
           echo "    User ${BUILDCACHE_USER}" >> ~/.ssh/config
           echo "    IdentityFile ~/.ssh/bincache" >> ~/.ssh/config
 
-          source ci-automation/ci_automation_common.sh
           source sdk_container/.repo/manifests/version.txt
-          local vernum="${FLATCAR_SDK_VERSION}"
-
-          local docker_vernum="$(vernum_to_docker_image_version "${vernum}")"
+          vernum="${FLATCAR_SDK_VERSION}"
+          docker_vernum="$(vernum_to_docker_image_version "${vernum}")"
 
           docker_image_to_buildcache "${CONTAINER_REGISTRY}/flatcar-sdk-all" "${docker_vernum}"
           docker_image_to_buildcache "${CONTAINER_REGISTRY}/flatcar-sdk-amd64" "${docker_vernum}"
           docker_image_to_buildcache "${CONTAINER_REGISTRY}/flatcar-sdk-arm64" "${docker_vernum}"
 
           rm -f ~/.ssh/bincache
-
-  build_image:
-    needs: update_sdk
-    name: "Build the OS image"
-    uses: ./.github/workflows/ci.yaml
-    with:
-      custom_sdk_version: ${{ github.event.inputs.custom_sdk_version }}
diff --git a/update_sdk_container_image b/update_sdk_container_image
index 79dedd6f60..b11f383f57 100755
--- a/update_sdk_container_image
+++ b/update_sdk_container_image
@@ -14,6 +14,7 @@ source sdk_lib/sdk_container_common.sh
 
 os_version="$(get_version_from_versionfile)"
 base_sdk_version="$(get_sdk_version_from_versionfile)"
+base_sdk_version="$(vernum_to_docker_image_version "${base_sdk_version}")"
 new_sdk_version=""
 
 keep="false"