diff --git a/.drone.yml b/.drone.yml
index 706328d..2ae1994 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -9,7 +9,7 @@ platform:
 steps:
 - name: build
   pull: always
-  image: rancher/hardened-build-base:v1.15.14b5
+  image: rancher/hardened-build-base:v1.16.9b7
   commands:
   - make DRONE_TAG=${DRONE_TAG}
   volumes:
@@ -17,10 +17,10 @@ steps:
     path: /var/run/docker.sock
 
 - name: publish
-  image: rancher/hardened-build-base:v1.15.14b5
+  image: rancher/hardened-build-base:v1.16.9b7
   commands:
   - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
-  - make DRONE_TAG=${DRONE_TAG} image-push image-manifest
+  - make DRONE_TAG=${DRONE_TAG} image-push
   environment:
     DOCKER_PASSWORD:
       from_secret: docker_password
@@ -34,7 +34,7 @@ steps:
     - tag
 
 - name: scan
-  image: rancher/hardened-build-base:v1.15.14b5
+  image: rancher/hardened-build-base:v1.16.9b7
   commands:
   - make DRONE_TAG=${DRONE_TAG} image-scan
   volumes:
@@ -46,4 +46,71 @@ volumes:
   host:
     path: /var/run/docker.sock
 
-...
+---
+kind: pipeline
+name: linux-s390x
+
+platform:
+  os: linux
+  arch: amd64
+
+node:
+  arch: s390x
+
+steps:
+- name: build
+  pull: always
+  image: rancher/hardened-build-base:v1.16.9b7
+  failure: ignore
+  commands:
+  - make DRONE_TAG=${DRONE_TAG}
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+
+- name: publish
+  image: rancher/hardened-build-base:v1.16.9b7
+  failure: ignore
+  commands:
+  - docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
+  - make DRONE_TAG=${DRONE_TAG} image-push
+  environment:
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+    DOCKER_USERNAME:
+      from_secret: docker_username
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+  when:
+    event:
+    - tag
+
+volumes:
+- name: docker
+  host:
+    path: /var/run/docker.sock
+
+---
+kind: pipeline
+type: docker
+name: manifest
+platform:
+  os: linux
+  arch: amd64
+steps:
+  - name: push
+    image: plugins/manifest:1.2.3
+    settings:
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+      spec: manifest.tmpl
+      ignore_missing: true
+    when:
+      event:
+      - tag
+depends_on:
+  - linux-amd64
+  - linux-s390x
diff --git a/Dockerfile b/Dockerfile
index 0b7e4b1..c873295 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,8 @@
 ARG UBI_IMAGE=registry.access.redhat.com/ubi7/ubi-minimal:latest
-ARG GO_IMAGE=rancher/hardened-build-base:v1.16.7b7
+ARG GO_IMAGE=rancher/hardened-build-base:v1.16.9b7
 FROM ${UBI_IMAGE} as ubi
 FROM ${GO_IMAGE} as builder
+ARG ARCH="amd64"
 # setup required packages
 RUN set -x \
  && apk --no-cache add \
@@ -17,8 +18,13 @@ RUN set -x \
     mercurial \
     subversion \
     unzip
-ADD https://github.com/google/protobuf/releases/download/v3.17.3/protoc-3.17.3-linux-x86_64.zip .
-RUN unzip protoc-3.17.3-linux-x86_64.zip -d /usr
+RUN if [ "${ARCH}" == "s390x" ]; then \
+        curl -LO https://github.com/google/protobuf/releases/download/v3.17.3/protoc-3.17.3-linux-s390_64.zip; \
+        unzip protoc-3.17.3-linux-s390_64.zip -d /usr; \
+    else \
+        curl -LO https://github.com/google/protobuf/releases/download/v3.17.3/protoc-3.17.3-linux-x86_64.zip; \
+        unzip protoc-3.17.3-linux-x86_64.zip -d /usr; \
+    fi
 # setup containerd build
 ARG SRC="github.com/k3s-io/containerd"
 ARG PKG="github.com/containerd/containerd"
@@ -42,9 +48,11 @@ RUN export GO_LDFLAGS="-linkmode=external \
  && go-build-static.sh ${GO_BUILDFLAGS} -o bin/containerd-shim-runc-v1  ./cmd/containerd-shim-runc-v1 \
  && go-build-static.sh ${GO_BUILDFLAGS} -o bin/containerd-shim-runc-v2  ./cmd/containerd-shim-runc-v2
 RUN go-assert-static.sh bin/*
-RUN go-assert-boring.sh \
-    bin/ctr \
-    bin/containerd
+RUN if [ "${ARCH}" != "s390x" ]; then \
+        go-assert-boring.sh \
+        bin/ctr \
+        bin/containerd; \
+    fi
 RUN install -s bin/* /usr/local/bin
 RUN containerd --version
 
diff --git a/Makefile b/Makefile
index 4e8b138..76a0927 100644
--- a/Makefile
+++ b/Makefile
@@ -25,6 +25,7 @@ image-build:
 		--build-arg PKG=$(PKG) \
 		--build-arg SRC=$(SRC) \
 		--build-arg TAG=$(TAG:$(BUILD_META)=) \
+		--build-arg ARCH=$(ARCH) \
 		--tag $(ORG)/hardened-containerd:$(TAG) \
 		--tag $(ORG)/hardened-containerd:$(TAG)-$(ARCH) \
 	.
diff --git a/manifest.tmpl b/manifest.tmpl
new file mode 100644
index 0000000..f89447e
--- /dev/null
+++ b/manifest.tmpl
@@ -0,0 +1,12 @@
+image: rancher/hardened-containerd:{{build.tag}}
+manifests:
+  -
+    image: rancher/hardened-containerd:{{build.tag}}-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: rancher/hardened-containerd:{{build.tag}}-s390x
+    platform:
+      architecture: s390x
+      os: linux