diff --git a/.github/workflows/buildx.yml b/.github/workflows/buildx.yml
index e5b14b9..e90059a 100644
--- a/.github/workflows/buildx.yml
+++ b/.github/workflows/buildx.yml
@@ -28,15 +28,12 @@ jobs:
           - path: 1.18
             tags: "1.18"
             platforms: linux/amd64,linux/arm64,linux/386
-          - path: 1.18-3.13
-            tags: "1.18-3.13"
+          - path: 1.18-nofaccessat2
+            tags: "1.18-nofaccessat2"
             platforms: linux/amd64,linux/arm64,linux/386
           - path: 1.19
             tags: "1.19"
             platforms: linux/amd64,linux/arm64,linux/386
-          - path: 1.19-3.13
-            tags: "1.19-3.13"
-            platforms: linux/amd64,linux/arm64,linux/386
           - path: 1.19-nofaccessat2
             tags: "1.19-nofaccessat2"
             platforms: linux/amd64,linux/arm64,linux/386
diff --git a/.gitignore b/.gitignore
index a918fcc..cb0e4b2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .DS_Store
 temp
+.vscode
diff --git a/.vscode/settings.json b/.vscode/settings.json
deleted file mode 100644
index 58e55f5..0000000
--- a/.vscode/settings.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "yaml.schemas": {
-    "https://json.schemastore.org/github-workflow.json": "./.github/workflows/hadolint.yml"
-  }
-}
diff --git a/1.18-3.13/Dockerfile b/1.18-3.13/Dockerfile
deleted file mode 100644
index 7991d2b..0000000
--- a/1.18-3.13/Dockerfile
+++ /dev/null
@@ -1,104 +0,0 @@
-FROM alpine:3.13
-
-ENV PATH /usr/local/go/bin:$PATH
-
-RUN set -eux; \
-	apk add --no-cache ca-certificates jq curl; \
-	([ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf); \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
-	arch="$(apk --print-arch)"; \
-	export GOVERSION="$(curl -fsSL 'https://go.dev/dl/?mode=json&include=1.18' | jq -r '.[0].version')"; \
-	case "$arch" in \
-		'x86_64') \
-			export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
-			;; \
-		'armhf') \
-			export GOARCH='arm' GOARM='6' GOOS='linux'; \
-			;; \
-		'armv7') \
-			export GOARCH='arm' GOARM='7' GOOS='linux'; \
-			;; \
-		'aarch64') \
-			export GOARCH='arm64' GOOS='linux'; \
-			;; \
-		'x86') \
-			export GOARCH='386' GOOS='linux' CGO_CFLAGS="-fno-stack-protector"; \
-			;; \
-		'ppc64le') \
-			export GOARCH='ppc64le' GOOS='linux'; \
-			;; \
-		's390x') \
-			export GOARCH='s390x' GOOS='linux'; \
-			;; \
-		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
-	esac; \
-# https://github.com/golang/go/issues/38536#issuecomment-616897960
-	url="https://dl.google.com/go/$GOVERSION.src.tar.gz"; \
-# the precompiled binaries published by Go upstream are not compatible with Alpine, so we always build from source here 😅
-	\
-	wget -O go.tgz.asc "$url.asc"; \
-	wget -O go.tgz "$url"; \
-	\
-# https://github.com/golang/go/issues/14739#issuecomment-324767697
-	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
-# https://www.google.com/linuxrepositories/
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796'; \
-# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998  D857 78BD 6547 3CB3 BD13'; \
-	gpg --batch --verify go.tgz.asc go.tgz; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME" go.tgz.asc; \
-	\
-	tar -C /usr/local -xzf go.tgz; \
-	rm go.tgz; \
-	\
-	apk add --no-cache --virtual .build-deps \
-		bash \
-		gcc \
-		go \
-		musl-dev \
-	; \
-	\
-	export GOCACHE='/tmp/gocache'; \
-	\
-	( \
-		cd /usr/local/go/src; \
-# set GOROOT_BOOTSTRAP + GOHOST* such that we can build Go successfully
-		export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; \
-		./make.bash; \
-	); \
-	\
-	apk del --no-network .build-deps; \
-	\
-# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain
-	rm -rf \
-		/usr/local/go/pkg/*/cmd \
-		/usr/local/go/pkg/bootstrap \
-		/usr/local/go/pkg/obj \
-		/usr/local/go/pkg/tool/*/api \
-		/usr/local/go/pkg/tool/*/go_bootstrap \
-		/usr/local/go/src/cmd/dist/dist \
-		"$GOCACHE" \
-	; \
-	\
-	apk del --no-network .fetch-deps; \
-	\
-	go version
-
-ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
-RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
-WORKDIR $GOPATH
-
-RUN set -eux; \
-    apk add --no-cache bash make git gcc libc-dev dumb-init && \
-    go install github.com/go-delve/delve/cmd/dlv@latest && \
-	go install github.com/cosmtrek/air@latest && \
-	go install github.com/jstemmer/go-junit-report@latest && \
-	go install github.com/axw/gocov/gocov@latest && \
-    chmod -R 777 "$GOPATH" && \
-    curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \
-    mv ./merge-junit-v0.1.4-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \
-    rm -rf /merge-junit-v0.1.4-x86_64-unknown-linux-musl
-WORKDIR /
-ENTRYPOINT ["/usr/bin/dumb-init", "--"]
diff --git a/1.18-nofaccessat2/Dockerfile b/1.18-nofaccessat2/Dockerfile
new file mode 100644
index 0000000..a4147d7
--- /dev/null
+++ b/1.18-nofaccessat2/Dockerfile
@@ -0,0 +1,31 @@
+FROM golang:1.18-alpine
+COPY disable_faccessat2.patch /tmp/disable_faccessat2.patch
+RUN set -eux; \
+    apk add --no-cache --virtual .build-deps gcc make patch git alpine-sdk coreutils cmake sudo && \
+    mkdir -p /var/cache/distfiles && \
+    chmod a+w /var/cache/distfiles && \
+    git clone --depth 1 --branch "v$(cat /etc/alpine-release)" git://git.alpinelinux.org/aports /tmp/aports && \
+    cd /tmp/aports/main/musl && \
+    mv /tmp/disable_faccessat2.patch /tmp/aports/main/musl/ && \
+    sed -i -E 's/\thandle-aux-at_base.patch/\thandle-aux-at_base.patch\n\tdisable_faccessat2.patch/' APKBUILD && \
+    adduser -G abuild -g "Alpine Package Builder" -s /bin/ash -D builder && \
+    echo "builder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
+    chown -R builder:abuild /tmp/aports && \
+    sudo -u builder sh -c 'abuild checksum && abuild-keygen -an && abuild -r' && \
+    find /home/builder -type f -name '*.apk' -exec apk add --allow-untrusted --no-cache {} \;; \
+    sudo -u builder sh -c 'abuild clean && abuild cleancache' && \
+    apk del --no-network .build-deps && \
+    deluser builder && \
+    rm -rf /home/builder /var/cache/distfiles /tmp/aports
+RUN set -eux; \
+    apk add --no-cache bash make git gcc libc-dev jq curl dumb-init && \
+    go install github.com/go-delve/delve/cmd/dlv@latest && \
+	go install github.com/cosmtrek/air@latest && \
+	go install github.com/jstemmer/go-junit-report@latest && \
+	go install github.com/axw/gocov/gocov@latest && \
+    chmod -R 777 "$GOPATH" && \
+    curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \
+    mv ./merge-junit-v0.1.4-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \
+    rm -rf /merge-junit-v0.1.4-x86_64-unknown-linux-musl
+WORKDIR /
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
diff --git a/1.18-nofaccessat2/disable_faccessat2.patch b/1.18-nofaccessat2/disable_faccessat2.patch
new file mode 100644
index 0000000..348fb7e
--- /dev/null
+++ b/1.18-nofaccessat2/disable_faccessat2.patch
@@ -0,0 +1,23 @@
+--- v1.2.3/src/unistd/faccessat.c	2022-04-07 20:12:40.000000000 +0300
++++ v1.2.1/src/unistd/faccessat.c	2020-08-04 07:21:09.000000000 +0300
+@@ -25,17 +25,12 @@
+ 
+ int faccessat(int fd, const char *filename, int amode, int flag)
+ {
+-	if (flag) {
+-		int ret = __syscall(SYS_faccessat2, fd, filename, amode, flag);
+-		if (ret != -ENOSYS) return __syscall_ret(ret);
+-	}
++	if (!flag || (flag==AT_EACCESS && getuid()==geteuid() && getgid()==getegid()))
++		return syscall(SYS_faccessat, fd, filename, amode, flag);
+ 
+-	if (flag & ~AT_EACCESS)
++	if (flag != AT_EACCESS)
+ 		return __syscall_ret(-EINVAL);
+ 
+-	if (!flag || (getuid()==geteuid() && getgid()==getegid()))
+-		return syscall(SYS_faccessat, fd, filename, amode);
+-
+ 	char stack[1024];
+ 	sigset_t set;
+ 	pid_t pid;
diff --git a/1.18-nofaccessat2/faccessat2-test.c b/1.18-nofaccessat2/faccessat2-test.c
new file mode 100644
index 0000000..71f9e9e
--- /dev/null
+++ b/1.18-nofaccessat2/faccessat2-test.c
@@ -0,0 +1,10 @@
+#include <unistd.h>
+#include <fcntl.h>
+
+int main() {
+    // TODO: Use this code to test resulting images.
+    // Should not call faccessat2 under the hood.
+	faccessat(0, "/",  R_OK, AT_EACCESS);
+
+	return 0;
+}
\ No newline at end of file
diff --git a/1.19-3.13/Dockerfile b/1.19-3.13/Dockerfile
deleted file mode 100644
index 9fca727..0000000
--- a/1.19-3.13/Dockerfile
+++ /dev/null
@@ -1,104 +0,0 @@
-FROM alpine:3.13
-
-ENV PATH /usr/local/go/bin:$PATH
-
-RUN set -eux; \
-	apk add --no-cache ca-certificates jq curl; \
-	([ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf); \
-	apk add --no-cache --virtual .fetch-deps gnupg; \
-	arch="$(apk --print-arch)"; \
-	export GOVERSION="$(curl -fsSL 'https://go.dev/dl/?mode=json&include=1.19' | jq -r '.[0].version')"; \
-	case "$arch" in \
-		'x86_64') \
-			export GOAMD64='v1' GOARCH='amd64' GOOS='linux'; \
-			;; \
-		'armhf') \
-			export GOARCH='arm' GOARM='6' GOOS='linux'; \
-			;; \
-		'armv7') \
-			export GOARCH='arm' GOARM='7' GOOS='linux'; \
-			;; \
-		'aarch64') \
-			export GOARCH='arm64' GOOS='linux'; \
-			;; \
-		'x86') \
-			export GOARCH='386' GOOS='linux' CGO_CFLAGS="-fno-stack-protector"; \
-			;; \
-		'ppc64le') \
-			export GOARCH='ppc64le' GOOS='linux'; \
-			;; \
-		's390x') \
-			export GOARCH='s390x' GOOS='linux'; \
-			;; \
-		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
-	esac; \
-# https://github.com/golang/go/issues/38536#issuecomment-616897960
-	url="https://dl.google.com/go/$GOVERSION.src.tar.gz"; \
-# the precompiled binaries published by Go upstream are not compatible with Alpine, so we always build from source here 😅
-	\
-	wget -O go.tgz.asc "$url.asc"; \
-	wget -O go.tgz "$url"; \
-	\
-# https://github.com/golang/go/issues/14739#issuecomment-324767697
-	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
-# https://www.google.com/linuxrepositories/
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796'; \
-# let's also fetch the specific subkey of that key explicitly that we expect "go.tgz.asc" to be signed by, just to make sure we definitely have it
-	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys '2F52 8D36 D67B 69ED F998  D857 78BD 6547 3CB3 BD13'; \
-	gpg --batch --verify go.tgz.asc go.tgz; \
-	gpgconf --kill all; \
-	rm -rf "$GNUPGHOME" go.tgz.asc; \
-	\
-	tar -C /usr/local -xzf go.tgz; \
-	rm go.tgz; \
-	\
-	apk add --no-cache --virtual .build-deps \
-		bash \
-		gcc \
-		go \
-		musl-dev \
-	; \
-	\
-	export GOCACHE='/tmp/gocache'; \
-	\
-	( \
-		cd /usr/local/go/src; \
-# set GOROOT_BOOTSTRAP + GOHOST* such that we can build Go successfully
-		export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; \
-		./make.bash; \
-	); \
-	\
-	apk del --no-network .build-deps; \
-	\
-# remove a few intermediate / bootstrapping files the official binary release tarballs do not contain
-	rm -rf \
-		/usr/local/go/pkg/*/cmd \
-		/usr/local/go/pkg/bootstrap \
-		/usr/local/go/pkg/obj \
-		/usr/local/go/pkg/tool/*/api \
-		/usr/local/go/pkg/tool/*/go_bootstrap \
-		/usr/local/go/src/cmd/dist/dist \
-		"$GOCACHE" \
-	; \
-	\
-	apk del --no-network .fetch-deps; \
-	\
-	go version
-
-ENV GOPATH /go
-ENV PATH $GOPATH/bin:$PATH
-RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
-WORKDIR $GOPATH
-
-RUN set -eux; \
-    apk add --no-cache bash make git gcc libc-dev dumb-init && \
-    go install github.com/go-delve/delve/cmd/dlv@latest && \
-	go install github.com/cosmtrek/air@latest && \
-	go install github.com/jstemmer/go-junit-report@latest && \
-	go install github.com/axw/gocov/gocov@latest && \
-    chmod -R 777 "$GOPATH" && \
-    curl -L https://github.com/tobni/merge-junit/releases/download/v0.1.4/merge-junit-v0.1.4-x86_64-unknown-linux-musl.tar.gz | tar -xz && \
-    mv ./merge-junit-v0.1.4-x86_64-unknown-linux-musl/merge-junit /usr/bin/merge-junit && \
-    rm -rf /merge-junit-v0.1.4-x86_64-unknown-linux-musl
-WORKDIR /
-ENTRYPOINT ["/usr/bin/dumb-init", "--"]
diff --git a/README.md b/README.md
index 554abc3..a3a1b05 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,8 @@ A minimal Dockerfile based on Go 1.16, 1.17, 1.18 and alpine with dumb-init and
 
 ## What's included
 
-- Go 1.16 / 1.17 / 1.18
+- Go 1.16 / 1.17 / 1.18 / 1.19
+- images with patched musl to disable `faccessat2` syscall (workaround for CI systems with docker & seccomp filter bug, [see this](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
 - bash
 - make
 - git
@@ -19,6 +20,7 @@ A minimal Dockerfile based on Go 1.16, 1.17, 1.18 and alpine with dumb-init and
 - air
 - delve
 - gocov
+- merge-junit
 - go-junit-report
 - dumb-init