diff --git a/docker-bake.hcl b/docker-bake.hcl
index 7054cf77..b98e3914 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -31,6 +31,7 @@ target "build-validate" {
   inherits = ["node-version"]
   dockerfile = "./hack/build.Dockerfile"
   target = "build-validate"
+  output = ["type=cacheonly"]
 }
 
 target "format" {
@@ -44,24 +45,26 @@ target "format-validate" {
   inherits = ["node-version"]
   dockerfile = "./hack/build.Dockerfile"
   target = "format-validate"
+  output = ["type=cacheonly"]
 }
 
 target "vendor-update" {
   inherits = ["node-version"]
-  dockerfile = "./hack/vendor.Dockerfile"
-  target = "update"
+  dockerfile = "./hack/build.Dockerfile"
+  target = "vendor-update"
   output = ["."]
 }
 
 target "vendor-validate" {
   inherits = ["node-version"]
-  dockerfile = "./hack/vendor.Dockerfile"
-  target = "validate"
+  dockerfile = "./hack/build.Dockerfile"
+  target = "vendor-validate"
+  output = ["type=cacheonly"]
 }
 
 target "test" {
   inherits = ["node-version"]
-  dockerfile = "./hack/test.Dockerfile"
+  dockerfile = "./hack/build.Dockerfile"
   target = "test-coverage"
   output = ["./coverage"]
 }
diff --git a/hack/build.Dockerfile b/hack/build.Dockerfile
index a0796d71..44107189 100644
--- a/hack/build.Dockerfile
+++ b/hack/build.Dockerfile
@@ -1,5 +1,8 @@
-# syntax=docker/dockerfile:1.2
+# syntax=docker/dockerfile:1.3-labs
+
 ARG NODE_VERSION
+ARG DOCKER_VERSION=20.10.10
+ARG BUILDX_VERSION=0.7.0
 
 FROM node:${NODE_VERSION}-alpine AS base
 RUN apk add --no-cache cpio findutils git
@@ -8,7 +11,22 @@ WORKDIR /src
 FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/node_modules \
-  yarn install
+  yarn install && mkdir /vendor && cp yarn.lock /vendor
+
+FROM scratch AS vendor-update
+COPY --from=deps /vendor /
+
+FROM deps AS vendor-validate
+RUN --mount=type=bind,target=.,rw <<EOT
+set -e
+git add -A
+cp -rf /vendor/* .
+if [ -n "$(git status --porcelain -- yarn.lock)" ]; then
+  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'
+  git status --porcelain -- yarn.lock
+  exit 1
+fi
+EOT
 
 FROM deps AS build
 RUN --mount=type=bind,target=.,rw \
@@ -19,13 +37,16 @@ FROM scratch AS build-update
 COPY --from=build /out /
 
 FROM build AS build-validate
-RUN --mount=type=bind,target=.,rw \
-  git add -A && cp -rf /out/* .; \
-  if [ -n "$(git status --porcelain -- dist)" ]; then \
-    echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'; \
-    git status --porcelain -- dist; \
-    exit 1; \
-  fi
+RUN --mount=type=bind,target=.,rw <<EOT
+set -e
+git add -A
+cp -rf /out/* .
+if [ -n "$(git status --porcelain -- dist)" ]; then
+  echo >&2 'ERROR: Build result differs. Please build first with "docker buildx bake build"'
+  git status --porcelain -- dist
+  exit 1
+fi
+EOT
 
 FROM deps AS format
 RUN --mount=type=bind,target=.,rw \
@@ -39,4 +60,31 @@ COPY --from=format /out /
 FROM deps AS format-validate
 RUN --mount=type=bind,target=.,rw \
   --mount=type=cache,target=/src/node_modules \
-  yarn run format-check \
+  yarn run format-check
+
+FROM docker:${DOCKER_VERSION} as docker
+FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
+
+FROM deps AS test
+RUN apk add --no-cache binutils curl unzip
+ENV GLIBC_VER=2.31-r0
+RUN curl -sL "https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub" -o "/etc/apk/keys/sgerrand.rsa.pub" \
+  && curl -sLO "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk" \
+  && curl -sLO "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk" \
+  && apk add --no-cache \
+    glibc-${GLIBC_VER}.apk \
+    glibc-bin-${GLIBC_VER}.apk \
+  && curl -sL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
+  && unzip -qq "awscliv2.zip" \
+  && ./aws/install \
+  && aws --version
+ENV RUNNER_TEMP=/tmp/github_runner
+ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
+RUN --mount=type=bind,target=.,rw \
+  --mount=type=cache,target=/src/node_modules \
+  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
+  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
+  yarn run test --coverageDirectory=/tmp/coverage
+
+FROM scratch AS test-coverage
+COPY --from=test /tmp/coverage /
diff --git a/hack/test.Dockerfile b/hack/test.Dockerfile
deleted file mode 100644
index 6945beec..00000000
--- a/hack/test.Dockerfile
+++ /dev/null
@@ -1,39 +0,0 @@
-# syntax=docker/dockerfile:1.2
-ARG NODE_VERSION
-ARG DOCKER_VERSION=20.10.7
-ARG BUILDX_VERSION=0.6.0
-
-FROM docker:${DOCKER_VERSION} as docker
-FROM docker/buildx-bin:${BUILDX_VERSION} as buildx
-
-FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache binutils curl git unzip
-ENV GLIBC_VER=2.31-r0
-RUN curl -sL "https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub" -o "/etc/apk/keys/sgerrand.rsa.pub" \
-  && curl -sLO "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk" \
-  && curl -sLO "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk" \
-  && apk add --no-cache \
-    glibc-${GLIBC_VER}.apk \
-    glibc-bin-${GLIBC_VER}.apk \
-  && curl -sL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
-  && unzip -qq "awscliv2.zip" \
-  && ./aws/install \
-  && aws --version
-WORKDIR /src
-
-FROM base AS deps
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn install
-
-FROM deps AS test
-ENV RUNNER_TEMP=/tmp/github_runner
-ENV RUNNER_TOOL_CACHE=/tmp/github_tool_cache
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  --mount=type=bind,from=docker,source=/usr/local/bin/docker,target=/usr/bin/docker \
-  --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \
-  yarn run test --coverageDirectory=/tmp/coverage
-
-FROM scratch AS test-coverage
-COPY --from=test /tmp/coverage /
diff --git a/hack/vendor.Dockerfile b/hack/vendor.Dockerfile
deleted file mode 100644
index dd7906bc..00000000
--- a/hack/vendor.Dockerfile
+++ /dev/null
@@ -1,23 +0,0 @@
-# syntax=docker/dockerfile:1.2
-ARG NODE_VERSION
-
-FROM node:${NODE_VERSION}-alpine AS base
-RUN apk add --no-cache git
-WORKDIR /src
-
-FROM base AS vendored
-RUN --mount=type=bind,target=.,rw \
-  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /out && cp yarn.lock /out
-
-FROM scratch AS update
-COPY --from=vendored /out /
-
-FROM vendored AS validate
-RUN --mount=type=bind,target=.,rw \
-  git add -A && cp -rf /out/* .; \
-  if [ -n "$(git status --porcelain -- yarn.lock)" ]; then \
-    echo >&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"'; \
-    git status --porcelain -- yarn.lock; \
-    exit 1; \
-  fi