diff --git a/distroless-build/Makefile b/distroless-build/Makefile
index dfb9ff833..bf3bab540 100644
--- a/distroless-build/Makefile
+++ b/distroless-build/Makefile
@@ -32,7 +32,7 @@ MELANGE_DETACHED ?= docker run -d -w /work --rm --privileged -v "${PWD}":/work d
 APKO ?= docker run --rm -w /work -v "${PWD}":/work ko.local:ca10c03b79422ee648991e16865b62fd26bac97ed4238e7890d5097896af1840
 KEY ?= melange.rsa
 REPO ?= packages
-TEMPLATE ?= melange/nginx-templates.json
+TEMPLATE ?= melange/nginx-template.yaml
 MELANGE_OPTS ?= -k ${KEY}.pub --signing-key ${KEY} --arch ${ARCHS}
 MELANGE_INGRESS_OPT ?= -k ${KEY}.pub --signing-key ${KEY} --arch ${ARCHS} --empty-workspace
 APKO_OPTS ?= -k ${KEY}.pub --debug --sbom=false --build-arch ${ARCHS} ${APKO_DIR}/${FILE}.yaml
@@ -41,7 +41,7 @@ REPO ?= $(shell pwd)/packages
 ARCHS ?="amd64,arm64,arm/v6,arm/v7,s390x"
 
 define build-package
-	docker run $(2) --rm --privileged -v "${PWD}":/work distroless.dev/melange:latest build ${MELANGE_DIR}/$(1).yaml ${MELANGE_OPTS} --empty-workspace --template '$(shell cat ${TEMPLATE})'
+	docker run $(2) --rm --privileged -v "${PWD}":/work distroless.dev/melange:latest build ${MELANGE_DIR}/$(1).yaml ${MELANGE_OPTS} --empty-workspace --env-file ${TEMPLATE}
 endef
 
 keygen: ## Generate Key pair for use with signing apks
@@ -49,7 +49,7 @@ keygen: ## Generate Key pair for use with signing apks
 
 .PHONY:	melange
 melange: ## Build melange $FILE
-	${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_OPTS} --template '$(shell cat ${TEMPLATE})'
+	${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_OPTS} --env-file ${TEMPLATE}
 
 ingress-build:
 	${MELANGE} build ${MELANGE_DIR}/${FILE}.yaml ${MELANGE_INGRESS_OPT} --template '$(shell cat ${TEMPLATE})'
diff --git a/distroless-build/melange/nginx-template.yaml b/distroless-build/melange/nginx-template.yaml
new file mode 100644
index 000000000..1fae01e82
--- /dev/null
+++ b/distroless-build/melange/nginx-template.yaml
@@ -0,0 +1,86 @@
+INGRESS_NGINX_VERSION: debug
+PKG: k8s.io/ingress-nginx
+TAG: debug
+COMMIT_SHA: 136e45be6
+REPO_INFO: git@github.com:kubernetes/ingress-nginx.git
+NGINX_VERSION: 1.19.10
+NGINX_SHA: e8d0290ff561986ad7cd6c33307e12e11b137186c4403a6a5ccdb4914c082d88
+NDK_VERSION: 0.3.1
+NDK_VERSION_SHA:
+  Name: NDK_VERSION_SHA
+  Item: 0e971105e210d272a497567fa2e2c256f4e39b845a5ba80d373e26ba1abfbd85
+SETMISC_VERSION: '0.32'
+SETMISC_VERSION_SHA: f1ad2459c4ee6a61771aa84f77871f4bfe42943a4aa4c30c62ba3f981f52c201
+MORE_HEADERS_VERSION: '0.33'
+MORE_HEADERS_VERSION_SHA: a3dcbab117a9c103bc1ea5200fc00a7b7d2af97ff7fd525f16f8ac2632e30fbf
+NGINX_DIGEST_AUTH: 1.0.0
+NGINX_DIGEST_AUTH_SHA: f09851e6309560a8ff3e901548405066c83f1f6ff88aa7171e0763bd9514762b
+NGINX_SUBSTITUTIONS: b8a71eacc7f986ba091282ab8b1bbbc6ae1807e0
+NGINX_SUBSTITUTIONS_SHA: a98b48947359166326d58700ccdc27256d2648218072da138ab6b47de47fbd8f
+NGINX_OPENTRACING_VERSION: 0.19.0
+NGINX_OPENTRACING_VERSION_SHA: 6f97776ebdf019b105a755c7736b70bdbd7e575c7f0d39db5fe127873c7abf17
+OPENTRACING_CPP_VERSION: f86b33f3d9e7322b1298ba62d5ffa7a9519c4c41
+OPENTRACING_CPP_VERSION_SHA: cbe625cba85291712253db5bc3870d60c709acfad9a8af5a302673d3d201e3ea
+ZIPKIN_CPP_VERSION: f69593138ff84ca2f6bc115992e18ca3d35f344a
+ZIPKIN_CPP_VERSION_SHA: 71de3d0658935db7ccea20e006b35e58ddc7e4c18878b9523f2addc2371e9270
+YAML_CPP_VERSION:
+    Name: yaml-cpp-0.7.0
+    Item: yaml-cpp-0.7.0
+YAML_CPP_VERSION_SHA:
+  Name: YAML_CPP_VERSION_SHA
+  Item: 43e6a9fcb146ad871515f0d0873947e5d497a1c9c60c58cb102a97b47208b7c3
+JAEGER_VERSION: 0.7.0
+JAEGER_VERSION_SHA: 3a3a03060bf5e3fef52c9a2de02e6035cb557f389453d8f3b0c1d3d570636994
+MSGPACK_VERSION: 3.3.0
+MSGPACK_VERSION_SHA: 754c3ace499a63e45b77ef4bcab4ee602c2c414f58403bce826b76ffc2f77d0b
+DATADOG_CPP_VERSION: 1.3.2
+DATADOG_CPP_VERSION_SHA: 586f92166018cc27080d34e17c59d68219b85af745edf3cc9fe41403fc9b4ac6
+MODSECURITY_NGINX_VERSION: 1.0.2
+MODSECURITY_NGINX_VERSION_SHA: f8d3ff15520df736c5e20e91d5852ec27e0874566c2afce7dcb979e2298d6980
+MODSECURITY_LIB_VERSION: v3.0.5
+MODSECURITY_LIB_VERSION_SHA: 9498cf687f03dcd68313be2ce5dea7936c3f02e460e74d1075f4beb272473b6e
+OWASP_MODSECURITY_CRS_VERSION: v3.3.2
+LUA_NGX_VERSION: b721656a9127255003b696b42ccc871c7ec18d59
+LUA_NGX_VERSION_SHA: '085a9fb2bf9c4466977595a5fe5156d76f3a2d9a2a81be3cacaff2021773393e'
+LUA_STREAM_NGX_VERSION: 74f8c8bca5b95cecbf42d4e1a465bc08cd075a9b
+LUA_STREAM_NGX_VERSION_SHA: ba38c9f8e4265836ba7f2ac559ddf140693ff2f5ae33ab1e384f51f3992151ab
+LUA_UPSTREAM_VERSION: 8aa93ead98ba2060d4efd594ae33a35d153589bf
+LUA_UPSTREAM_VERSION_SHA: a92c9ee6682567605ece55d4eed5d1d54446ba6fba748cff0a2482aea5713d5f
+LUA_CJSON_VERSION: 4b350c531de3d71008c77ae94e59275b8371b4dc
+LUA_CJSON_VERSION_SHA: 8d602af2669fb386931760916a39f6c9034f2363c4965f215042c086b8215238
+NGINX_INFLUXDB_VERSION: 5b09391cb7b9a889687c0aa67964c06a2d933e8b
+NGINX_INFLUXDB_VERSION_SHA: 1af5a5632dc8b00ae103d51b7bf225de3a7f0df82f5c6a401996c080106e600e
+GEOIP2_VERSION: a26c6beed77e81553686852dceb6c7fdacc5970d
+GEOIP2_VERSION_SHA: 4c1933434572226942c65b2f2b26c8a536ab76aa771a3c7f6c2629faa764976b
+NGINX_AJP_VERSION: a964a0bcc6a9f2bfb82a13752d7794a36319ffac
+NGINX_AJP_VERSION_SHA: 94d1512bf0e5e6ffa4eca0489db1279d51f45386fffcb8a1d2d9f7fe93518465
+LUAJIT_VERSION: 2.1-20210510
+LUAJIT_VERSION_SHA: 1ee6dad809a5bb22efb45e6dac767f7ce544ad652d353a93d7f26b605f69fe3f
+LUA_RESTY_BALANCER_VERSION: '0.04'
+LUA_RESTY_BALANCER_VERSION_SHA: 16d72ed133f0c6df376a327386c3ef4e9406cf51003a700737c3805770ade7c5
+LUA_RESTY_CACHE: '0.11'
+LUA_RESTY_CACHE_SHA: e810ed124fe788b8e4aac2c8960dda1b9a6f8d0ca94ce162f28d3f4d877df8af
+LUA_RESTY_CORE: 0.1.22
+LUA_RESTY_CORE_SHA: 4d971f711fad48c097070457c128ca36053835d8a3ba25a937e9991547d55d4d
+LUA_RESTY_COOKIE_VERSION: 303e32e512defced053a6484bc0745cf9dc0d39e
+LUA_RESTY_COOKIE_VERSION_SHA: 5ed48c36231e2622b001308622d46a0077525ac2f751e8cc0c9905914254baa4
+LUA_RESTY_DNS: '0.22'
+LUA_RESTY_DNS_SHA: 70e9a01eb32ccade0d5116a25bcffde0445b94ad35035ce06b94ccd260ad1bf0
+LUA_RESTY_HTTP_VERSION: 0ce55d6d15da140ecc5966fa848204c6fd9074e8
+LUA_RESTY_HTTP_VERSION_SHA: 9fcb6db95bc37b6fce77d3b3dc740d593f9d90dce0369b405eb04844d56ac43f
+LUA_RESTY_LOCK: '0.08'
+LUA_RESTY_LOCK_SHA: 2b4683f9abe73e18ca00345c65010c9056777970907a311d6e1699f753141de2
+LUA_RESTY_UPLOAD_VERSION: '0.10'
+LUA_RESTY_UPLOAD_VERSION_SHA: 5d16e623d17d4f42cc64ea9cfb69ca960d313e12f5d828f785dd227cc483fcbd
+LUA_RESTY_STRING_VERSION: 9ace36f2dde09451c377c839117ade45eb02d460
+LUA_RESTY_STRING_VERSION_SHA: 462c6b38792bab4ca8212bdfd3f2e38f6883bb45c8fb8a03474ea813e0fab853
+LUA_RESTY_MEMCACHED_VERSION: '0.16'
+LUA_RESTY_MEMCACHED_VERSION_SHA: 42893da0e3de4ec180c9bf02f82608d78787290a70c5644b538f29d243147396
+LUA_RESTY_REDIS_VERSION: '0.29'
+LUA_RESTY_REDIS_VERSION_SHA: 3f602af507aacd1f7aaeddfe7b77627fcde095fe9f115cb9d6ad8de2a52520e1
+LUA_RESTY_IPMATCHER_VERSION: 211e0d2eb8bbb558b79368f89948a0bafdc23654
+LUA_RESTY_IPMATCHER_VERSION_SHA: b8dbd502751140993a852381bcd8e98a402454596bd91838c1e51268d42db261
+LUA_RESTY_GLOBAL_THROTTLE_VERSION: 0.2.0
+LUA_RESTY_GLOBAL_THROTTLE_VERSION_SHA: 0fb790e394510e73fdba1492e576aaec0b8ee9ef08e3e821ce253a07719cf7ea
+MIMALOC_VERSION: 1.7.6
+MIMALOC_VERSION_SHA: d74f86ada2329016068bc5a243268f1f555edd620b6a7d6ce89295e7d6cf18da
diff --git a/distroless-build/melange/yaml.yaml b/distroless-build/melange/yaml.yaml
index ebd57c7d5..3120ccbc8 100644
--- a/distroless-build/melange/yaml.yaml
+++ b/distroless-build/melange/yaml.yaml
@@ -1,6 +1,6 @@
 package:
   name: yaml-cpp
-  version: {{ .YAML_CPP_VERSION }}
+  version: ${{ range.YAML_CPP_VERSION }}
   epoch: 0
   description: "yaml-cpp is a YAML parser and emitter in C++ matching the YAML 1.2 spec."
   target-architecture:
@@ -12,12 +12,16 @@ package:
   dependencies:
     runtime:
 
+data:
+  - name: YAML_CPP_VERSION
+    item: yaml-cpp-0.7.0
+  - name: YAML_CPP_VERSION_SHA
+    item: 43e6a9fcb146ad871515f0d0873947e5d497a1c9c60c58cb102a97b47208b7c3
 environment:
   contents:
     repositories:
       - https://dl-cdn.alpinelinux.org/alpine/edge/main
       - https://dl-cdn.alpinelinux.org/alpine/edge/community
-      -
     packages:
       - alpine-baselayout-data
       - busybox
@@ -37,15 +41,15 @@ environment:
 pipeline:
   - uses: fetch
     with:
-      uri: https://github.com/jbeder/yaml-cpp/archive/{{ .YAML_CPP_VERSION }}.tar.gz
-      expected-sha256: {{ .YAML_CPP_VERSION_SHA }}
+      uri: https://github.com/jbeder/yaml-cpp/archive/${{ range.YAML_CPP_VERSION }}.tar.gz
+      expected-sha256: ${{ range.YAML_CPP_VERSION_SHA }}
       strip-components: 1
   - name: 'Configure YAML_CPP'
     with:
-      YAML_CPP_VERSION: {{ .YAML_CPP_VERSION }}
+      YAML_CPP_VERSION: ${{ range.YAML_CPP_VERSION }}
     runs: |
       echo "::::::::::::::::::::::::::::::::::::::"
-      echo ":::: yaml-cpp-{{ .YAML_CPP_VERSION }} ::::"
+      echo ":::: yaml-cpp-${{ range.YAML_CPP_VERSION }} ::::"
       echo "::::::::::::::::::::::::::::::::::::::"
       
       cmake -DCMAKE_BUILD_TYPE=Release \