diff --git a/.github/workflows/matrix.sh b/.github/workflows/matrix.sh
new file mode 100755
index 000000000..af0eb8e27
--- /dev/null
+++ b/.github/workflows/matrix.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+nix flake show --json --all-systems \
+    | nix run nixpkgs#gron -- -j \
+    | nix run nixpkgs#jq -- -r \
+        --slurp \
+        --argjson map '
+          {
+            "aarch64-darwin": "macos-latest",
+            "x86_64-darwin": "macos-latest",
+            "x86_64-linux": "UbuntuLatest32Cores128G",
+            "aarch64-linux": "UbuntuLatest32Cores128GArm",
+            "i686-linux": "UbuntuLatest32Cores128G"
+          }
+        ' \
+        '
+            map(select(.[0][-1] == "type" and .[1] == "derivation")
+                | .[0][0:-1] # Take each attribute name and drop `type`
+                | select(.[0:3] != ["hydraJobs", "vm-test", "all"]) # Skip the hydraJobs.vm-test.all jobs, which aggregate other jobs
+                | select(.[0:3] != ["hydraJobs", "container-test", "all"]) # Skip the hydraJobs.container-test.all jobs, which aggregate other jobs
+                | select(.[-1] != "all") # Skip attributes which are `all` jobs, presumably combining other jobs
+                | select(.[-1] | endswith("-aggregate") != true) # Skip attributes which end in `-aggregate`, because those just depend on other jobs which build them
+                | select(.[0] == "hydraJobs") # Select the hydraJobs which are not typically run in CI
+                | {
+                    attribute: . | join("."),
+                    "nix-system": .[-2],
+                    "runs-on": $map[.[-2]]
+                  }
+                | if ."runs-on" == null then
+                   ("No GitHub Actions Runner system known for the Nix system `" + ."nix-system" + "` on attribute `" + .attribute + "`.\n") | halt_error(1)
+                 else
+                   .
+                 end)
+            | "matrix=" + tostring
+        ' >> "$GITHUB_OUTPUT"
\ No newline at end of file
diff --git a/.github/workflows/money-with-wings.yml b/.github/workflows/money-with-wings.yml
new file mode 100644
index 000000000..c4258c2ce
--- /dev/null
+++ b/.github/workflows/money-with-wings.yml
@@ -0,0 +1,55 @@
+name: Extensive Release Checks
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - money-with-wings
+
+jobs:
+  inventory:
+    name: Identify outputs to build
+    runs-on: UbuntuLatest32Cores128G
+    outputs:
+      matrix: ${{ steps.inventory.outputs.matrix }}
+    permissions:
+      id-token: "write"
+      contents: "read"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+        with:
+          flakehub: true
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Enumerate Checks
+        id: inventory
+        run: |
+          ./.github/workflows/matrix.sh
+
+  build:
+    runs-on: ${{ matrix.jobs.runs-on }}
+    needs: inventory
+    strategy:
+      fail-fast: false
+      matrix:
+        jobs: ${{ fromJSON(needs.inventory.outputs.matrix) }}
+
+    permissions:
+      id-token: "write"
+      contents: "read"
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+        with:
+          flakehub: true
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Build for ${{ matrix.jobs.nix-system }}
+        run: nix build .#${{ matrix.jobs.attribute }}
+
+  success:
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - run: "true"
diff --git a/nix/tests/vm-test/default.nix b/nix/tests/vm-test/default.nix
index 63eb2a543..89eac3868 100644
--- a/nix/tests/vm-test/default.nix
+++ b/nix/tests/vm-test/default.nix
@@ -600,7 +600,7 @@ let
         touch $out
       '';
 
-  makeTests = name: tests: builtins.mapAttrs
+  makeTests = name: tests: imagePredicate: builtins.mapAttrs
     (imageName: image:
       rec {
         ${image.system} = (builtins.mapAttrs
@@ -608,7 +608,7 @@ let
             makeTest imageName testName test
           )
           tests) // {
-          "${name}" = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.releaseTools.aggregate {
+          "${name}-aggregate" = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.releaseTools.aggregate {
             name = name;
             constituents = (
               pkgs.lib.mapAttrsToList
@@ -621,17 +621,17 @@ let
         };
       }
     )
-    images;
+    (lib.filterAttrs imagePredicate images);
 
   allCases = lib.recursiveUpdate (lib.recursiveUpdate installCases (lib.recursiveUpdate cureSelfCases cureScriptCases)) uninstallCases;
 
-  install-tests = makeTests "install" installCases;
+  install-tests = makeTests "install" installCases (_: _: true);
 
-  cure-self-tests = makeTests "cure-self" cureSelfCases;
+  cure-self-tests = makeTests "cure-self" cureSelfCases (_: _: true);
 
-  cure-script-tests = makeTests "cure-script" cureScriptCases;
+  cure-script-tests = makeTests "cure-script" cureScriptCases (_name: { upstreamScriptsWork ? true, ... }: upstreamScriptsWork);
 
-  uninstall-tests = makeTests "uninstall" uninstallCases;
+  uninstall-tests = makeTests "uninstall" uninstallCases (_: _: true);
 
   all-tests = builtins.mapAttrs
     (imageName: image: {
@@ -652,8 +652,8 @@ in
 lib.recursiveUpdate joined-tests {
   all."x86_64-linux" = (with (forSystem "x86_64-linux" ({ system, pkgs, ... }: pkgs)); pkgs.lib.mapAttrs (caseName: case:
     pkgs.releaseTools.aggregate {
-      name = caseName;
-      constituents = pkgs.lib.mapAttrsToList (name: value: value."x86_64-linux"."${caseName}") joined-tests;
+      name = "${caseName}-aggregate";
+      constituents = pkgs.lib.mapAttrsToList (name: value: value."x86_64-linux"."${caseName}-aggregate") joined-tests;
     }
   )) (allCases // { "cure-self" = { }; "cure-script" = { }; "install" = { }; "uninstall" = { }; "all" = { }; });
 }