diff --git a/.github/actions/run-tests/Dockerfile b/.github/actions/run-tests/Dockerfile
index 22fd823c7..f00645101 100644
--- a/.github/actions/run-tests/Dockerfile
+++ b/.github/actions/run-tests/Dockerfile
@@ -1,13 +1,23 @@
-FROM golang:1.16-alpine
+FROM golang:1.16-buster as builder
 
-# Add any build or testing essential system packages
-RUN apk add --no-cache build-base git pkgconf
-RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community libgit2-dev~=1.1
+# Up-to-date libgit2 dependencies are only available in
+# unstable, as libssh2 in testing/bullseye has been linked
+# against gcrypt which causes issues with PKCS* formats.
+# Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271
+RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
+    && echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
+RUN set -eux; \
+    apt-get update \
+    && apt-get install -y libgit2-dev/unstable \
+    && apt-get clean \
+    && apt-get autoremove --purge -y \
+    && rm -rf /var/lib/apt/lists/*
 
 # Use the GitHub Actions uid:gid combination for proper fs permissions
-RUN addgroup -g 116 -S test && adduser -u 1001 -S -g test test
+RUN groupadd -g 116 test && \
+    useradd -u 1001 --gid test --shell /bin/sh --create-home test
 
 # Run as test user
 USER test
 
-ENTRYPOINT ["/bin/sh", "-c"]
+ENTRYPOINT [ "/bin/sh", "-c" ]
diff --git a/Dockerfile b/Dockerfile
index 3775d2672..059a25bb3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,20 @@
 FROM golang:1.16-buster as builder
 
 # Up-to-date libgit2 dependencies are only available in
-# >=bullseye (testing).
-RUN echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list \
-    && echo "deb-src http://deb.debian.org/debian testing main" >> /etc/apt/sources.list
+# unstable, as libssh2 in testing/bullseye has been linked
+# against gcrypt which causes issues with PKCS* formats.
+# Explicitly listing all build dependencies is required because
+# they can only be automagically found for AMD64 builds.
+# Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271
+RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
+    && echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
 RUN set -eux; \
     apt-get update \
-    && apt-get install -y libgit2-dev/testing zlib1g-dev/testing libssh2-1-dev/testing libpcre3-dev/testing \
+    && apt-get install -y \
+        libgit2-dev/unstable \
+        zlib1g-dev/unstable \
+        libssh2-1-dev/unstable \
+        libpcre3-dev/unstable \
     && apt-get clean \
     && apt-get autoremove --purge -y \
     && rm -rf /var/lib/apt/lists/*
@@ -38,12 +46,16 @@ FROM debian:buster-slim as controller
 LABEL org.opencontainers.image.source="https://github.com/fluxcd/source-controller"
 
 # Up-to-date libgit2 dependencies are only available in
-# >=bullseye (testing).
-RUN echo "deb http://deb.debian.org/debian testing main" >> /etc/apt/sources.list \
-    && echo "deb-src http://deb.debian.org/debian testing main" >> /etc/apt/sources.list
+# unstable, as libssh2 in testing/bullseye has been linked
+# against gcrypt which causes issues with PKCS* formats.
+# Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271
+RUN echo "deb http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list \
+    && echo "deb-src http://deb.debian.org/debian unstable main" >> /etc/apt/sources.list
 RUN set -eux; \
     apt-get update \
-    && apt-get install -y ca-certificates libgit2-1.1 \
+    && apt-get install -y \
+        ca-certificates \
+        libgit2-1.1 \
     && apt-get clean \
     && apt-get autoremove --purge -y \
     && rm -rf /var/lib/apt/lists/*
@@ -54,4 +66,4 @@ RUN groupadd controller && \
     useradd --gid controller --shell /bin/sh --create-home controller
 
 USER controller
-ENTRYPOINT ["source-controller"]
+ENTRYPOINT [ "source-controller" ]
diff --git a/config/testdata/git/large-repo.yaml b/config/testdata/git/large-repo.yaml
index b8e00619c..74dcfa935 100644
--- a/config/testdata/git/large-repo.yaml
+++ b/config/testdata/git/large-repo.yaml
@@ -7,7 +7,7 @@ spec:
   interval: 10m
   url: https://github.com/hashgraph/hedera-mirror-node.git
   ref:
-    branch: master
+    branch: main
   ignore: |
     /*
     !/charts
@@ -21,7 +21,7 @@ spec:
   interval: 10m
   url: https://github.com/hashgraph/hedera-mirror-node.git
   ref:
-    branch: master
+    branch: main
   ignore: |
     /*
     !/charts