diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml
index 94084f8d91..21b1bde760 100644
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@@ -9,9 +9,13 @@ on:
 
 jobs:
   staging:
+    strategy:
+      matrix:
+        ubuntu_version: ["focal", "noble"]
     runs-on: ubuntu-latest
     env:
       GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
+      UBUNTU_VERSION: ${{ matrix.ubuntu_version }}
     steps:
       - uses: actions/checkout@v4
       - name: Run staging tests on GCE
diff --git a/devops/gce-nested/ci-env.sh b/devops/gce-nested/ci-env.sh
index a2d7af355a..5dcc7cfdb4 100644
--- a/devops/gce-nested/ci-env.sh
+++ b/devops/gce-nested/ci-env.sh
@@ -13,6 +13,7 @@ TOPLEVEL="$(git rev-parse --show-toplevel)"
 export TOPLEVEL
 GCE_CREDS_FILE="${TOPLEVEL}/.gce.creds"
 export GCE_CREDS_FILE
+export UBUNTU_VERSION="${UBUNTU_VERSION:-focal}"
 export BUILD_NUM="${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
 export PROJECT_ID="securedrop-ci"
 export JOB_NAME="sd-ci-nested"
@@ -20,7 +21,7 @@ export GCLOUD_MACHINE_TYPE="c2-standard-8"
 export GCLOUD_CONTAINER_VER
 export CLOUDSDK_COMPUTE_ZONE="us-west1-c"
 export EPHEMERAL_DIRECTORY="/tmp/gce-nested"
-export FULL_JOB_ID="${JOB_NAME}-${BUILD_NUM}"
+export FULL_JOB_ID="${JOB_NAME}-${UBUNTU_VERSION}-${BUILD_NUM}"
 export SSH_USER_NAME=sdci
 export SSH_PRIVKEY="${EPHEMERAL_DIRECTORY}/gce"
 export SSH_PUBKEY="${SSH_PRIVKEY}.pub"
diff --git a/devops/gce-nested/ci-go.sh b/devops/gce-nested/ci-go.sh
index ff80aa107e..b6caadeedd 100755
--- a/devops/gce-nested/ci-go.sh
+++ b/devops/gce-nested/ci-go.sh
@@ -12,8 +12,6 @@ set -e
 set -u
 set -o pipefail
 
-export BASE_OS="${BASE_OS:-focal}"
-
 ./devops/gce-nested/gce-start.sh
 ./devops/gce-nested/gce-runner.sh
 ./devops/gce-nested/gce-stop.sh
diff --git a/devops/gce-nested/gce-runner.sh b/devops/gce-nested/gce-runner.sh
index 77133498db..2bb2dba076 100755
--- a/devops/gce-nested/gce-runner.sh
+++ b/devops/gce-nested/gce-runner.sh
@@ -4,7 +4,7 @@
 # for storage as artifacts on the build, so devs can review via web.
 set -e
 set -u
-BASE_OS="${BASE_OS:-focal}"
+UBUNTU_VERSION="${UBUNTU_VERSION:-focal}"
 
 
 TOPLEVEL="$(git rev-parse --show-toplevel)"
@@ -12,7 +12,7 @@ TOPLEVEL="$(git rev-parse --show-toplevel)"
 . "${TOPLEVEL}/devops/gce-nested/ci-env.sh"
 
 REMOTE_IP="$(gcloud_call compute instances describe \
-            "${JOB_NAME}-${BUILD_NUM}" \
+            "${JOB_NAME}-${UBUNTU_VERSION}-${BUILD_NUM}" \
             --format="value(networkInterfaces[0].accessConfigs.natIP)")"
 SSH_TARGET="${SSH_USER_NAME}@${REMOTE_IP}"
 SSH_OPTS=(-i "$SSH_PRIVKEY" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null")
@@ -56,6 +56,6 @@ copy_securedrop_repo
 # so register a trap to ensure the fetch always runs.
 trap fetch_junit_test_results EXIT
 
-ssh_gce "make build-debs-notest"
-ssh_gce "make build-debs-ossec-notest"
-ssh_gce "make staging"
+ssh_gce "UBUNTU_VERSION=\"${UBUNTU_VERSION}\" make build-debs-notest"
+ssh_gce "UBUNTU_VERSION=\"${UBUNTU_VERSION}\" make build-debs-ossec-notest"
+ssh_gce "UBUNTU_VERSION=\"${UBUNTU_VERSION}\" make staging"
diff --git a/devops/gce-nested/gce-stop.sh b/devops/gce-nested/gce-stop.sh
index 4366fed21d..acead30faa 100755
--- a/devops/gce-nested/gce-stop.sh
+++ b/devops/gce-nested/gce-stop.sh
@@ -11,4 +11,4 @@ TOPLEVEL="$(git rev-parse --show-toplevel)"
 . "${TOPLEVEL}/devops/gce-nested/ci-env.sh"
 
 # Destroy remote instance
-gcloud_call compute instances delete "${JOB_NAME}-${BUILD_NUM}"
+gcloud_call compute instances delete "${JOB_NAME}-${UBUNTU_VERSION}-${BUILD_NUM}"