diff --git a/.github/workflows/liboqs-release.yml b/.github/workflows/liboqs-release.yml
new file mode 100644
index 00000000..d2f78350
--- /dev/null
+++ b/.github/workflows/liboqs-release.yml
@@ -0,0 +1,38 @@
+name: Release tests
+
+on:
+  workflow_dispatch:
+    inputs:
+      liboqs_ref:
+        description: 'liboqs branch or tag'
+        required: true
+        default: 'main'
+        type: string
+      provider_ref:
+        description: 'oqs-provider branch or tag'
+        required: true
+        default: 'main'
+        type: string
+
+# This workflow can be triggered from either the GitHub Actions web UI or a shell.
+# To use a shell, generate a GitHub personal access token and run the following command:
+#
+# curl --request POST \
+#      --header "Accept: application/vnd.github+json" \
+#      --header "Authorization: Bearer YOUR_TOKEN_HERE" \
+#      --header "X-GitHub-Api-Version: 2022-11-28" \
+#      --data '{
+#                "event_type": "liboqs-release",
+#                "inputs": {
+#                            "provider_ref": "PROVIDER_BRANCH_OR_TAG_HERE",
+#                            "liboqs_ref": "LIBOQS_BRANCH_OR_TAG_HERE"
+#                          }
+#              }' \
+#      https://api.github.com/repos/open-quantum-safe/oqs-provider/actions/workflows/liboqs-release.yml/dispatches
+
+jobs:
+  release-test:
+    uses: ./.github/workflows/release-test.yml
+    with:
+      liboqs_ref: ${{ inputs.liboqs_ref }}
+      provider_ref: ${{ inputs.provider_ref }}
diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml
new file mode 100644
index 00000000..6c6e7f83
--- /dev/null
+++ b/.github/workflows/release-test.yml
@@ -0,0 +1,84 @@
+name: Release tests
+
+permissions:
+  contents: read
+
+on:
+  workflow_call:
+    inputs:
+      liboqs_ref:
+        description: 'liboqs branch or tag'
+        required: true
+        default: 'main'
+        type: string
+      provider_ref:
+        description: 'oqs-provider branch or tag'
+        required: true
+        default: 'main'
+        type: string
+  workflow_dispatch:
+    inputs:
+      liboqs_ref:
+        description: 'liboqs branch or tag'
+        required: true
+        default: 'main'
+        type: string
+      provider_ref:
+        description: 'oqs-provider branch or tag'
+        required: true
+        default: 'main'
+        type: string
+
+jobs:
+  release-test:
+    runs-on: ubuntu-latest
+    container:
+      image: openquantumsafe/ci-ubuntu-jammy:latest
+
+    steps:
+      - name: Check if requested oqs-provider ref exists
+        env:
+          provider_ref: ${{ inputs.provider_ref }}
+        run: |
+          # try both branch and tag
+          wget --quiet \
+               --header "Accept: application/vnd.github+json" \
+               --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+               --header "X-GitHub-Api-Version: 2022-11-28" \
+               https://api.github.com/repos/open-quantum-safe/oqs-provider/branches/$provider_ref || \
+          wget --quiet \
+               --header "Accept: application/vnd.github+json" \
+               --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+               --header "X-GitHub-Api-Version: 2022-11-28" \
+               https://api.github.com/repos/open-quantum-safe/oqs-provider/git/ref/tags/$provider_ref \
+            && echo "provider_ref=$provider_ref" >> "$GITHUB_ENV" \
+            || echo "provider_ref=main" >> "$GITHUB_ENV"
+      - name: Check if requested liboqs ref exists
+        env:
+          provider_ref: ${{ inputs.liboqs_ref }}
+        run: |
+          # try both branch and tag
+          wget --quiet \
+               --header "Accept: application/vnd.github+json" \
+               --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+               --header "X-GitHub-Api-Version: 2022-11-28" \
+               https://api.github.com/repos/open-quantum-safe/liboqs/branches/$liboqs_ref || \
+          wget --quiet \
+               --header "Accept: application/vnd.github+json" \
+               --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+               --header "X-GitHub-Api-Version: 2022-11-28" \
+               https://api.github.com/repos/open-quantum-safe/liboqs/git/ref/tags/$liboqs_ref \
+            && echo "liboqs_ref=$liboqs_ref" >> "$GITHUB_ENV" \
+            || echo "liboqs_ref=main" >> "$GITHUB_ENV"
+      - name: Checkout oqs-provider on requested ref if it exists; otherwise, fall back to main
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.provider_ref }}
+      - name: Checkout liboqs at requested ref if it exists; otherwise, fall back to main
+        uses: actions/checkout@v4
+        with:
+          repository: open-quantum-safe/liboqs
+          path: liboqs
+          ref: ${{ env.liboqs_ref }}
+      - name: Run release tests
+        run: OPENSSL_BRANCH=master ./scripts/release-test-ci.sh
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index ed5774b2..00000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,58 +0,0 @@
-name: Release tests
-
-on:
-  repository_dispatch:
-    types: [ "liboqs-release" ]
-
-# To trigger this job, generate a GitHub personal access token and run the following command:
-#
-# curl --request POST \
-#      --header "Accept: application/vnd.github+json" \
-#      --header "Authorization: Bearer YOUR_TOKEN_HERE" \
-#      --header "X-GitHub-Api-Version: 2022-11-28" \
-#      --data '{
-#                "event_type": "liboqs-release",
-#                "client_payload": {
-#                                    "provider_ref": "PROVIDER_BRANCH_OR_TAG_HERE",
-#                                    "liboqs_ref": "LIBOQS_BRANCH_OR_TAG_HERE"
-#                                  }
-#              }' \
-#      https://api.github.com/repos/open-quantum-safe/oqs-provider/dispatches
-
-jobs:
-  release-test:
-    runs-on: ubuntu-latest
-    container:
-      image: openquantumsafe/ci-ubuntu-jammy:latest
-
-    steps:
-      - name: Check if requested ref exists
-        env:
-          provider_ref: ${{ github.event.client_payload.provider_ref }}
-        run: |
-          # try both branch and tag
-          wget --quiet \
-               --header "Accept: application/vnd.github+json" \
-               --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-               --header "X-GitHub-Api-Version: 2022-11-28" \
-               https://api.github.com/repos/open-quantum-safe/oqs-provider/branches/$provider_ref || \
-          wget --quiet \
-               --header "Accept: application/vnd.github+json" \
-               --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-               --header "X-GitHub-Api-Version: 2022-11-28" \
-               https://api.github.com/repos/open-quantum-safe/oqs-provider/git/ref/tags/$provider_ref \
-            && echo "provider_ref=$provider_ref" >> "$GITHUB_ENV" \
-            || echo "provider_ref=main" >> "$GITHUB_ENV"
-      - name: Checkout oqs-provider on requested ref if it exists; otherwise, fall back to main
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ env.provider_ref }}
-      # This is designed to be triggered automatically from liboqs CI, so don't bother validating the liboqs ref.
-      - name: Checkout liboqs at requested ref
-        uses: actions/checkout@v4
-        with:
-          repository: open-quantum-safe/liboqs
-          path: liboqs
-          ref: ${{ github.event.client_payload.liboqs_ref }}
-      - name: Run release tests
-        run: OPENSSL_BRANCH=master ./scripts/release-test-ci.sh