diff --git a/.github/workflows/sub-ci-unit-tests-docker.yml b/.github/workflows/sub-ci-unit-tests-docker.yml
index dd6c89a5a75..da69d12e286 100644
--- a/.github/workflows/sub-ci-unit-tests-docker.yml
+++ b/.github/workflows/sub-ci-unit-tests-docker.yml
@@ -197,3 +197,12 @@ jobs:
           # If there is already an open issue with this label, any failures become comments on that issue.
           always-create-new-issue: false
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
+  run-check-no-git-refs:
+    if: contains(github.event.pull_request.labels.*.name, 'A-release')
+    runs-on: ubuntu-latest
+    steps:
+    - name: Run check_no_git_refs_in_cargo_lock
+      run: |
+        docker pull ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}@${{ inputs.image_digest }}
+        docker run --tty -e NETWORK -e RUN_CHECK_NO_GIT_REFS=1 ${{ vars.GAR_BASE }}/${{ vars.CI_IMAGE_NAME }}@${{ inputs.image_digest }}
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index dc1dbc121cf..ccd09f43c33 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -224,12 +224,16 @@ case "$1" in
       if [[ "${RUN_ALL_TESTS}" -eq "1" ]]; then
         # Run unit, basic acceptance tests, and ignored tests, only showing command output if the test fails.
         # If the lightwalletd environmental variables are set, we will also run those tests.
-        exec cargo test --locked --release --features "${ENTRYPOINT_FEATURES}" --workspace -- --nocapture --include-ignored
+        exec cargo test --locked --release --features "${ENTRYPOINT_FEATURES}" --workspace -- --nocapture --include-ignored --skip check_no_git_refs_in_cargo_lock
 
       elif [[ "${RUN_ALL_EXPERIMENTAL_TESTS}" -eq "1" ]]; then
         # Run unit, basic acceptance tests, and ignored tests with experimental features.
         # If the lightwalletd environmental variables are set, we will also run those tests.
-        exec cargo test --locked --release --features "${ENTRYPOINT_FEATURES_EXPERIMENTAL}" --workspace -- --nocapture --include-ignored
+        exec cargo test --locked --release --features "${ENTRYPOINT_FEATURES_EXPERIMENTAL}" --workspace -- --nocapture --include-ignored --skip check_no_git_refs_in_cargo_lock
+
+      elif [[ "${RUN_CHECK_NO_GIT_REFS}" -eq "1" ]]; then
+        # Run the check_no_git_refs_in_cargo_lock test.
+        exec cargo test --locked --release --features "${ENTRYPOINT_FEATURES}" --workspace -- --nocapture --include-ignored check_no_git_refs_in_cargo_lock
 
       elif [[ "${TEST_FAKE_ACTIVATION_HEIGHTS}" -eq "1" ]]; then
         # Run state tests with fake activation heights.
diff --git a/zebrad/tests/acceptance.rs b/zebrad/tests/acceptance.rs
index 1a8cefbe0b2..3dfc959eb58 100644
--- a/zebrad/tests/acceptance.rs
+++ b/zebrad/tests/acceptance.rs
@@ -3538,3 +3538,15 @@ async fn nu6_funding_streams_and_coinbase_balance() -> Result<()> {
 
     Ok(())
 }
+
+/// Check that Zebra does not depend on any crates from git sources.
+#[test]
+#[ignore]
+fn check_no_git_refs_in_cargo_lock() {
+    let cargo_lock_contents =
+        fs::read_to_string("../Cargo.lock").expect("should have Cargo.lock file in root dir");
+
+    if cargo_lock_contents.contains(r#"source = "git+"#) {
+        panic!("Cargo.lock includes git sources")
+    }
+}