diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 58bc3f7e..f455c574 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -80,6 +80,8 @@ jobs:
   release:
     needs: [build]
     name: Release
+    outputs:
+      release-tag: ${{ steps.upload-assets.outputs.release-tag }}
     runs-on: ubuntu-latest
     permissions:
       contents: write # To publish release notes.
@@ -127,9 +129,13 @@ jobs:
 
     # Create the release including the artifacts and the SLSA L3 provenance.
     - name: Upload assets
+      id: upload-assets
       env:
         GH_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
-      run: TAG=`git describe --tags --abbrev=0` && gh release create $TAG dist/* --title $TAG --notes-file RELEASE_NOTES.md
+      run: |
+        TAG=`git describe --tags --abbrev=0`
+        gh release create $TAG dist/* --title $TAG --notes-file RELEASE_NOTES.md
+        echo "release-tag=$TAG" >> $GITHUB_OUTPUT
 
     # Uncomment the following steps to publish to a PyPI server.
     # At the moment PyPI does not provide a mechanism to publish
@@ -171,7 +177,7 @@ jobs:
 
   # Publish the SLSA provenance as the GitHub release asset.
   publish_provenance:
-    needs: provenance
+    needs: [release, provenance]
     name: Publish provenance
     runs-on: ubuntu-latest
     permissions:
@@ -194,7 +200,6 @@ jobs:
         name: ${{ needs.provenance.outputs.attestation-name }}
 
     - name: Upload provenance
-      run: |
-        gh release upload `git describe --tags --abbrev=0` ${{ needs.provenance.outputs.attestation-name }}
+      run: gh release upload ${{ needs.release.outputs.release-tag }} ${{ needs.provenance.outputs.attestation-name }}
       env:
         GH_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}