diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c07cc31..12c2030 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -96,10 +96,22 @@ jobs:
       actions: read
       id-token: write
       contents: write
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 # Must specify version tag; see https://github.com/slsa-framework/slsa-verifier/issues/12
-    with:
-      base64-subjects: ${{ needs.combine-hashes.outputs.hashes }}
-      provenance-name: flog.multiple.intoto.jsonl
+    runs-on: ubuntu-latest
+    steps:
+      - if: startsWith(github.ref, 'refs/tags/v')
+        name: Generate and upload SLSA provenance to release
+        uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 # Must specify version tag; see https://github.com/slsa-framework/slsa-verifier/issues/12
+        with:
+          base64-subjects: ${{ needs.combine-hashes.outputs.hashes }}
+          provenance-name: flog.multiple.intoto.jsonl
+          upload-assets: true
+      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
+        name: Generate SLSA provenance
+        uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 # Must specify version tag; see https://github.com/slsa-framework/slsa-verifier/issues/12
+        with:
+          base64-subjects: ${{ needs.combine-hashes.outputs.hashes }}
+          provenance-name: flog.multiple.intoto.jsonl
+          upload-assets: false
   release:
     needs: [build, combine-hashes, provenance]
     permissions:
@@ -123,10 +135,6 @@ jobs:
         uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
         with:
           name: ${{ needs.build.outputs.checksum-darwin-arm64 }}
-      - name: Download in-toto attestations file
-        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
-        with:
-          name: flog.multiple.intoto.jsonl
       - name: Upload release assets
         uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
         with:
@@ -135,4 +143,3 @@ jobs:
             ${{ needs.build.outputs.checksum-darwin-x86_64 }}
             ${{ needs.build.outputs.archive-darwin-arm64 }}
             ${{ needs.build.outputs.checksum-darwin-arm64 }}
-            flog.multiple.intoto.jsonl