diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml
index f603908b247..178c385880b 100644
--- a/.github/workflows/create_release.yml
+++ b/.github/workflows/create_release.yml
@@ -105,6 +105,17 @@ jobs:
       # For more information about environments and required approvals, see "Using environments for deployment." F
       # We can use a separate requirement for deploay
 
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    needs: [prepare-release]
+    if: always() && (needs.prepare-release.result == 'success')
+
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
       - name: Upload artifact signatures to GitHub Release
         if: startsWith(github.ref, 'refs/tags/')  # only publish to PyPI on tag pushes # TODO check exact variants
         env: