diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dbcb737..0f82729 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,18 +44,6 @@ jobs:
         timeout-minutes: 10
         run: pdm build
 
-      - name: Generate library build attestations
-        timeout-minutes: 10
-        uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
-        with:
-          subject-path: dist/*
-
-      - name: Sign library artifacts
-        timeout-minutes: 10
-        uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
-        with:
-          path: dist
-
       - name: Upload library artifacts to Ledger Artifactory repository
         timeout-minutes: 10
         env:
@@ -69,3 +57,15 @@ jobs:
         env:
           PDM_PUBLISH_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
         run: pdm publish --no-build
+
+      - name: Generate library build attestations
+        timeout-minutes: 10
+        uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
+        with:
+          subject-path: dist/*
+
+      - name: Sign library artifacts
+        timeout-minutes: 10
+        uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
+        with:
+          path: dist