diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 98818e1..92161b5 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -66,11 +66,6 @@ jobs:
           mv zig-out/bin/xtxf xtxf
           tar -czvf xtxf-${{ matrix.target}}.tar.gz xtxf
 
-      - name: Attest
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-path: 'xtxf-${{ matrix.target}}.tar.gz'
-
       - name: Upload
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -79,6 +74,11 @@ jobs:
           gh release upload ${{ inputs.tag_name }} \
           xtxf-${{ matrix.target }}.tar.gz
 
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: 'xtxf-${{ matrix.target}}.tar.gz'
+
       - name: Verify attestation
         shell: bash
         env:
@@ -119,11 +119,6 @@ jobs:
           mv zig-out/bin/xtxf xtxf
           tar -czvf xtxf-${{ matrix.target }}.tar.gz xtxf
 
-      - name: Attest
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-path: 'xtxf-${{ matrix.target }}.tar.gz'
-
       - name: Upload
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -132,6 +127,11 @@ jobs:
           gh release upload ${{ inputs.tag_name }} \
           xtxf-${{ matrix.target }}.tar.gz
 
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: 'xtxf-${{ matrix.target }}.tar.gz':w
+
       - name: Verify attestation
         shell: bash
         env: