diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f1df653834..1c64ba5eb9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,11 +2,8 @@ name: Release build
 
 on:
   push:
-    branches:
-      - main
-      - develop
-      - next
-  workflow_dispatch:
+    tags:
+      - 'v2*next*'
 
 jobs:
   prepare:
@@ -36,68 +33,46 @@ jobs:
 
   release:
     name: release
+    needs: prepare
     runs-on: ubuntu-latest
-    needs:
-      prepare
     steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-      - uses: actions/download-artifact@v3
-        with:
-          name: webhook
-          path: artifacts
-      - uses: actions/download-artifact@v3
-        with:
-          name: runners
-          path: artifacts
-      - uses: actions/download-artifact@v3
-        with:
-          name: runner-binaries-syncer
-          path: artifacts
-
-      - name: Get installation token
-        uses: npalm/action-app-token@v1.1.0
-        id: app-token
-        with:
-          appId: ${{ secrets.FOREST_RELEASER_APP_ID }}
-          appPrivateKeyBase64: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY_BASE64 }}
-          appInstallationType: repo
-          appInstallationValue: ${{ github.repository }}
-
-      - name: Dry run release
-        if: github.event_name != 'pull_request'
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Read only token
-        run: |
-          cp .release/* .
-          yarn
-          yarn release -d --repositoryUrl https://x-access-token:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ github.ref }}
+          body: |
+            Next release
+          draft: true
+          prerelease: false
 
-      - name: Release
-        if: (github.event_name != 'pull_request' && contains('refs/heads/main', github.ref))
-        env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
-        run: |
-          cp .release/* .
-          yarn
-          yarn release --repositoryUrl https://x-access-token:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git
+  assets:
+    name: upload assets
+    needs: release
+    runs-on: ubuntu-latest
 
-  provenance:
-    name: Generate provenance
-    runs-on: ubuntu-20.04
-    needs:
-      release
-    if: startsWith(github.ref, 'refs/tags/')
+    strategy:
+      matrix:
+        asset: ["webhook", "runner-binaries-syncer", "runners"]
 
     steps:
-      - name: Generate provenance for release
-        uses: philips-labs/slsa-provenance-action@v0.8.0
+      - uses: actions/download-artifact@v3
         with:
-          artifact_path: release-assets
-          output_path: 'build.provenance'
-          tag_name: "${{ github.ref_name }}"
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          name: ${{ matrix.asset }}
+          path: artifacts
 
+      - name: Upload Release Asset
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.release.outputs.upload_url }}
+          asset_path: artifacts/${{ matrix.asset }}.zip
+          asset_name: ${{ matrix.asset }}.zip
+          asset_content_type: application/zip