diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
index 7b5bf0766..8c73dd6da 100644
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@@ -53,10 +53,12 @@ jobs:
         with:
           fetch-depth: 0
           fetch-tags: true
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           cleanup: true
+
       - name: Check CR_PAT secret
         id: crpat
         shell: bash
@@ -66,6 +68,7 @@ jobs:
           else
             echo "present=false" >> "$GITHUB_OUTPUT"
           fi
+
       - name: Login to GHCR with GITHUB_TOKEN
         if: ${{ steps.crpat.outputs.present == 'false' }}
         uses: docker/login-action@v3
@@ -73,6 +76,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Login to GHCR with CR_PAT
         if: ${{ steps.crpat.outputs.present == 'true' }}
         uses: docker/login-action@v3
@@ -80,6 +84,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.CR_PAT }}
+
       - name: Build and Push (GH runner)
         uses: docker/build-push-action@v6
         with:
@@ -100,10 +105,12 @@ jobs:
         with:
           fetch-depth: 0
           fetch-tags: true
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           cleanup: true
+
       - name: Check CR_PAT secret
         id: crpat
         shell: bash
@@ -113,6 +120,7 @@ jobs:
           else
             echo "present=false" >> "$GITHUB_OUTPUT"
           fi
+
       - name: Login to GHCR with GITHUB_TOKEN
         if: ${{ steps.crpat.outputs.present == 'false' }}
         uses: docker/login-action@v3
@@ -120,6 +128,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Login to GHCR with CR_PAT
         if: ${{ steps.crpat.outputs.present == 'true' }}
         uses: docker/login-action@v3
@@ -127,6 +136,7 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.CR_PAT }}
+
       - name: Build and Push (self-hosted)
         uses: docker/build-push-action@v6
         with:
@@ -140,7 +150,11 @@ jobs:
   publish:
     name: Update Release
     needs: [check-tag, build-gh, build-self]
-    if: needs.build-gh.result == 'success' || needs.build-self.result == 'success'
+    if: |
+      ${{
+        always() &&
+        (needs.build-gh.result == 'success' || needs.build-self.result == 'success')
+      }}
     runs-on: ubuntu-latest
     steps:
       - name: Update GitHub Release (same tag)
@@ -160,6 +174,7 @@ jobs:
   finalize:
     name: Finalize Outcome
     needs: [check-tag, build-gh, build-self, publish]
+    if: ${{ always() }}
     runs-on: ubuntu-latest
     steps:
       - name: Fail if both build paths failed