diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index af26f730..a0f1b52d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -302,29 +302,50 @@ jobs:
       "id-token": "write"
       "packages": "write"
 
-  custom-publish-npm:
+  custom-publish-docker:
     needs:
       - plan
       - host
     if: ${{ !fromJson(needs.plan.outputs.val).announcement_is_prerelease || fromJson(needs.plan.outputs.val).publish_prereleases }}
-    permissions:
-      contents: read
-      id-token: write
-      packages: "write"
-    uses: ./.github/workflows/publish-npm.yml
+    uses: ./.github/workflows/publish-docker.yml
     with:
       plan: ${{ needs.plan.outputs.val }}
     secrets: inherit
+    # publish jobs get escalated permissions
+    permissions:
+      "id-token": "write"
+      "packages": "write"
 
-  custom-publish-docker:
+  custom-publish-npm:
     needs:
       - plan
       - host
     if: ${{ !fromJson(needs.plan.outputs.val).announcement_is_prerelease || fromJson(needs.plan.outputs.val).publish_prereleases }}
-    uses: ./.github/workflows/publish-docker.yml
+    uses: ./.github/workflows/publish-npm.yml
     with:
       plan: ${{ needs.plan.outputs.val }}
     secrets: inherit
+    # publish jobs get escalated permissions
     permissions:
-      "contents": "read"
+      "id-token": "write"
       "packages": "write"
+
+  announce:
+    needs:
+      - plan
+      - host
+      - custom-publish-pypi
+      - custom-publish-docker
+      - custom-publish-npm
+    # use "always() && ..." to allow us to wait for all publish jobs while
+    # still allowing individual publish jobs to skip themselves (for prereleases).
+    # "host" however must run to completion, no skipping allowed!
+    if: ${{ always() && needs.host.result == 'success' && (needs.custom-publish-pypi.result == 'skipped' || needs.custom-publish-pypi.result == 'success') && (needs.custom-publish-docker.result == 'skipped' || needs.custom-publish-docker.result == 'success') && (needs.custom-publish-npm.result == 'skipped' || needs.custom-publish-npm.result == 'success') }}
+    runs-on: "ubuntu-22.04"
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          submodules: recursive
diff --git a/dist-workspace.toml b/dist-workspace.toml
index f3e372dd..5c5cd3b5 100644
--- a/dist-workspace.toml
+++ b/dist-workspace.toml
@@ -16,7 +16,7 @@ targets = ["aarch64-apple-darwin", "aarch64-unknown-linux-gnu", "aarch64-unknown
 # Path that installers should place binaries in
 install-path = "CARGO_HOME"
 # Publish jobs to run in CI
-publish-jobs = ["./publish-pypi", "./publish-docker"]
+publish-jobs = ["./publish-pypi", "./publish-docker", "./publish-npm"]
 # Whether to install an updater program
 install-updater = false
 # Whether dist should create a Github Release or use an existing draft