diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 72c0f6709e..c7a638b98e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -174,3 +174,16 @@ jobs:
           ./tools/packaging/release/release.sh upload-libseccomp-tarball
         env:
           GH_TOKEN: ${{ github.token }}
+
+  publish-release:
+    needs: [ build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le, publish-multi-arch-images, upload-multi-arch-static-tarball, upload-versions-yaml, upload-cargo-vendored-tarball, upload-libseccomp-tarball ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Publish a release
+        run: |
+          ./tools/packaging/release/release.sh publish-release
+        env:
+          GH_TOKEN: ${{ github.token }}
diff --git a/docs/Release-Process.md b/docs/Release-Process.md
index fd45271fed..04f8b1ed2f 100644
--- a/docs/Release-Process.md
+++ b/docs/Release-Process.md
@@ -21,7 +21,9 @@ release artifacts.
 
 The action is manually triggered and is responsible for generating a new
 release (including a new tag), pushing those to the
-`kata-containers/kata-containers` repository.
+`kata-containers/kata-containers` repository. The new release is initially
+created as a draft. It is promoted to an official release when the whole
+workflow has completed successfully.
 
 Check the [actions status
 page](https://github.com/kata-containers/kata-containers/actions) to verify all
@@ -29,6 +31,13 @@ steps in the actions workflow have completed successfully. On success, a static
 tarball containing Kata release artifacts will be uploaded to the [Release
 page](https://github.com/kata-containers/kata-containers/releases).
 
+If the workflow fails because of some external environmental causes, e.g. network
+timeout, simply re-run the failed jobs until they eventually succeed.
+
+If for some reason you need to cancel the workflow or re-run it entirely, go first
+to the [Release page](https://github.com/kata-containers/kata-containers/releases) and
+delete the draft release from the previous run.
+
 ### Improve the release notes
 
 Release notes are auto-generated by the GitHub CLI tool used as part of our
diff --git a/tools/packaging/release/release.sh b/tools/packaging/release/release.sh
index c2830b1dd7..c60695249e 100755
--- a/tools/packaging/release/release.sh
+++ b/tools/packaging/release/release.sh
@@ -114,9 +114,23 @@ function _create_new_release()
 
 	_create_our_own_notes
 
+	# This automatically creates the ${RELEASE_VERSION} tag in the repo
 	gh release create ${RELEASE_VERSION} \
 		--generate-notes --title "Kata Containers ${RELEASE_VERSION}" \
-		--notes-file "/tmp/our_notes_${RELEASE_VERSION}"
+		--notes-file "/tmp/our_notes_${RELEASE_VERSION}" \
+		--draft
+}
+
+function _publish_release()
+{
+	_check_required_env_var "GH_TOKEN"
+
+	RELEASE_VERSION="$(_release_version)"
+
+	# Make the release live on GitHub
+	gh release edit ${RELEASE_VERSION} \
+		--verify-tag \
+		--draft=false
 }
 
 function _publish_multiarch_manifest()
@@ -203,6 +217,7 @@ function main()
 		upload-versions-yaml-file) _upload_versions_yaml_file ;;
 		upload-vendored-code-tarball) _upload_vendored_code_tarball ;;
 		upload-libseccomp-tarball) _upload_libseccomp_tarball ;;
+		publish-release) _publish_release ;;
 		*) >&2 _die "Invalid argument" ;;
 	esac
 }