From fba94e82be03635732d1e5bd12e65668cdac667c Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Wed, 17 Dec 2025 09:33:35 -0500
Subject: [PATCH 1/3] Run the upload-to-s3 step in release

---
 .github/workflows/build-and-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 0de0246..e222c1d 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -54,7 +54,7 @@ jobs:
   upload-artifacts-to-s3:
     needs: build-artifacts
     # Upload only on PR merge
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment: release
     runs-on: ubuntu-24.04
     permissions:
       id-token: write

From 3fba0031db56264a8d8881d6e80a572c727c2125 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Wed, 17 Dec 2025 11:42:28 -0300
Subject: [PATCH 2/3] Delete errant comment

---
 .github/workflows/build-and-release.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index e222c1d..fc2885a 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -53,7 +53,6 @@ jobs:
 
   upload-artifacts-to-s3:
     needs: build-artifacts
-    # Upload only on PR merge
     environment: release
     runs-on: ubuntu-24.04
     permissions:

From de5f9ea7339de7f2ba4848a7082d2931a05c9971 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Wed, 17 Dec 2025 11:48:37 -0300
Subject: [PATCH 3/3] Fix secret names

---
 .github/workflows/build-and-release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index fc2885a..5b8cbcc 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -69,8 +69,8 @@ jobs:
       - name: Upload to S3
         uses: DeterminateSystems/push-artifact-ids@main
         with:
-          s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE }}
-          bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET }}
+          s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE_ARN }}
+          bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET_NAME }}
           directory: ./artifacts
           ids_project_name: flake-iter
           ids_binary_prefix: flake-iter