diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml
index 43e2fad3..0e429a1f 100644
--- a/.github/workflows/code.yml
+++ b/.github/workflows/code.yml
@@ -152,7 +152,7 @@ jobs:
           # step and the later build-push-action, otherwise the second build-push-action
           # will attempt to build the image again
           build-args: |
-            PIP_OPTIONS=-r lockfiles/requirements.txt dist/*.whl
+            PIP_OPTIONS=-r lockfiles/requirements.txt dist-${{ github.sha }}/*.whl
           context: artifacts/
           file: ./Dockerfile
           target: runtime
@@ -189,7 +189,7 @@ jobs:
           # step and the previous build-push-action, otherwise this step will
           # attempt to build the image again
           build-args: |
-            PIP_OPTIONS=-r lockfiles/requirements.txt dist/*.whl
+            PIP_OPTIONS=-r lockfiles/requirements.txt dist-${{ github.sha }}/*.whl
           context: artifacts/
           file: ./Dockerfile
           target: runtime
@@ -210,7 +210,7 @@ jobs:
 
       - name: Fixup blank lockfiles
         # Github release artifacts can't be blank
-        run: for f in lockfiles/*; do [ -s $f ] || echo '# No requirements' >> $f; done
+        run: for f in lockfiles*dist*/*; do [ -s $f ] || echo '# No requirements' >> $f; done
 
       - name: Github Release
         # We pin to the SHA, not the tag, for security reasons.
@@ -219,8 +219,8 @@ jobs:
         with:
           prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }}
           files: |
-            dist/*
-            lockfiles/*
+            dist-${{ github.sha }}/*
+            lockfiles*dist*/*
           generate_release_notes: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}